Description
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.
Published: 2026-07-06
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free vulnerability exists in the Qualcomm Snapdragon driver when handling multiple IOCTL calls that share the same buffer file descriptor. The driver later accesses memory that has already been freed, causing memory corruption. This flaw can lead to unintended modification of system memory or device crashes and is classified as CWE‑416.

Affected Systems

Affected product is Qualcomm Snapdragon, but specific chipset or firmware versions are not disclosed in the available advisory.

Risk and Exploitability

The CVSS score of 6.6 indicates a moderate severity. EPSS is not available, and the vulnerability is not listed in CISA KEV. The likely attack vector requires the ability to issue privileged IOCTL commands to the device driver, meaning the threat could originate from a local or resource‑constrained attacker with elevated privileges. Exploitation could lead to memory corruption that may integrity, or availability of the device.

Generated by OpenCVE AI on July 7, 2026 at 05:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Qualcomm Snapdragon firmware update that addresses the memory corruption issue
  • Restrict use of privileged IOCTL interfaces so that only trusted system components can access the affected driver
  • Avoid reusing buffer file descriptors across multiple IOCTL calls in applications whenever possible

Generated by OpenCVE AI on July 7, 2026 at 05:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 06 Jul 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Description Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.
Title Use After Free in Computer Vision
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L'}


Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-07-07T13:11:17.423Z

Reserved: 2025-09-18T03:19:23.202Z

Link: CVE-2025-59616

cve-icon Vulnrichment

Updated: 2026-07-06T20:53:43.276Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-07T19:30:03Z

Weaknesses