Description
Memory corruption while processing IOCTL command when device is in power-save state.
Published: 2026-05-04
Score: 5.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from improper handling of an IOCTL command when a Snapdragon device is in a power‑save state, leading to a memory corruption event. Depending on the context, this undefined behavior could result in crashes, denial of service, or, if an attacker can supply crafted commands, potentially privilege escalation. The severity as reflected in the CVSS score of 5.5 indicates a moderate impact but does not preclude significant consequences in constrained environments.

Affected Systems

Qualcomm, Inc. Snapdragon family of devices are affected. No specific firmware or driver version information is disclosed, so all installations of the Snapdragon software stack remain potentially vulnerable until an update is released.

Risk and Exploitability

The CVSS score of 5.5 suggests moderate risk. No EPSS score is available, and the vulnerability is not listed in CISA KEV, indicating no widespread known exploitation reports. The likely attack vector is local or privileged, requiring an attacker to interact with the IOCTL interface while the device is in power‑save mode or to gain elevated privileges to trigger the corrupted state. Lacking evidence of remote exploitation, the risk is moderate but merits attention, especially for systems that rely on constant device availability.

Generated by OpenCVE AI on May 4, 2026 at 18:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any Qualcomm firmware or driver update that addresses the IOCTL memory corruption issue.
  • If an update is unavailable, disable or limit power‑save mode for the affected device to avoid the vulnerable state.
  • Restrict access to the IOCTL interface to trusted, privileged processes and monitor for anomalous usage.

Generated by OpenCVE AI on May 4, 2026 at 18:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 04 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 17:15:00 +0000

Type Values Removed Values Added
Description Memory corruption while processing IOCTL command when device is in power-save state.
Title Exposed dangerous function in windows host
Weaknesses CWE-749
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-05-04T18:10:31.034Z

Reserved: 2026-02-02T04:19:00.940Z

Link: CVE-2026-25266

cve-icon Vulnrichment

Updated: 2026-05-04T18:10:23.487Z

cve-icon NVD

Status : Received

Published: 2026-05-04T17:16:22.107

Modified: 2026-05-04T17:16:22.107

Link: CVE-2026-25266

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:15:06Z

Weaknesses