Description
Memory corruption while processing IOCTL calls for escape operations.
Published: 2026-06-01
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a memory corruption flaw that occurs while the DSP service processes IOCTL escape operations. It permits an out-of-bounds read, exposing sensitive data that the caller should not be able to access. This is a CWE‑125 condition and can lead to confidentiality or integrity compromise if the attacker can obtain the leaked data.

Affected Systems

Qualcomm Snapdragon processors and associated DSP services are affected. Version information has not been disclosed by Qualcomm, so all current releases that include the impacted DSP driver are potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.8 signals a high severity. The EPSS score is not available, and the vulnerability is not yet listed in CISA's KEV catalog, suggesting no widely known exploitation. The likely attack vector is a local or privileged user able to invoke the vulnerable IOCTL calls on the DSP device. An attacker could use the out-of-bounds read to extract memory contents, potentially leading to further compromise if sensitive data is obtained.

Generated by OpenCVE AI on June 1, 2026 at 23:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the latest Qualcomm firmware and driver releases and apply any security updates that address DSP service memory handling.
  • Configure the system to deny non‑essential users access to the DSP IOCTL interface, using SELinux, device permission changes, or driver configuration to enforce least privilege.
  • Monitor system logs for abnormal DSP activity and watch for memory corruption or access violation errors; consider deploying kernel hardening or memory protection options to reduce the impact of the read.

Generated by OpenCVE AI on June 1, 2026 at 23:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 01 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description Memory corruption while processing IOCTL calls for escape operations.
Title Out-of-bounds Read in DSP Service
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-06-01T22:05:42.726Z

Reserved: 2026-02-02T04:19:00.939Z

Link: CVE-2026-25258

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T23:16:21.277

Modified: 2026-06-01T23:16:21.277

Link: CVE-2026-25258

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T00:30:26Z

Weaknesses