A cryptographic oversight in the parsing of partition table entries introduces a flaw that allows an attacker to modify the boot flow without proper authentication. The weakness, identified as Missing Authentication for a Critical Function, means that anyone able to influence the partition data can redirect or alter the sequence of modules loaded during system startup, potentially leading to unauthorized code execution or denial of service. The impact is confined to the boot process itself, but because the boot loader often establishes initial security state, tampering can have lasting system‐wide effects.

The vulnerability affects Qualcomm, Inc.’s Snapdragon line of mobile processors. Any device that implements the Snapdragon firmware containing the flawed partition table handling is considered susceptible.

The CVSS score of 7.1 marks this vulnerability as high severity. No EPSS data is available, suggesting that public exploitation evidence is limited and the likelihood may be moderate. The vulnerability is not listed in the CISA KEV catalog. Attackers would likely need to embed malicious configuration data in the partition table, requiring either firmware modification or physical access to the device’s storage. The path to exploitation is contingent upon the ability to write to the partition table and bypass existing code signing checks, a condition not trivially available to remote attackers.