Description
Memory corruption while processing IOCTL command when device is in power-save state.
Published: 2026-05-04
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from improper handling of an IOCTL command when a Snapdragon device is in a power‑save state, leading to a memory corruption event (CWE‑787). Depending on the context, this undefined behavior could result in crashes, denial of service, or, if an attacker can supply crafted commands, potentially privilege escalation (CWE‑749). The severity as reflected in the CVSS score of 5.5 indicates a moderate impact but does not preclude significant consequences in constrained environments.

Affected Systems

Qualcomm, Inc. Snapdragon family of devices are affected. No specific firmware or driver version information is disclosed, so all installations of the Snapdragon software stack remain potentially vulnerable until an update is released.

Risk and Exploitability

The CVSS score of 5.5 suggests moderate risk. The EPSS score is 0.00015, indicating a very low exploitation probability. The vulnerability is not listed in CISA KEV, indicating no widespread known exploitation reports. The likely attack vector is local or privileged, requiring an attacker to interact with the IOCTL interface while the device is in power‑save mode or to gain elevated privileges to trigger the corrupted state. Lacking evidence of remote exploitation, the risk is moderate but merits attention, especially for systems that rely on constant device availability.

Generated by OpenCVE AI on May 6, 2026 at 21:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any Qualcomm firmware or driver update that addresses the IOCTL memory corruption issue.
  • If an update is unavailable, disable or limit power‑save mode for the affected device to avoid the vulnerable state.
  • Restrict access to the IOCTL interface to trusted, privileged processes and monitor for anomalous usage.
  • If a patch is unavailable, review the firmware to implement bounds checking and prevent out‑of‑bounds writes (CWE‑787).

Generated by OpenCVE AI on May 6, 2026 at 21:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm cologne
Qualcomm cologne Firmware
Qualcomm fastconnect 6900
Qualcomm fastconnect 6900 Firmware
Qualcomm fastconnect 7800
Qualcomm fastconnect 7800 Firmware
Qualcomm sc8380xp
Qualcomm sc8380xp Firmware
Qualcomm snapdragon Ar1 Gen 1
Qualcomm snapdragon Ar1 Gen 1 Firmware
Qualcomm wcd9378c
Qualcomm wcd9378c Firmware
Qualcomm wcd9380
Qualcomm wcd9380 Firmware
Qualcomm wcd9385
Qualcomm wcd9385 Firmware
Qualcomm wcn7861
Qualcomm wcn7861 Firmware
Qualcomm wcn7880
Qualcomm wcn7880 Firmware
Qualcomm wsa8830
Qualcomm wsa8830 Firmware
Qualcomm wsa8832
Qualcomm wsa8832 Firmware
Qualcomm wsa8835
Qualcomm wsa8835 Firmware
Qualcomm wsa8840
Qualcomm wsa8840 Firmware
Qualcomm wsa8845
Qualcomm wsa8845 Firmware
Qualcomm wsa8845h
Qualcomm wsa8845h Firmware
Qualcomm x2000077
Qualcomm x2000077 Firmware
Qualcomm x2000086
Qualcomm x2000086 Firmware
Qualcomm x2000090
Qualcomm x2000090 Firmware
Qualcomm x2000092
Qualcomm x2000092 Firmware
Qualcomm x2000094
Qualcomm x2000094 Firmware
Qualcomm xg101002
Qualcomm xg101002 Firmware
Qualcomm xg101032
Qualcomm xg101032 Firmware
Qualcomm xg101039
Qualcomm xg101039 Firmware
Weaknesses CWE-787
CPEs cpe:2.3:h:qualcomm:cologne:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_ar1_gen_1:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9378c:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn7861:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn7880:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000077:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000086:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000090:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000092:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000094:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:xg101002:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:xg101032:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:xg101039:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:cologne_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:snapdragon_ar1_gen_1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9378c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcn7861_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcn7880_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000077_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000086_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000090_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000092_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000094_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:xg101002_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:xg101032_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:xg101039_firmware:-:*:*:*:*:*:*:*
Vendors & Products Qualcomm cologne
Qualcomm cologne Firmware
Qualcomm fastconnect 6900
Qualcomm fastconnect 6900 Firmware
Qualcomm fastconnect 7800
Qualcomm fastconnect 7800 Firmware
Qualcomm sc8380xp
Qualcomm sc8380xp Firmware
Qualcomm snapdragon Ar1 Gen 1
Qualcomm snapdragon Ar1 Gen 1 Firmware
Qualcomm wcd9378c
Qualcomm wcd9378c Firmware
Qualcomm wcd9380
Qualcomm wcd9380 Firmware
Qualcomm wcd9385
Qualcomm wcd9385 Firmware
Qualcomm wcn7861
Qualcomm wcn7861 Firmware
Qualcomm wcn7880
Qualcomm wcn7880 Firmware
Qualcomm wsa8830
Qualcomm wsa8830 Firmware
Qualcomm wsa8832
Qualcomm wsa8832 Firmware
Qualcomm wsa8835
Qualcomm wsa8835 Firmware
Qualcomm wsa8840
Qualcomm wsa8840 Firmware
Qualcomm wsa8845
Qualcomm wsa8845 Firmware
Qualcomm wsa8845h
Qualcomm wsa8845h Firmware
Qualcomm x2000077
Qualcomm x2000077 Firmware
Qualcomm x2000086
Qualcomm x2000086 Firmware
Qualcomm x2000090
Qualcomm x2000090 Firmware
Qualcomm x2000092
Qualcomm x2000092 Firmware
Qualcomm x2000094
Qualcomm x2000094 Firmware
Qualcomm xg101002
Qualcomm xg101002 Firmware
Qualcomm xg101032
Qualcomm xg101032 Firmware
Qualcomm xg101039
Qualcomm xg101039 Firmware

Mon, 04 May 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 04 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description Memory corruption while processing IOCTL command when device is in power-save state.
Title Exposed dangerous function in windows host
Weaknesses CWE-749
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Qualcomm Cologne Cologne Firmware Fastconnect 6900 Fastconnect 6900 Firmware Fastconnect 7800 Fastconnect 7800 Firmware Sc8380xp Sc8380xp Firmware Snapdragon Snapdragon Ar1 Gen 1 Snapdragon Ar1 Gen 1 Firmware Wcd9378c Wcd9378c Firmware Wcd9380 Wcd9380 Firmware Wcd9385 Wcd9385 Firmware Wcn7861 Wcn7861 Firmware Wcn7880 Wcn7880 Firmware Wsa8830 Wsa8830 Firmware Wsa8832 Wsa8832 Firmware Wsa8835 Wsa8835 Firmware Wsa8840 Wsa8840 Firmware Wsa8845 Wsa8845 Firmware Wsa8845h Wsa8845h Firmware X2000077 X2000077 Firmware X2000086 X2000086 Firmware X2000090 X2000090 Firmware X2000092 X2000092 Firmware X2000094 X2000094 Firmware Xg101002 Xg101002 Firmware Xg101032 Xg101032 Firmware Xg101039 Xg101039 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-05-04T18:10:31.034Z

Reserved: 2026-02-02T04:19:00.940Z

Link: CVE-2026-25266

cve-icon Vulnrichment

Updated: 2026-05-04T18:10:23.487Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-04T17:16:22.107

Modified: 2026-05-06T18:02:02.110

Link: CVE-2026-25266

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T22:00:14Z

Weaknesses