Description
Memory Corruption when copying data from a freed source while executing performance counter deselect operation.
Published: 2026-05-04
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free vulnerability occurs in the automotive GPU driver when the performance counter deselect operation copies data from a memory region that has already been freed. This flaw can lead to memory corruption, potentially allowing an attacker to trigger crashes, create data leakage, or even execute arbitrary code depending on the context in which the driver runs.

Affected Systems

Qualcomm Snapdragon platforms are affected. Specific model or firmware releases are not listed, so all devices that incorporate the referenced GPU driver should be evaluated for the presence of this issue.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity. No EPSS score is available and the vulnerability is not yet listed in the CISA KEV catalog, suggesting that while the flaw is serious, the probability of widespread exploitation is uncertain. The attack vector is not explicitly documented; it is likely to require local or privileged access to the device’s GPU subsystem, and the use‑after‑free weakness could be leveraged to destabilize the system or facilitate further privilege escalation.

Generated by OpenCVE AI on May 4, 2026 at 18:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Qualcomm Snapdragon firmware or GPU driver to the latest version that contains the use‑after‑free fix
  • If a patch is not immediately available, limit or disable performance counter deselect functionality and restrict GPU access to trusted, privileged applications only
  • Implement additional memory protection and kernel isolation measures, and monitor system logs for anomalous GPU activity to detect potential exploitation attempts

Generated by OpenCVE AI on May 4, 2026 at 18:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description Memory Corruption when copying data from a freed source while executing performance counter deselect operation.
Title Use After Free in Automotive GPU
Weaknesses CWE-416
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-05-04T18:09:34.891Z

Reserved: 2026-01-21T12:51:13.995Z

Link: CVE-2026-24082

cve-icon Vulnrichment

Updated: 2026-05-04T18:09:27.934Z

cve-icon NVD

Status : Received

Published: 2026-05-04T17:16:21.453

Modified: 2026-05-04T17:16:21.453

Link: CVE-2026-24082

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:00:07Z

Weaknesses