Impact
The vulnerability exists in a Snapdragon camera driver where the input validation incorrectly allows a batch size or buffer plane count that exceeds the allowed maximum. This results in an out‑of‑bounds write and corrupts memory. The corruption could in turn permit unauthorized code execution or cause the device to crash, depending on how the memory region is used.
Affected Systems
Qualcomm, Inc. Snapdragon devices are affected. No specific firmware or software version is provided; the flaw exists in the camera driver component that ships with Qualcomm Snapdragon platforms.
Risk and Exploitability
The CVSS score of 5.3 denotes moderate severity, and the EPSS score is not available. The flaw is not listed in the CISA KEV catalogue. The likely attack vector is local, requiring access to the device or deployment of malicious camera requests. Because no remote exploitation path is described, the risk is primarily to devices with compromised user or elevated privileges. Without an available patch, the vulnerability remains exploitable until mitigated by vendor updates or preventative controls.
OpenCVE Enrichment