CVE-2025-59610
6.4 MEDIUMMemory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer
Published: 2026-06-01 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 6.4 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-367
Affected products
| Vendor | Product |
|---|---|
| qualcomm | 5g_fixed_wireless_access_platform_firmware, c-v2x_9150_firmware, cq7790_firmware |
Description
Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-25277 — Memory corruption while using Strongbox due to buffer overflow (8.8 HIGH)
- CVE-2026-25276 — Memory corruption while using Strongbox due to missing bounds check (8.8 HIGH)
- CVE-2026-25260 — Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications (7.8 HIGH)
- CVE-2026-25259 — Memory corruption while processing multiple IOCTL command for escape operations (7.8 HIGH)
- CVE-2026-25258 — Memory corruption while processing IOCTL calls for escape operations (7.8 HIGH)
Same CWE
- CVE-2026-54228 — A time-of-check time-of-use (TOCTOU) race condition was found in the abrt-dbus D-Bus service's SetElement method (7.8 HIGH)
- CVE-2026-53838 — OpenClaw before 2026.5.27 contains a state mutation vulnerability in node pairing reconnection that allows paired nodes to confuse approv... (9.8 CRITICAL)
- CVE-2026-53831 — OpenClaw before 2026.5.18 contains a policy enforcement vulnerability in system.run safe-bin allowlist validation that allows shell expan... (8.3 HIGH)
- CVE-2026-53822 — OpenClaw before 2026.5.18 contains a command injection vulnerability where shell wrapper argv could change between approval and execution (8.8 HIGH)
- CVE-2026-54055 — Kitty is a cross-platform GPU based terminal (5.0 MEDIUM)