Description
Memory corruption while processing fastboot commands with improperly formatted input.
Published: 2026-06-01
Score: 7.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is a memory corruption vulnerability triggered when Qualcomm Snapdragon devices process fastboot commands that are not syntactically correct. The improper validation allows malformed data to corrupt memory, potentially causing a crash or execution of arbitrary code. The CVSS score of 7.2 reflects a high severity impact that could compromise system confidentiality and integrity.

Affected Systems

All Snapdragon platforms that support the fastboot protocol and have not received the latest firmware update are affected. Specific firmware revisions, device models, or operating environments are not detailed in the advisory, so any device employing fastboot without the vendor’s fix remains at risk.

Risk and Exploitability

The vulnerability is not listed in CISA’s KEV catalog and no EPSS score is available. Exploitation requires the ability to deliver malicious fastboot commands, typically over a USB connection, so physical proximity or a compromised host is needed. While publicly known exploits have not been reported, the nature of the memory corruption and high CVSS score create a moderate to high potential risk for environments where fastboot access is enabled.

Generated by OpenCVE AI on June 1, 2026 at 23:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Qualcomm firmware to the latest version that corrects the fastboot input handling flaw.
  • Disable or tightly restrict fastboot mode on devices that do not require it, ensuring only authenticated commands are processed.
  • Monitor USB activity and device logs for abnormal fastboot traffic, and isolate the device from untrusted hosts when possible.

Generated by OpenCVE AI on June 1, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 01 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description Memory corruption while processing fastboot commands with improperly formatted input.
Title Improper Validation of Syntactic Correctness of Input in Display
Weaknesses CWE-1286
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-06-01T22:05:40.458Z

Reserved: 2026-01-21T12:51:13.996Z

Link: CVE-2026-24091

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T23:16:19.903

Modified: 2026-06-01T23:16:19.903

Link: CVE-2026-24091

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T00:00:14Z

Weaknesses