Description
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input.
Published: 2026-07-06
Score: 6.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when a Snapdragon kernel module processes multiple IOCTL calls that reference the same buffer file descriptor. A use‑after‑free condition occurs, allowing an attacker to read or overwrite memory after the object has been freed. This memory corruption can lead to program crashes, denial of service, or in some scenarios, arbitrary code execution, compromising the integrity of the device.

Affected Systems

Qualcomm Snapdragon processors and associated Snapdragon software stack are affected. The exact subpackages or firmware versions are not listed. Devices running Qualcomm Snapdragon SoC that implement the vulnerable image‑processing kernel driver are potentially impacted.

Risk and Exploitability

The CVSS base score of 6.6 indicates significant risk. The EPSS score of <1% indicates a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires sending crafted IOCTLs to the vulnerable driver, and likely needs local access or an attacker already in control of the device. Because no CNA solution or workaround is documented, users must implement general hardening until an official patch becomes available.

Generated by OpenCVE AI on July 7, 2026 at 17:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Monitor Qualcomm’s release notes and security advisories for an update that addresses the use‑after‑free flaw.
  • Restrict the vulnerable kernel module’s IOCTL interface to trusted processes, using capabilities or kernel‑level access controls to limit who can issue requests.
  • Enable advanced security frameworks such as SELinux or AppArmor to restrict the impact scope of any memory corruption in the driver.

Generated by OpenCVE AI on July 7, 2026 at 17:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 22:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Description Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input.
Title Use After Free in Computer Vision
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-07-07T13:11:08.093Z

Reserved: 2025-09-18T03:19:23.202Z

Link: CVE-2025-59617

cve-icon Vulnrichment

Updated: 2026-07-06T20:54:02.991Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-07T17:15:16Z

Weaknesses