The vulnerability stems from faulty validation of syntactic correctness of input received while processing fastboot commands to set the display mode, resulting in a memory corruption flaw. The flaw is categorized as CWE‑1286 and could allow an attacker to corrupt memory during the fastboot command handling process. If successfully exploited, this could lead to a crash, denial of service, or potentially arbitrary code execution, depending on the attacker’s objectives and system state.

The flaw affects Qualcomm, Inc. Snapdragon devices. No specific product versions are listed in the available data, so all Snapdragon models that support fastboot display mode configuration may be impacted.

The CVSS score of 7.2 indicates a medium‑to‑high severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting no known public exploitation at this time. Based on the fact that the flaw is triggered by fastboot commands, the likely attack vector is local or physical access via a USB connector where the device is in fastboot mode. Consequently, the risk is moderate to high for environments where fastboot mode is accessible or when devices are exposed to untrusted connections.