Qualcomm FastConnect 6900
Moderate fix1 remedy
cpe:2.3:h:qualcomm:fastconnect_6900:*:*:*:*:*:*:*, +1 more
Moderate fix1 remedy
- >= 12.1X46, < 12.1X46-D81
Qualcomm Camera Driver Improper Input Validation Vulnerability Allowing Memory Corruption
Vulnerability
A vulnerability has been identified in the camera kernel driver of Qualcomm chipsets, allowing memory corruption through improper input validation. This issue arises when IOCTL calls are made from userspace to the camera driver, particularly to dump request information. The vulnerability is present in various chipsets and could potentially be exploited by manipulating the data sent via these IOCTL calls.
Impact
Exploitation of this vulnerability leads to memory corruption, which can cause undefined behavior in the application or system, such as crashing the device or creating opportunities for arbitrary code execution.
Reproduction
To reproduce this vulnerability, send an IOCTL request from userspace to the camera kernel driver. The request should include data that exceeds the expected length, bypassing the driver's input validation. This can be done by manipulating the IOCTL parameters to include excessive or malformed data.
Remediation
Qualcomm has released patches for this vulnerability. Instructions for applying the patch can be found in the Qualcomm May 2025 Security Bulletin.
Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM
Vulnerability Rating
Custom Algorithm
spread
7.8impact
0.6exploitability
3.6remediation
7.7relevance
0.0threat
1.6urgency
2.9incentive
0.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.