Analysis
Impact
The DSP Service on Qualcomm Snapdragon devices processes IOCTL commands used for escape operations. A flaw in the handling of multiple IOCTL requests can trigger an out‑of‑bounds write, corrupting adjacent memory. This memory corruption could allow an attacker with sufficient privileges to modify code or data, potentially leading to arbitrary code execution or privilege escalation.
Affected Systems
Qualcomm, Inc. Snapdragon devices. Specific firmware versions are not listed in the advisories.
Risk and Exploitability
The CVSS score of 7.8 indicates a high severity vulnerability. The EPSS score is not available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is local or user‑space exploitation via crafted IOCTL requests. Given the high severity and the lack of a public exploit reference, the risk remains significant for systems that rely on the DSP Service for critical operations.
Mitre Data 
CPE Configurations 
Affected Packages
OpenCVE Enrichment 
Vulnrichment