Exposed dangerous function in windows host_CVE-2026-25266

5.5 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Description

Memory corruption while processing IOCTL command when device is in power-save state.

Basic Information

ID CVE-2026-25266

Source qualcomm

Published May 4, 2026 at 16:43

Affected Product

Vendor Qualcomm, Inc.

Product Snapdragon

Version Cologne

Affected Versions Qualcomm, Inc. Snapdragon Cologne
Qualcomm, Inc. Snapdragon FastConnect 6900
Qualcomm, Inc. Snapdragon FastConnect 7800
Qualcomm, Inc. Snapdragon SC8380XP
Qualcomm, Inc. Snapdragon Snapdragon AR1 Gen 1 Platform
Qualcomm, Inc. Snapdragon WCD9378C
Qualcomm, Inc. Snapdragon WCD9380
Qualcomm, Inc. Snapdragon WCD9385
Qualcomm, Inc. Snapdragon WCN7861
Qualcomm, Inc. Snapdragon WCN7880
Qualcomm, Inc. Snapdragon WSA8830
Qualcomm, Inc. Snapdragon WSA8832
Qualcomm, Inc. Snapdragon WSA8835
Qualcomm, Inc. Snapdragon WSA8840
Qualcomm, Inc. Snapdragon WSA8845
Qualcomm, Inc. Snapdragon WSA8845H
Qualcomm, Inc. Snapdragon X2000077
Qualcomm, Inc. Snapdragon X2000086
Qualcomm, Inc. Snapdragon X2000090
Qualcomm, Inc. Snapdragon X2000092
Qualcomm, Inc. Snapdragon X2000094
Qualcomm, Inc. Snapdragon XG101002
Qualcomm, Inc. Snapdragon XG101032
Qualcomm, Inc. Snapdragon XG101039

CWE Classification

CWE-749

References

docs.qualcomm.com /product/publicresources/securitybulletin/may-2026-bulletin.html

{
    "lastseen": "",
    "description": "Memory corruption while processing IOCTL command when device is in power-save state.",
    "published": "2026-05-04T16:43:19.977Z",
    "modified": "2026-05-04T16:43:19.977Z",
    "type": "cve",
    "title": "Exposed dangerous function in windows host",
    "source": "qualcomm",
    "references": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html",
    "id": "CVE-2026-25266",
    "bulletinFamily": "",
    "cwe": [
        "CWE-749"
    ],
    "cvelist": null,
    "sourceData": "Qualcomm, Inc. Snapdragon Cologne\nQualcomm, Inc. Snapdragon FastConnect 6900\nQualcomm, Inc. Snapdragon FastConnect 7800\nQualcomm, Inc. Snapdragon SC8380XP\nQualcomm, Inc. Snapdragon Snapdragon AR1 Gen 1 Platform\nQualcomm, Inc. Snapdragon WCD9378C\nQualcomm, Inc. Snapdragon WCD9380\nQualcomm, Inc. Snapdragon WCD9385\nQualcomm, Inc. Snapdragon WCN7861\nQualcomm, Inc. Snapdragon WCN7880\nQualcomm, Inc. Snapdragon WSA8830\nQualcomm, Inc. Snapdragon WSA8832\nQualcomm, Inc. Snapdragon WSA8835\nQualcomm, Inc. Snapdragon WSA8840\nQualcomm, Inc. Snapdragon WSA8845\nQualcomm, Inc. Snapdragon WSA8845H\nQualcomm, Inc. Snapdragon X2000077\nQualcomm, Inc. Snapdragon X2000086\nQualcomm, Inc. Snapdragon X2000090\nQualcomm, Inc. Snapdragon X2000092\nQualcomm, Inc. Snapdragon X2000094\nQualcomm, Inc. Snapdragon XG101002\nQualcomm, Inc. Snapdragon XG101032\nQualcomm, Inc. Snapdragon XG101039",
    "sourceHref": "",
    "cvss": {
        "score": 5.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Snapdragon",
    "version": "Cologne",
    "vendor": "Qualcomm, Inc.",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}