The Qualcomm camera driver implements an IOCTL interface that fails to verify the size of an output buffer supplied by a user. Because of this oversight, the driver reads memory beyond the provided buffer, triggering a buffer over‑read (CWE‑126). The extra data read may contain sensitive information stored adjacent to the intended output, allowing an attacker to leak confidential data from the device’s memory space.

Affected systems include Qualcomm Snapdragon mobility and compute platforms such as the Snapdragon 460 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 7c+ Gen 3 Compute, Snapdragon 8cx Gen 3 Compute Platform, and Snapdragon AR1 Gen 1 Platform. A wide range of Qualcomm modules and firmware families is also impacted, including the Columbia chip, FastConnect 6700/6900/7800 modules, QCA0000, QCM5430, QCM6490, SC8380XP, Video Collaboration VC3 platform, WCD9370/9375/9378c/9380/9385 radio cores, WCN3950/3988 wireless chips, WSA8830/8832/8835/8840/8845/8845h security engines, X2000077/2000086/2000090/2000092/2000094 chips, and XG101002/032/039 firmware families.

The CVSS score of 7.8 indicates a high severity of potential information disclosure. However, the EPSS score is below 1%, suggesting that widespread exploitation is unlikely at present, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need local device access and typically require the ability to send crafted IOCTL requests to the camera driver, which is usually limited to privileged services or malicious applications granted camera access.