Impact
The vulnerability arises when a Snapdragon kernel module processes multiple IOCTL calls that reference the same buffer file descriptor. A use‑after‑free condition occurs, allowing an attacker to read or overwrite memory after the object has been freed. This memory corruption can lead to program crashes, denial of service, or in some scenarios, arbitrary code execution, compromising the integrity of the device.
Affected Systems
Qualcomm Snapdragon processors and associated Snapdragon software stack are affected. The exact subpackages or firmware versions are not listed. Devices running Qualcomm Snapdragon SoC that implement the vulnerable image‑processing kernel driver are potentially impacted.
Risk and Exploitability
The CVSS base score of 6.6 indicates significant risk. The EPSS score of <1% indicates a very low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires sending crafted IOCTLs to the vulnerable driver, and likely needs local access or an attacker already in control of the device. Because no CNA solution or workaround is documented, users must implement general hardening until an official patch becomes available.
OpenCVE Enrichment