Primary

Context

Qualcomm TZ Secure OS Memory Corruption Vulnerability Allowing Buffer Over-read

Vulnerability

A memory corruption vulnerability has been identified in the Qualcomm TZ Secure OS, specifically while processing a GP command response. This issue arises from an incorrect calculation of buffer size, leading to potential memory corruption.

Impact

Exploitation of this vulnerability causes memory corruption, which can lead to arbitrary code execution or other unintended behavior by corrupting memory management, potentially allowing for exploitation of other vulnerabilities or causing a denial-of-service condition.

Remediation

Qualcomm has notified device manufacturers about this vulnerability and recommended that they deploy patches as soon as possible. For information on the patching status of released devices, contact the device manufacturer.

Added: Nov 4, 2025, 4:17 AM

Updated: Nov 4, 2025, 4:17 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.3

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Qualcomm TZ Secure OS Memory Corruption Vulnerability Allowing Buffer Over-read

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating