CVE-2026-25277 PUBLISHED

Buffer Copy Without Checking Size of Input in Secure Processor

Assigner: qualcomm
Reserved: 02.02.2026 Published: 01.06.2026 Updated: 02.06.2026

Memory corruption while using Strongbox due to buffer overflow.

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 8.8

CVSS 3.1

Vendor	Qualcomm, Inc.
Product	Snapdragon
Versions	Default: unaffected Version Snapdragon 8 Gen 2 Mobile Platform is affected Version Snapdragon 8+ Gen 2 Mobile Platform is affected Version Snapdragon 8 Gen 3 Mobile Platform is affected Version Snapdragon 8 Elite is affected Version Snapdragon 8 Elite Gen 5 is affected

CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') CWE