Impact
This vulnerability allows an attacker to cause out‑of‑bounds writes in the camera driver by supplying user‑space data with invalid port indices. The driver does not correctly bound these indices against supported read client limits, leading to memory corruption. While the immediate effect is data corruption, the corrupted memory could be leveraged to weaken system integrity or compromise sensitive data if the attacker can influence neighboring memory contents. The CWE for this issue is a classic out‑of‑bounds write.
Affected Systems
Qualcomm devices running Snapdragon firmware that include the identified camera driver are affected. No specific firmware or model output is provided by the CNA, so any Snapdragon platform with the vulnerable driver version is considered at risk.
Risk and Exploitability
The CVSS score of 5.3 indicates medium severity. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no widely observed exploitation. Likely attack vectors involve a malicious user‑space application or a compromised application that can send specially crafted data to the driver. The lack of a public exploit or known enumeration of affected firmware the presence of a memory corruption flaw warrants prompt mitigation.
OpenCVE Enrichment