How is CVE-2026-24085 exploited?

Network reachability (not-required): Physical proximity to the device is required; the attacker must have hands-on access rather than reaching the target over a network. Authentication (required): A privileged (admin-level) account is required before the attacker can trigger the vulnerable display command processing path. Victim interaction (not-required): No victim interaction is needed; the attacker can trigger the overflow directly once physical access and credentials are in place. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.

What is the impact of CVE-2026-24085?

Reads arbitrary data from the affected display subsystem, including sensitive in-memory state. Writes to memory regions in the display component, enabling tampering with display processing logic or persisted configuration. Crashes the affected display service, causing a denial of service on the device. Because the scope token is Changed, impact can extend beyond the vulnerable component into other system components sharing the same execution context.

Back to search

HIGHCVE-2026-24085Published 2026-06-01Modified 2026-06-02CNA qualcomm

CVE-2026-24085: Stack-based Buffer Overflow in Display

Memory Corruption when processing display command line information due to improper initialization of a variable.

CVSS v3.1: 7.2
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

A stack-based buffer overflow affects Qualcomm Snapdragon display processing, triggered when handling display command line information due to improper variable initialization. The CVSS vector indicates physical access is required along with a privileged account, meaning an attacker must be physically present at the device and authenticated with admin-level credentials. Successful exploitation gives the attacker full read, write, and crash capabilities over the affected component. No fix version has been published yet; HarborGuard tracks the upstream advisory and will make a patched rebuild available as soon as Qualcomm ships a fix.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment, with the CVE matched against images in customer registries and build pipelines within minutes of publication, including custom-built images that bundle Qualcomm Snapdragon firmware or userspace components. Ingestion draws from Qualcomm's CNA feed, NVD, and supplementary upstream sources to ensure coverage from the moment the record goes live.

Available

Triage

HarborGuard is capable of scoring this CVE at its published CVSS 3.1 severity of 7.2 (HIGH) and weighting that score against each customer environment's compliance policy to determine urgency. Triage routing is available to direct findings to the appropriate team inbox within each customer organization based on policy configuration.

Available

Patch

Because no fix version has been published, HarborGuard re-checks the Qualcomm advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be triggered without manual intervention once a fix version becomes available.

Pending upstream

Exploit Conditions

Network reachabilityNot required
Physical proximity to the device is required; the attacker must have hands-on access rather than reaching the target over a network.
AuthenticationRequired
A privileged (admin-level) account is required before the attacker can trigger the vulnerable display command processing path.
Victim interactionNot required
No victim interaction is needed; the attacker can trigger the overflow directly once physical access and credentials are in place.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and does not depend on race conditions, specific memory layouts, or other variable environmental factors.

Blast Radius

Reads arbitrary data from the affected display subsystem, including sensitive in-memory state.
Writes to memory regions in the display component, enabling tampering with display processing logic or persisted configuration.
Crashes the affected display service, causing a denial of service on the device.
Because the scope token is Changed, impact can extend beyond the vulnerable component into other system components sharing the same execution context.

How HarborGuard Handles This

Available on HarborGuard: this CVE is actively monitored against all images in enrolled registries and build pipelines, including custom images incorporating Qualcomm Snapdragon components. Because Qualcomm has not yet published a fix, no patched rebuild is currently available, but HarborGuard re-evaluates the advisory on every ingest cycle and will trigger a patched-image rebuild the moment an upstream fix version is published. For customers with auto-remediation enabled, that rebuild will be accompanied by a regression test run and a PR opened against affected workloads without requiring manual action. In the interim, compensating controls worth considering include restricting physical access to affected devices, enforcing least-privilege policies to limit the accounts that can reach the display command interface, and applying network-policy isolation to any management surfaces that interact with display configuration.

See how HarborGuard automates this

Affected packages

Qualcomm, Inc. / Snapdragon
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References

docs.qualcomm.com

Metrics

Get notified