Description
Memory corruption while processing fastboot OEM commands.
Published: 2026-06-01
Score: 7.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a memory corruption bug triggered while the kernel processes fastboot OEM commands. This vulnerability can allow an attacker to corrupt kernel memory, potentially leading to arbitrary code execution or privilege escalation. The weakness is reflected by CWE‑1286, indicating an improper validation of input syntax that results in a memory safety violation.

Affected Systems

Qualcomm, Inc. devices running Snapdragon processors are impacted, as the kernel component handling fastboot OEM commands is common across these platforms. No specific product or version numbers are supplied, so all Snapdragon systems that use the affected fastboot implementation are considered vulnerable until vendor information is provided.

Risk and Exploitability

The CVSS score of 7.2 indicates a high severity. Because the EPSS score is not available, the likelihood of exploitation in the wild cannot be quantified, and the vulnerability is not currently listed in the CISA KEV catalog. The attack vector is inferred to be local or physical access, as fastboot OEM commands are typically issued by device developers or during manufacturing. An attacker with such access could trigger the memory corruption to gain kernel privileges.

Generated by OpenCVE AI on June 1, 2026 at 23:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Qualcomm’s security bulletin for updates or patches and apply any fixes that address the fastboot OEM command handling.
  • If no update is available, disable fastboot OEM mode or restrict access to the fastboot interface to trusted personnel.
  • Monitor devices for signs of exploitation and consider isolating vulnerable units until a patch is released.

Generated by OpenCVE AI on June 1, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 01 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description Memory corruption while processing fastboot OEM commands.
Title Improper Validation of Syntactic Correctness of Input in Kernel
Weaknesses CWE-1286
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-06-01T22:05:36.129Z

Reserved: 2026-01-21T12:51:13.996Z

Link: CVE-2026-24087

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T23:16:19.460

Modified: 2026-06-01T23:16:19.460

Link: CVE-2026-24087

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T00:45:27Z

Weaknesses