Description
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.
Published: 2026-07-06
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in a Snapdragon camera driver where the input validation incorrectly allows a batch size or buffer plane count that exceeds the allowed maximum. This results in an out‑of‑bounds write and corrupts memory. The corruption could in turn permit unauthorized code execution or cause the device to crash, depending on how the memory region is used.

Affected Systems

Qualcomm, Inc. Snapdragon devices are affected. No specific firmware or software version is provided; the flaw exists in the camera driver component that ships with Qualcomm Snapdragon platforms.

Risk and Exploitability

The CVSS score of 5.3 denotes moderate severity, and the EPSS score is not available. The flaw is not listed in the CISA KEV catalogue. The likely attack vector is local, requiring access to the device or deployment of malicious camera requests. Because no remote exploitation path is described, the risk is primarily to devices with compromised user or elevated privileges. Without an available patch, the vulnerability remains exploitable until mitigated by vendor updates or preventative controls.

Generated by OpenCVE AI on July 7, 2026 at 05:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Qualcomm’s latest firmware or driver releases for a fix to the camera driver memory corruption flaw.
  • Apply any available patch or update immediately to eliminate the out‑of‑bounds write.
  • If no patch is available, limit camera usage by disabling the camera driver on devices where it is not required, or sandbox camera applications to prevent them from manipulating batch size or buffer plane counts.

Generated by OpenCVE AI on July 7, 2026 at 05:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 06:45:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 06 Jul 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Description Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.
Title Out-of-bounds Write in Camera Driver
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L'}


Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-07-07T03:56:29.491Z

Reserved: 2025-12-17T04:35:45.742Z

Link: CVE-2026-21370

cve-icon Vulnrichment

Updated: 2026-07-06T20:53:18.922Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-07T06:30:15Z

Weaknesses