CVE-2026-24090
7.1 HIGHCryptographic issue while processing partition table entries allows unauthorized modification of boot flow
Published: 2026-06-01 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 7.1 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- CWE
- CWE-306
Affected products
| Vendor | Product |
|---|---|
| qualcomm | ar8031_firmware, ar8035_firmware, cologne_firmware |
Description
Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-25277 — Memory corruption while using Strongbox due to buffer overflow (8.8 HIGH)
- CVE-2026-25276 — Memory corruption while using Strongbox due to missing bounds check (8.8 HIGH)
- CVE-2026-25260 — Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications (7.8 HIGH)
- CVE-2026-25259 — Memory corruption while processing multiple IOCTL command for escape operations (7.8 HIGH)
- CVE-2026-25258 — Memory corruption while processing IOCTL calls for escape operations (7.8 HIGH)
Same CWE
- CVE-2026-12183 — Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerabili... (9.8 CRITICAL)
- CVE-2026-53868 — Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses ... (7.5 HIGH)
- CVE-2026-50287 — AgenticMail gives AI agents real email addresses and phone numbers
- CVE-2026-53981 — Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary ... (7.6 HIGH)
- CVE-2026-50085 — The Aqara Board service (op-test.aqara.com) accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker wit... (8.6 HIGH)