Analysis
Impact
Kernel code incorrectly validates the syntax of Fastboot input, allowing an attacker to supply malformed commands that overwrite critical memory structures. The resulting memory corruption can be leveraged to execute arbitrary code at kernel privilege, potentially compromising the entire system. The vulnerability arises from a failure to enforce strict input format checks, which is the core weakness described in CWE-1286.
Affected Systems
The affected hardware platform is Qualcomm, Inc. Snapdragon. No specific firmware or model releases are listed as impacted, so all Snapdragon devices that process Fastboot commands are potentially vulnerable.
Risk and Exploitability
The CVSS score of 7.2 indicates a high-severity problem with a high likelihood of exploitation once the attacker has access. The EPSS score is not available, but the vulnerability is not currently listed in the CISA KEV catalog, suggesting no publicly known exploit at the time of this report. The likely attack vector is a local or physical attack that injects malicious Fastboot commands, as Fastboot requires access to the device’s bootloader interface. This inferred vector means that individuals with physical proximity or the ability to access the device’s Fastboot mode could potentially exploit the flaw.
Mitre Data 
CPE Configurations 
Affected Packages
OpenCVE Enrichment 
Vulnrichment