Description
Memory corruption while processing multiple IOCTL command for escape operations.
Published: 2026-06-01
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The DSP Service on Qualcomm Snapdragon devices processes IOCTL commands used for escape operations. A flaw in the handling of multiple IOCTL requests can trigger an out‑of‑bounds write, corrupting adjacent memory. This memory corruption could allow an attacker with sufficient privileges to modify code or data, potentially leading to arbitrary code execution or privilege escalation.

Affected Systems

Qualcomm, Inc. Snapdragon devices. Specific firmware versions are not listed in the advisories.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity vulnerability. The EPSS score is not available, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is local or user‑space exploitation via crafted IOCTL requests. Given the high severity and the lack of a public exploit reference, the risk remains significant for systems that rely on the DSP Service for critical operations.

Generated by OpenCVE AI on June 1, 2026 at 23:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Qualcomm Snapdragon firmware to the latest version that addresses the DSP Service write‑out‑of‑bounds issue
  • Restrict or disable the use of escape IOCTL commands in applications that do not require them
  • Implement input validation or sandboxing for DSP Service interactions to contain potential memory corruption

Generated by OpenCVE AI on June 1, 2026 at 23:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 01 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description Memory corruption while processing multiple IOCTL command for escape operations.
Title Out-of-bounds Write in DSP Service
Weaknesses CWE-787
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-06-01T22:05:43.934Z

Reserved: 2026-02-02T04:19:00.939Z

Link: CVE-2026-25259

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T23:16:21.410

Modified: 2026-06-01T23:16:21.410

Link: CVE-2026-25259

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T01:00:11Z

Weaknesses