Buffer overflow occurs when Secure Processor copies data without checking input size, leading to memory corruption that could allow attacker to execute code or crash the processor. This weakness is a classic stack-based buffer overflow, classified as CWE-120. The damage could include compromised confidentiality, integrity, or availability of data processed by the Secure Processor.

Qualcomm Snapdragon processors that include the Secure Processor component, specifically those using the Strongbox service. No specific firmware or hardware versions are listed, so all Snapdragon devices that rely on this functionality are potentially affected.

A CVSS score of 8.8 indicates a high severity vulnerability. The EPSS score is not available, so exploitation likelihood cannot be quantified, and the issue is not in the CISA KEV catalog. The attack vector is not explicitly described, but because the overflow occurs in the Secure Processor, exploitation would likely require privileged access or a fault injected into the processor’s memory space, making remote exploitation uncertain without additional context.