CVE-2026-25260
7.8 HIGHMemory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications
Published: 2026-06-01 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 7.8 HIGH
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-367
Affected products
| Vendor | Product |
|---|---|
| qualcomm | cologne_firmware, fastconnect_6700_firmware, fastconnect_6900_firmware |
Description
Memory Corruption when accessing shared buffers without validation of concurrent user-mode input modifications.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-25277 — Memory corruption while using Strongbox due to buffer overflow (8.8 HIGH)
- CVE-2026-25276 — Memory corruption while using Strongbox due to missing bounds check (8.8 HIGH)
- CVE-2026-25259 — Memory corruption while processing multiple IOCTL command for escape operations (7.8 HIGH)
- CVE-2026-25258 — Memory corruption while processing IOCTL calls for escape operations (7.8 HIGH)
- CVE-2026-24092 — Memory Corruption when processing fastboot commands to set display mode (7.2 HIGH)
Same CWE
- CVE-2026-24067 — Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes ... (8.4 HIGH)
- CVE-2026-49958 — Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the git_discard functi... (5.0 MEDIUM)
- CVE-2026-45647 — Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges ... (5.5 MEDIUM)
- CVE-2026-45487 — Time-of-check time-of-use (TOCTOU) race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate pri... (7.8 HIGH)
- CVE-2026-24065 — Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service (8.1 HIGH)