CVE-2026-25260

Published Jun 1, 2026

Last updated 6 days ago

CVSS high 7.8

Overview

Description
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
Source
product-security@qualcomm.com
NVD status
Analyzed
Products
cologne_firmware, fastconnect_6700_firmware, fastconnect_6900_firmware, fastconnect_7800_firmware, qcm5430_firmware, qcm6490_firmware, video_collaboration_vc3_platform_firmware, sc8380xp_firmware, sd865_5g_firmware, snapdragon_ar1_gen_1_platform_firmware, snapdragon_xr2_5g_platform_firmware, snapdragon_xr2\+_gen_1_platform_firmware, sxr2230p_firmware, sxr2250p_firmware, wcd9370_firmware, wcd9375_firmware, wcd9378c_firmware, wcd9380_firmware, wcd9385_firmware, wsa8810_firmware, wsa8815_firmware, wsa8830_firmware, wsa8832_firmware, wsa8835_firmware, wsa8840_firmware, wsa8845_firmware, wsa8845h_firmware, x2000077_firmware, x2000086_firmware, x2000090_firmware, x2000092_firmware, x2000094_firmware, xg101002_firmware, xg101032_firmware, xg101039_firmware

Risk scores

CVSS 3.1

Type
Primary
Base score
7
Impact score
5.9
Exploitability score
1
Vector string
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

product-security@qualcomm.com
CWE-367

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Memory corruption while processing multiple IOCTL command for escape operations.CVE-2026-25259
  2. Memory corruption while using Strongbox due to missing bounds check.CVE-2026-25276
  3. Memory corruption while processing IOCTL calls for escape operations.CVE-2026-25258
  4. Memory corruption while using Strongbox due to buffer overflow.CVE-2026-25277
  5. Memory Corruption when processing fastboot commands to set display mode.CVE-2026-24092

References

Sources include official advisories and independent security research.