Description
Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization.
Published: 2026-07-06
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a use‑after‑free memory corruption caused when the Snapdragon kernel processes device I/O control calls that map and later unmap persistent memory buffers without proper synchronization. Based on the description, it is inferred that this improper synchronization leads to the kernel accessing freed memory, resulting in arbitrary corruption that could be leveraged to execute arbitrary code or bring the device to an unstable state. The weakness is classified as CWE‑416.

Affected Systems

Qualcomm’s Snapdragon platform is affected. Specific firmware or operating‑system versions are not provided, so any Snapdragon device that implements the vulnerable I/O control interface should be assumed at risk. Administrators should consult Qualcomm’s July 2026 security bulletin for detailed patch information and apply updates accordingly.

Risk and Exploitability

The CVSS score of 6.6 classifies the issue as moderate severity, and no EPSS score is available. The vulnerability is not listed in CISA’s KEV catalog. Based on the description, it is inferred that the likely attack vector is local or privileged access to the device, as the exploit requires invoking the specific memory map/unmap sequence. Though no publicly available exploits are documented, the potential for arbitrary code execution makes the risk significant enough that a patch should be applied promptly.

Generated by OpenCVE AI on July 7, 2026 at 10:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the firmware or software update released by Qualcomm that addresses the improper memory‑synchronization issue.
  • Secure the device‑control interface by restricting which users or processes may invoke the vulnerable I/O control commands, ensuring that only privileged or trusted code can execute them.
  • Enable monitoring of kernel logs for anomalous memory‑mapping or unmapping failures, which may indicate attempts to exploit the use‑after‑free flaw.

Generated by OpenCVE AI on July 7, 2026 at 10:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 06 Jul 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Description Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization.
Title Use After Free in Computer Vision
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L'}


Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-07-07T13:11:29.305Z

Reserved: 2025-09-18T03:19:23.202Z

Link: CVE-2025-59615

cve-icon Vulnrichment

Updated: 2026-07-06T20:49:20.450Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-07T11:45:15Z

Weaknesses