Description
Memory corruption while using Strongbox due to buffer overflow.
Published: 2026-06-01
Score: 8.8 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Buffer overflow occurs when Secure Processor copies data without checking input size, leading to memory corruption that could allow attacker to execute code or crash the processor. This weakness is a classic stack-based buffer overflow, classified as CWE-120. The damage could include compromised confidentiality, integrity, or availability of data processed by the Secure Processor.

Affected Systems

Qualcomm Snapdragon processors that include the Secure Processor component, specifically those using the Strongbox service. No specific firmware or hardware versions are listed, so all Snapdragon devices that rely on this functionality are potentially affected.

Risk and Exploitability

A CVSS score of 8.8 indicates a high severity vulnerability. The EPSS score is not available, so exploitation likelihood cannot be quantified, and the issue is not in the CISA KEV catalog. The attack vector is not explicitly described, but because the overflow occurs in the Secure Processor, exploitation would likely require privileged access or a fault injected into the processor’s memory space, making remote exploitation uncertain without additional context.

Generated by OpenCVE AI on June 1, 2026 at 23:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Snapdragon firmware to the latest version released by Qualcomm that addresses the buffer overflow in the Secure Processor.
  • If the Strongbox feature is not needed, disable it to eliminate the vulnerable code path.
  • Continuously monitor Qualcomm security bulletins for any further patches or advisories and audit the device for related vulnerabilities.

Generated by OpenCVE AI on June 1, 2026 at 23:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 00:45:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 01 Jun 2026 22:30:00 +0000

Type Values Removed Values Added
Description Memory corruption while using Strongbox due to buffer overflow.
Title Buffer Copy Without Checking Size of Input in Secure Processor
Weaknesses CWE-120
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-06-01T22:05:49.656Z

Reserved: 2026-02-02T04:19:00.941Z

Link: CVE-2026-25277

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T23:16:21.820

Modified: 2026-06-01T23:16:21.820

Link: CVE-2026-25277

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T00:30:26Z

Weaknesses