Volerion logoVolerion
Volerion logoVolerion

Qualcomm Snapdragon Products TOCTOU Race Condition Vulnerability in Camera Driver

Vulnerability

A memory corruption vulnerability has been identified in various chipsets of Qualcomm Snapdragon products. This issue arises from a time-of-check time-of-use (TOCTOU) race condition, where blob data is submitted to kernel space via an IOCTL command, leading to memory corruption. The vulnerability is present in the Camera_Linux driver and affects chipsets such as Snapdragon 8 Gen 1, Snapdragon 865 5G, and several others.

Impact

Exploitation of this vulnerability causes memory corruption, which can lead to arbitrary code execution or local denial-of-service conditions.

Remediation

Qualcomm has released patches for this vulnerability. Instructions for applying the patch can be found in the Qualcomm August 2025 Security Bulletin.

Added: Aug 6, 2025, 11:27 AM
Updated: Aug 6, 2025, 11:27 AM

Vulnerability Rating

Custom Algorithm
spread
8.1
impact
2.5
exploitability
3.1
remediation
7.7
relevance
0.3
threat
0.0
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.