A vulnerability exists in various chipsets used in Qualcomm products, allowing memory corruption by accessing shared buffers without proper validation of concurrent user-mode input changes. This issue arises from a time-of-check time-of-use (TOCTOU) race condition, where the timing of input modification and buffer access can be manipulated, leading to memory corruption.
Exploitation of this vulnerability causes memory corruption, which can lead to undefined behavior in the application, including potential arbitrary code execution or causing the device to crash.
Qualcomm has notified customers about this vulnerability and is actively sharing patches with device manufacturers. Instructions for applying the patch can be found in the Qualcomm June 2026 Security Bulletin.
cpe:2.3:h:qualcomm:fastconnect_6700:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:fastconnect_6900:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:fastconnect_7800:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:qcm5430:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:qcm6490:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:qualcomm_video_collaboration_vc1_platform:*:*:*:*:*:*:*, +11 more
cpe:2.3:h:qualcomm:sd865_5g:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:snapdragon_ar1_gen_1:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:snapdragon_xr2_5g_platform:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:snapdragon_xr2+_gen_1_platform:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:wcd9370:*:*:*:*:*:*:*, +5 more
cpe:2.3:h:qualcomm:wcd9375:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:wcd9380:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:wcd9385:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:wsa8810:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:wsa8815:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:wsa8830:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:wsa8832:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:wsa8835:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:wsa8840:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:wsa8845:*:*:*:*:*:*:*, +1 more
cpe:2.3:h:qualcomm:wsa8845h:*:*:*:*:*:*:*, +1 more
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
