CVE-2025-59610 - Vulnerability Details - OpenCVE

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products

References

Link	Providers
https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html

History

Mon, 01 Jun 2026 22:30:00 +0000

Type	Values Removed	Values Added
Description		Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
Title		Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver
Weaknesses		CWE-367
References		https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html
Metrics		cvssV3_1 `{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2026-06-01T22:05:29.149Z

Updated: 2026-06-01T22:05:29.149Z

Reserved: 2025-09-18T03:19:23.202Z

Link: CVE-2025-59610

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-01T23:16:16.330

Modified: 2026-06-01T23:16:16.330

Link: CVE-2025-59610

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-01T23:30:12Z

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-59610", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "state": "PUBLISHED", "assignerShortName": "qualcomm", "dateReserved": "2025-09-18T03:19:23.202Z", "datePublished": "2026-06-01T22:05:29.149Z", "dateUpdated": "2026-06-01T22:05:29.149Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Snapdragon Auto", "Snapdragon CCW", "Snapdragon Compute", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon Mobile", "Snapdragon Wearables"], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "5G Fixed Wireless Access Platform"}, {"status": "affected", "version": "C-V2X 9150"}, {"status": "affected", "version": "CSRA6620"}, {"status": "affected", "version": "CSRA6640"}, {"status": "affected", "version": "CSRB31024"}, {"status": "affected", "version": "FastConnect 6200"}, {"status": "affected", "version": "FastConnect 6700"}, {"status": "affected", "version": "FastConnect 6800"}, {"status": "affected", "version": "FastConnect 6900"}, {"status": "affected", "version": "FastConnect 7800"}, {"status": "affected", "version": "Flight RB5 5G Platform"}, {"status": "affected", "version": "FSM100 Platform"}, {"status": "affected", "version": "G1 Gen 1"}, {"status": "affected", "version": "G2 Gen 1"}, {"status": "affected", "version": "IQ6 Series Platform"}, {"status": "affected", "version": "IQ8 Series Platform"}, {"status": "affected", "version": "IQ9 Series Platform"}, {"status": "affected", "version": "LeMans_AU_LGIT"}, {"status": "affected", "version": "LeMansAU"}, {"status": "affected", "version": "Milos"}, {"status": "affected", "version": "Monaco_IOT"}, {"status": "affected", "version": "Netrani"}, {"status": "affected", "version": "Orne"}, {"status": "affected", "version": "Palawan25"}, {"status": "affected", "version": "Pandeiro"}, {"status": "affected", "version": "QAM8255P"}, {"status": "affected", "version": "QAM8295P"}, {"status": "affected", "version": "QAMSRV1H"}, {"status": "affected", "version": "QAMSRV1M"}, {"status": "affected", "version": "QCA6391"}, {"status": "affected", "version": "QCA6564AU"}, {"status": "affected", "version": "QCA6574"}, {"status": "affected", "version": "QCA6574A"}, {"status": "affected", "version": "QCA6574AU"}, {"status": "affected", "version": "QCA6595"}, {"status": "affected", "version": "QCA6595AU"}, {"status": "affected", "version": "QCA6678AQ"}, {"status": "affected", "version": "QCA6688AQ"}, {"status": "affected", "version": "QCA6696"}, {"status": "affected", "version": "QCA6698AQ"}, {"status": "affected", "version": "QCA6698AU"}, {"status": "affected", "version": "QCA6797AQ"}, {"status": "affected", "version": "QCA8695AU"}, {"status": "affected", "version": "QCM2290"}, {"status": "affected", "version": "QCM4325"}, {"status": "affected", "version": "QCM4490"}, {"status": "affected", "version": "QCM5430"}, {"status": "affected", "version": "QCM6490"}, {"status": "affected", "version": "QCN9011"}, {"status": "affected", "version": "QCN9012"}, {"status": "affected", "version": "QCS2290"}, {"status": "affected", "version": "QCS410"}, {"status": "affected", "version": "QCS4290"}, {"status": "affected", "version": "QCS4490"}, {"status": "affected", "version": "QCS8550"}, {"status": "affected", "version": "QLN1083BD"}, {"status": "affected", "version": "QLN1086BD"}, {"status": "affected", "version": "QMP1000"}, {"status": "affected", "version": "QPA1083BD"}, {"status": "affected", "version": "QPA1086BD"}, {"status": "affected", "version": "QRB5165M"}, {"status": "affected", "version": "QRB5165N"}, {"status": "affected", "version": "Qualcomm 215 Mobile Platform"}, {"status": "affected", "version": "Qualcomm Video Collaboration VC1 Platform"}, {"status": "affected", "version": "Qualcomm Video Collaboration VC3 Platform"}, {"status": "affected", "version": "Qualcomm Video Collaboration VC5 Platform"}, {"status": "affected", "version": "QXM1093"}, {"status": "affected", "version": "QXM1094"}, {"status": "affected", "version": "QXM1095"}, {"status": "affected", "version": "QXM1096"}, {"status": "affected", "version": "Robotics RB2 Platform"}, {"status": "affected", "version": "Robotics RB5 Platform"}, {"status": "affected", "version": "SA2150P"}, {"status": "affected", "version": "SA4150P"}, {"status": "affected", "version": "SA4155P"}, {"status": "affected", "version": "SA6145P"}, {"status": "affected", "version": "SA6150P"}, {"status": "affected", "version": "SA6155"}, {"status": "affected", "version": "SA6155P"}, {"status": "affected", "version": "SA7255P"}, {"status": "affected", "version": "SA7775P"}, {"status": "affected", "version": "SA8145P"}, {"status": "affected", "version": "SA8150P"}, {"status": "affected", "version": "SA8155"}, {"status": "affected", "version": "SA8155P"}, {"status": "affected", "version": "SA8195P"}, {"status": "affected", "version": "SA8255P"}, {"status": "affected", "version": "SA8295P"}, {"status": "affected", "version": "SA8620P"}, {"status": "affected", "version": "SA8770P"}, {"status": "affected", "version": "SA9000P"}, {"status": "affected", "version": "SAR1250P"}, {"status": "affected", "version": "SAR2130P"}, {"status": "affected", "version": "SAR2230P"}, {"status": "affected", "version": "SD 8 Gen1 5G"}, {"status": "affected", "version": "SD662"}, {"status": "affected", "version": "SD865 5G"}, {"status": "affected", "version": "SDA660"}, {"status": "affected", "version": "SDM429W"}, {"status": "affected", "version": "SM6225P"}, {"status": "affected", "version": "SM6650P"}, {"status": "affected", "version": "SM7250P"}, {"status": "affected", "version": "SM7325P"}, {"status": "affected", "version": "SM7435"}, {"status": "affected", "version": "SM7550"}, {"status": "affected", "version": "SM7550P"}, {"status": "affected", "version": "SM7635P"}, {"status": "affected", "version": "SM7675"}, {"status": "affected", "version": "SM7675P"}, {"status": "affected", "version": "SM8475P"}, {"status": "affected", "version": "SM8550P"}, {"status": "affected", "version": "SM8635"}, {"status": "affected", "version": "SM8635P"}, {"status": "affected", "version": "SM8650Q"}, {"status": "affected", "version": "SM8750P"}, {"status": "affected", "version": "Snapdragon 4 Gen 1 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 4 Gen 2 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 429 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 460 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 480 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 480+ 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 6 Gen 1 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 6 Gen 3 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 6 Gen 4 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 660 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 662 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 680 4G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 685 4G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 690 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 695 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 7 Gen 1 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 7+ Gen 2 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 720G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 765 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 765G 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 768G 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 778G 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 778G+ 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 782G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 7c+ Gen 3 Compute"}, {"status": "affected", "version": "Snapdragon 7s Gen 3 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 8 Elite"}, {"status": "affected", "version": "Snapdragon 8 Gen 1 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 8 Gen 2 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 8 Gen 3 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 8+ Gen 1 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 8+ Gen 2 Mobile Platform"}, {"status": "affected", "version": "Snapdragon 865 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 865+ 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 870 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 888 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon 888+ 5G Mobile Platform"}, {"status": "affected", "version": "Snapdragon AR1 Gen 1 Platform"}, {"status": "affected", "version": "Snapdragon Auto 5G Modem-RF"}, {"status": "affected", "version": "Snapdragon W5+ Gen 1 Wearable Platform"}, {"status": "affected", "version": "Snapdragon X53 5G Modem-RF System"}, {"status": "affected", "version": "Snapdragon X55 5G Modem-RF System"}, {"status": "affected", "version": "Snapdragon XR2 5G Platform"}, {"status": "affected", "version": "Snapdragon XR2+ Gen 1 Platform"}, {"status": "affected", "version": "SnapdragonAuto 4GModem"}, {"status": "affected", "version": "SRV1H"}, {"status": "affected", "version": "SRV1M"}, {"status": "affected", "version": "SW5100"}, {"status": "affected", "version": "SW5100P"}, {"status": "affected", "version": "SXR2230P"}, {"status": "affected", "version": "SXR2250P"}, {"status": "affected", "version": "SXR2330P"}, {"status": "affected", "version": "SXR2350P"}, {"status": "affected", "version": "Vision Intelligence 300 Platform"}, {"status": "affected", "version": "Vision Intelligence 400 Platform"}, {"status": "affected", "version": "WCD9326"}, {"status": "affected", "version": "WCD9335"}, {"status": "affected", "version": "WCD9341"}, {"status": "affected", "version": "WCD9360"}, {"status": "affected", "version": "WCD9370"}, {"status": "affected", "version": "WCD9371"}, {"status": "affected", "version": "WCD9375"}, {"status": "affected", "version": "WCD9378"}, {"status": "affected", "version": "WCD9380"}, {"status": "affected", "version": "WCD9385"}, {"status": "affected", "version": "WCD9390"}, {"status": "affected", "version": "WCD9395"}, {"status": "affected", "version": "WCN3615"}, {"status": "affected", "version": "WCN3620"}, {"status": "affected", "version": "WCN3660B"}, {"status": "affected", "version": "WCN3680B"}, {"status": "affected", "version": "WCN3910"}, {"status": "affected", "version": "WCN3950"}, {"status": "affected", "version": "WCN3980"}, {"status": "affected", "version": "WCN3988"}, {"status": "affected", "version": "WCN3990"}, {"status": "affected", "version": "WCN6650"}, {"status": "affected", "version": "WCN6755"}, {"status": "affected", "version": "WCN7860"}, {"status": "affected", "version": "WCN7861"}, {"status": "affected", "version": "WCN7880"}, {"status": "affected", "version": "WCN7881"}, {"status": "affected", "version": "WSA8810"}, {"status": "affected", "version": "WSA8815"}, {"status": "affected", "version": "WSA8830"}, {"status": "affected", "version": "WSA8832"}, {"status": "affected", "version": "WSA8835"}, {"status": "affected", "version": "WSA8840"}, {"status": "affected", "version": "WSA8845"}, {"status": "affected", "version": "WSA8845H"}]}], "descriptions": [{"lang": "en", "value": "Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-367", "description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2026-06-01T22:05:29.149Z"}, "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html"}], "title": "Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver"}}}