Description
Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits.
Published: 2026-07-06
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability allows an attacker to cause out‑of‑bounds writes in the camera driver by supplying user‑space data with invalid port indices. The driver does not correctly bound these indices against supported read client limits, leading to memory corruption. While the immediate effect is data corruption, the corrupted memory could be leveraged to weaken system integrity or compromise sensitive data if the attacker can influence neighboring memory contents. The CWE for this issue is a classic out‑of‑bounds write.

Affected Systems

Qualcomm devices running Snapdragon firmware that include the identified camera driver are affected. No specific firmware or model output is provided by the CNA, so any Snapdragon platform with the vulnerable driver version is considered at risk.

Risk and Exploitability

The CVSS score of 5.3 indicates medium severity. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no widely observed exploitation. Likely attack vectors involve a malicious user‑space application or a compromised application that can send specially crafted data to the driver. The lack of a public exploit or known enumeration of affected firmware the presence of a memory corruption flaw warrants prompt mitigation.

Generated by OpenCVE AI on July 7, 2026 at 10:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑released patch or updated driver.
  • Restrict access to the camera driver by running the device with the least privilege required and using SELinux or AppArmor policies to limit which applications can interact with it.
  • If a patch is not available, disable the camera interface where possible to eliminate the attack surface and monitor for anomalous driver activity.

Generated by OpenCVE AI on July 7, 2026 at 10:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Jul 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Description Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits.
Title Out-of-bounds Write in Camera Driver
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L'}


Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-07-07T13:10:27.761Z

Reserved: 2025-12-17T04:35:45.743Z

Link: CVE-2026-21384

cve-icon Vulnrichment

Updated: 2026-07-06T20:55:54.497Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-07T11:00:05Z

Weaknesses