CVE-2026-25271

HIGH

Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service

Title source: cna
STIX 2.1

Description

Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use.

Scores

CVSS v3 7.8
EPSS 0.0005
EPSS Percentile 0.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-367
Status published
Products (42)
qualcomm/cologne_firmware
qualcomm/fastconnect_6900_firmware
qualcomm/fastconnect_7800_firmware
qualcomm/iqx5121_firmware
qualcomm/iqx7181_firmware
qualcomm/qca0000_firmware
qualcomm/sc8380xp_firmware
qualcomm/wcd9378c_firmware
qualcomm/wcd9380_firmware
qualcomm/wcd9385_firmware
... and 32 more
Published Jul 06, 2026
Tracked Since Jul 07, 2026