A time‑of‑check to time‑of‑use (TOCTOU) race condition in the Qualcomm Snapdragon DSP Service allows concurrent user‑mode input to corrupt shared buffers. This memory corruption can undermine data integrity and may enable unconventional tampering with application memory. The vulnerability is classified as CWE‑367.

Qualcomm, Inc. Snapdragon devices are affected. No specific firmware or software version information is provided, so all current revisions containing the vulnerable DSP Service may be at risk until a vendor‑issued fix is applied.

The CVSS score of 7.8 indicates high severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited. The likely attack vector is local, requiring an adversary to send crafted user‑mode input to the DSP Service. If the service is exposed to untrusted input, the risk could increase. Given the potential for memory corruption and the high CVSS, affected systems should urgently evaluate the risk of impact.