Qualcomm Snapdragon Chipsets Improper Validation of IOCTLs in Camera Driver Allowing Memory Corruption Vulnerability

A vulnerability exists in the camera driver of various chipsets, including several Snapdragon 8 and 7 series platforms, as well as other chipsets like QCA6574AU and QCA6595AU. This vulnerability arises from improper validation of Input/Output Control (IOCTL) requests, leading to memory corruption. The issue occurs during the validation of resource IDs for IFE (Image Front End) output, where the driver fails to correctly manage and verify the IOCTL data being processed. As a result, this memory corruption could potentially be exploited to cause unintended behavior in the system.

Impact

Exploitation of this vulnerability leads to memory corruption, which can cause unpredictable behavior in the affected system or application. In the context of camera drivers, such memory corruption could disrupt normal camera functions or potentially be leveraged to manipulate camera data or operations.

Remediation

Qualcomm has released patches for this vulnerability. Instructions for applying the patch can be found in the Qualcomm May 2025 Security Bulletin.