Impact
A use‑after‑free vulnerability exists in the Qualcomm Snapdragon driver when handling multiple IOCTL calls that share the same buffer file descriptor. The driver later accesses memory that has already been freed, causing memory corruption. This flaw can lead to unintended modification of system memory or device crashes and is classified as CWE‑416.
Affected Systems
Affected product is Qualcomm Snapdragon, but specific chipset or firmware versions are not disclosed in the available advisory.
Risk and Exploitability
The CVSS score of 6.6 indicates a moderate severity. EPSS is not available, and the vulnerability is not listed in CISA KEV. The likely attack vector requires the ability to issue privileged IOCTL commands to the device driver, meaning the threat could originate from a local or resource‑constrained attacker with elevated privileges. Exploitation could lead to memory corruption that may integrity, or availability of the device.
OpenCVE Enrichment