1. Home
  2. Vulnerabilities
  3. CVE-2026-25277
8.8
HIGH CVSS 3.1
CVE-2026-25277
Buffer Copy Without Checking Size of Input in Secure Processor
Overview
Description

Memory corruption while using Strongbox due to buffer overflow.

Details
INFO

Published Date :

June 1, 2026, 11:16 p.m.

Last Modified :

June 2, 2026, 2:57 p.m.

Remotely Exploit :

No

Source :

[email protected]
Impact
Affected Products

The following products are affected by CVE-2026-25277 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Qualcomm qca6391_firmware
2 Qualcomm sd865_5g_firmware
3 Qualcomm wcd9380_firmware
4 Qualcomm wcd9385_firmware
5 Qualcomm wcn3988_firmware
6 Qualcomm wsa8810_firmware
7 Qualcomm wsa8815_firmware
8 Qualcomm wsa8830_firmware
9 Qualcomm wsa8835_firmware
10 Qualcomm qcm6490_firmware
11 Qualcomm qcn9011_firmware
12 Qualcomm qcn9012_firmware
13 Qualcomm snapdragon_662_mobile_platform_firmware
14 Qualcomm snapdragon_x55_5g_modem-rf_system_firmware
15 Qualcomm snapdragon_xr2_5g_platform_firmware
16 Qualcomm snapdragon_xr2\+_gen_1_platform_firmware
17 Qualcomm wcd9370_firmware
18 Qualcomm wcd9375_firmware
19 Qualcomm wcn3950_firmware
20 Qualcomm wsa8832_firmware
21 Qualcomm fastconnect_6800_firmware
22 Qualcomm fastconnect_6900_firmware
23 Qualcomm fastconnect_7800_firmware
24 Qualcomm fastconnect_6700_firmware
25 Qualcomm snapdragon_460_mobile_platform_firmware
26 Qualcomm snapdragon_865_5g_mobile_platform_firmware
27 Qualcomm snapdragon_865\+_5g_mobile_platform_firmware
28 Qualcomm snapdragon_870_5g_mobile_platform_firmware
29 Qualcomm qca6797aq_firmware
30 Qualcomm qcs8550_firmware
31 Qualcomm sm8550p_firmware
32 Qualcomm snapdragon_8_gen_2_mobile_platform_firmware
33 Qualcomm snapdragon_8\+_gen_2_mobile_platform_firmware
34 Qualcomm wcd9390_firmware
35 Qualcomm wcd9395_firmware
36 Qualcomm wsa8840_firmware
37 Qualcomm wsa8845_firmware
38 Qualcomm wsa8845h_firmware
39 Qualcomm qca6391
40 Qualcomm sd865_5g
41 Qualcomm wcd9370
42 Qualcomm wcd9375
43 Qualcomm wcd9380
44 Qualcomm wcd9385
45 Qualcomm wcn3950
46 Qualcomm wcn3988
47 Qualcomm wsa8810
48 Qualcomm wsa8815
49 Qualcomm wsa8830
50 Qualcomm wsa8835
51 Qualcomm qcn9012
52 Qualcomm qcm5430_firmware
53 Qualcomm snapdragon_8_gen_3_mobile_platform_firmware
54 Qualcomm fastconnect_6700
55 Qualcomm fastconnect_6800
56 Qualcomm fastconnect_6900
57 Qualcomm snapdragon_865_5g_mobile_platform
58 Qualcomm snapdragon_865\+_5g_mobile_platform
59 Qualcomm snapdragon_870_5g_mobile_platform
60 Qualcomm snapdragon_x55_5g_modem-rf_system
61 Qualcomm snapdragon_xr2_5g_platform
62 Qualcomm fastconnect_7800
63 Qualcomm qca6797aq
64 Qualcomm qcm5430
65 Qualcomm qcm6490
66 Qualcomm qcn9011
67 Qualcomm qcs8550
68 Qualcomm sm8550p
69 Qualcomm snapdragon_460_mobile_platform
70 Qualcomm snapdragon_662_mobile_platform
71 Qualcomm snapdragon_8_gen_2_mobile_platform
72 Qualcomm snapdragon_8\+_gen_2_mobile_platform
73 Qualcomm snapdragon_xr2\+_gen_1_platform
74 Qualcomm wcd9390
75 Qualcomm wcd9395
76 Qualcomm wsa8832
77 Qualcomm wsa8840
78 Qualcomm wsa8845
79 Qualcomm wsa8845h
80 Qualcomm snapdragon_8_gen_3_mobile_platform
81 Qualcomm video_collaboration_vc3_platform_firmware
82 Qualcomm video_collaboration_vc3_platform
83 Qualcomm wcn7880_firmware
84 Qualcomm wcn7880
85 Qualcomm wcn7881_firmware
86 Qualcomm wcn7881
87 Qualcomm wcn7861_firmware
88 Qualcomm wcn7861
89 Qualcomm wcn7860_firmware
90 Qualcomm wcn7860
91 Qualcomm sm8750p_firmware
92 Qualcomm sm8750p
93 Qualcomm sm8650q_firmware
94 Qualcomm sm8650q
95 Qualcomm snapdragon_ar1_gen_1_platform_firmware
96 Qualcomm snapdragon_ar1_gen_1_platform
97 Qualcomm qca6698au_firmware
98 Qualcomm qca6698au
99 Qualcomm snapdragon_8_elite_firmware
100 Qualcomm snapdragon_8_elite
101 Qualcomm pandeiro_firmware
102 Qualcomm pandeiro
103 Qualcomm snapdragon_8_elite_gen_5_firmware
104 Qualcomm snapdragon_8_elite_gen_5
105 Qualcomm g3x_gen_2_firmware
106 Qualcomm g3x_gen_2
107 Qualcomm cq8750m_firmware
108 Qualcomm cq8750m
109 Qualcomm wcn7760_firmware
110 Qualcomm wcn7760
111 Qualcomm qcm8838_firmware
112 Qualcomm qcm8838
113 Qualcomm sdr753_firmware
114 Qualcomm sdr753
: Total Affected Vendor : 1 | Products : 114
Scoring
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 HIGH 2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
CVSS 3.1 HIGH [email protected]
Solution
Fix memory corruption due to buffer overflow in Strongbox.
  • Apply vendor patches for Strongbox.
  • Update to a fixed version of Strongbox.
  • Review and sanitize all buffer operations.
  • Implement bounds checking for buffer writes.
Public PoC/Exploit Available at Github

CVE-2026-25277 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2026-25277.

URL Resource
https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html Vendor Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-25277 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2026-25277 weaknesses.

CAPEC-8: Buffer Overflow in an API Call Buffer Overflow in an API Call CAPEC-9: Buffer Overflow in Local Command-Line Utilities Buffer Overflow in Local Command-Line Utilities CAPEC-10: Buffer Overflow via Environment Variables Buffer Overflow via Environment Variables CAPEC-14: Client-side Injection-induced Buffer Overflow Client-side Injection-induced Buffer Overflow CAPEC-24: Filter Failure through Buffer Overflow Filter Failure through Buffer Overflow CAPEC-42: MIME Conversion MIME Conversion CAPEC-44: Overflow Binary Resource File Overflow Binary Resource File CAPEC-45: Buffer Overflow via Symbolic Links Buffer Overflow via Symbolic Links CAPEC-46: Overflow Variables and Tags Overflow Variables and Tags CAPEC-47: Buffer Overflow via Parameter Expansion Buffer Overflow via Parameter Expansion CAPEC-67: String Format Overflow in syslog() String Format Overflow in syslog() CAPEC-92: Forced Integer Overflow Forced Integer Overflow CAPEC-100: Overflow Buffers Overflow Buffers

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
lildebil0/revvl7pro5g-unlock-root

REVVL 7 Pro 5G (TMRV07P5G / Pinehurst) unlock + root. CVE-2026 ABL exploits (24091/24092 confirmed). Cheese GPU exploit (V046/V020). Fastboot surface, partition map, dispatcher table, ABL RE. SM6450 Snapdragon 6 Gen 1.

adb android bootloader-unlock cve-2026 exploit fastboot qualcomm root sm6450 tmobile revvl revvl-7-pro

Batchfile Java Python

Updated: 2 weeks, 1 day ago
1 stars 0 fork 0 watcher
Born at : June 7, 2026, 11:53 a.m. This repo has been linked 18 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-25277 vulnerability anywhere in the article.

  • TheCyberThrone
Google Android June 2026 Security Bulletin

OverviewGoogle has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. The bulletin spans Framework, System, Kern ... Read more

Published Date: Jun 02, 2026 (2 weeks, 6 days ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2026-25277 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jun. 02, 2026

    Action Type Old Value New Value
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:cq8750m_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:cq8750m:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:fastconnect_6800:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:g3x_gen_2_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:g3x_gen_2:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:pandeiro_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:pandeiro:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6698au_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6698au:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6797aq_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6797aq:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcm8838_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcm8838:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcn9011_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcn9011:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcn9012:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs8550_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs8550:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sdr753_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sdr753:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sm8550p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sm8550p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sm8650q_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sm8650q:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sm8750p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sm8750p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_460_mobile_platform_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_460_mobile_platform:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_662_mobile_platform_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_662_mobile_platform:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_8_elite_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_8_elite:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_8_elite_gen_5_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_8_elite_gen_5:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_8_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_8_gen_2_mobile_platform:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_8_gen_3_mobile_platform_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_8_gen_3_mobile_platform:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_8+_gen_2_mobile_platform_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_8+_gen_2_mobile_platform:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_865_5g_mobile_platform_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_865_5g_mobile_platform:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_865+_5g_mobile_platform_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_865+_5g_mobile_platform:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_870_5g_mobile_platform_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_870_5g_mobile_platform:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_ar1_gen_1_platform_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_ar1_gen_1_platform:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_x55_5g_modem-rf_system_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_x55_5g_modem-rf_system:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_xr2_5g_platform_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_xr2_5g_platform:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:snapdragon_xr2+_gen_1_platform_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:snapdragon_xr2+_gen_1_platform:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9390_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9390:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9395_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9395:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn7760_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn7760:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn7860_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn7860:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn7861_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn7861:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn7880_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn7880:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn7881_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn7881:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*
    Added Reference Type Qualcomm, Inc.: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html Types: Vendor Advisory
  • New CVE Received by [email protected]

    Jun. 01, 2026

    Action Type Old Value New Value
    Added Description Memory corruption while using Strongbox due to buffer overflow.
    Added CVSS V3.1 AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
    Added CWE CWE-120
    Added Reference https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CVSS
Vulnerability Scoring Details
Base CVSS Score: 8.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact