Qualcomm Camera Untrusted Pointer Dereference Vulnerability Allowing Memory Corruption

A memory corruption vulnerability has been identified in Qualcomm's proprietary software when processing IOCTLs for JPEG data. This issue arises from a lack of proper verification, allowing for untrusted pointer dereferencing. The vulnerability is present in several chipsets across different technology areas, including Core Services, Audio, and Video. It affects multiple Snapdragon mobile platforms, as well as platforms used in automotive and video collaboration applications.

Impact

Exploitation of this vulnerability leads to memory corruption, which can potentially be exploited to cause a use-after-free condition, allowing for arbitrary code execution or other malicious actions.

Remediation

Qualcomm has developed patches for this vulnerability, which are available through the Qualcomm Update Catalog. Instructions for applying the patch can be found in the December 2025 Qualcomm Security Bulletin.