The vulnerability is an improper bounds check within the Strongbox component of Qualcomm Snapdragon processors that can cause memory corruption. An attacker who can supply an out‑of‑range array index could overwrite adjacent memory, potentially leading to arbitrary code execution or system compromise. This is a classic array index exploit (CWE‑129).

Qualcomm, Inc. Snapdragon processor families are affected. No specific model or firmware version is listed in the advisory, so any device using the Snapdragon platform with the unpatched Strongbox implementation is potentially vulnerable.

The CVSS score of 8.8 classifies this as high severity. The EPSS score is not publicly available, and the vulnerability is not currently listed in the CISA KEV catalog. Because the flaw resides in a secure processor subsystem, it is likely to require local or privileged access to the device or exploitation of a privileged service that interacts with Strongbox. The attack path is inferred from the memory‑corruption nature: a crafted input that triggers the out‑of‑bounds access could subvert the processor’s secure state. The lack of detailed public exploit evidence suggests exploiting it may be non‑trivial, but the high impact warrants prompt action.