The vulnerability arises from an integer overflow or wraparound in a graphics module that performs memory allocation using alignment constraints. The overflow causes inaccurate size calculations, leading to memory corruption when the allocator writes beyond the intended buffer. Because the affected code runs with elevated privileges in the graphics stack, an attacker could exploit the corruption to alter control flow or inject malicious code, potentially achieving local privilege escalation or code execution.

The affected systems are Qualcomm Snapdragon-based platforms, including a wide range of Snapdragon chipsets such as the 480+ 5G, 625, 860, 888+, 8+ Gen 1, automotive, wearable, and various industrial boards. Specific firmware versions are not listed in the CVE data; users should review Qualcomm firmware releases for confirmation.

The CVSS score of 7.8 indicates a high‑impact vulnerability, yet the EPSS score of less than 1% suggests a low exploitation probability. The flaw is listed in the CISA KEV catalog, indicating that attackers are already seeking or have exploited this weakness. Based on the description, it is inferred that the primary risk is local privilege escalation or code execution by compromising graphics driver functionality; remote execution is not explicitly supported by the CVE data. Likely attack vectors involve locally privileged users or compromised applications that invoke the graphics driver, and remote exploitation would require a network path to the driver, which is not confirmed.