Description
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
Published: 2026-06-01
Score: 7.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A time‑of‑check to time‑of‑use (TOCTOU) race condition in the Qualcomm Snapdragon DSP Service allows concurrent user‑mode input to corrupt shared buffers. This memory corruption can undermine data integrity and may enable unconventional tampering with application memory. The vulnerability is classified as CWE‑367.

Affected Systems

Qualcomm, Inc. Snapdragon devices are affected. No specific firmware or software version information is provided, so all current revisions containing the vulnerable DSP Service may be at risk until a vendor‑issued fix is applied.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited. The likely attack vector is local, requiring an adversary to send crafted user‑mode input to the DSP Service. If the service is exposed to untrusted input, the risk could increase. Given the potential for memory corruption and the high CVSS, affected systems should urgently evaluate the risk of impact.

Generated by OpenCVE AI on June 2, 2026 at 00:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Qualcomm Snapdragon firmware or software patch that addresses the DSP Service race condition.
  • Follow vendor instructions to upgrade or replace the affected DSP Service binaries.
  • If an update is not yet available, reduce exposure by restricting or disabling user‑mode access to the DSP Service until a fix is released.

Generated by OpenCVE AI on June 2, 2026 at 00:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 01 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
Title Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service
Weaknesses CWE-367
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-06-01T22:05:45.336Z

Reserved: 2026-02-02T04:19:00.939Z

Link: CVE-2026-25260

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T23:16:21.547

Modified: 2026-06-01T23:16:21.547

Link: CVE-2026-25260

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T00:15:41Z

Weaknesses