HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-24087Published Modified CNA qualcomm

CVE-2026-24087: Improper Validation of Syntactic Correctness of Input in Kernel

Memory corruption while processing fastboot OEM commands.

Metrics

CVSS v3.1
7.2
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

Memory corruption vulnerability in the Qualcomm Snapdragon kernel occurs while processing fastboot OEM commands. Exploitation requires physical access to the device along with a high-privilege account, meaning an attacker must be physically present and authenticated at an elevated level. Successful exploitation gives the attacker full read, write, and crash-level control over the affected system. HarborGuard tracks this advisory for patch availability and will make a patched-image rebuild available as soon as Qualcomm publishes a fix.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against images in customer registries and CI/CD pipelines, including custom-built images that bundle Qualcomm Snapdragon firmware or kernel components.

Available
Triage

HarborGuard is capable of scoring this finding at CVSS 7.2 (HIGH) and weighting it against each customer environment's compliance policy to determine urgency. Triage routing is available to direct the finding to the appropriate team inbox within the customer organization.

Available
Patch

No fix version has been published by Qualcomm at this time. HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream fix is released.

Pending upstream

Exploit Conditions

  • Network reachabilityNot required

    The attacker requires physical proximity to the target device; no network path is needed to reach the vulnerable component.

  • AuthenticationRequired

    A high-privilege or administrative account is required before the fastboot OEM command interface can be reached.

  • Victim interactionNot required

    No user interaction is required; the attacker can trigger the memory corruption without any action from a legitimate user.

  • Attack complexityDetail

    Exploit conditions are straightforward and reliable once physical access and credentials are in hand; no race conditions or special environmental setup are required.

Blast Radius

  • A successful attacker reads arbitrary kernel memory, including secrets, cryptographic material, and stored credentials.
  • A successful attacker writes arbitrary kernel memory, allowing persistent code execution or firmware modification.
  • A successful attacker crashes the affected kernel, rendering the device unavailable.
  • Because the scope is changed (S:C), impact can extend beyond the kernel itself to other components or security boundaries on the same device.

How HarborGuard Handles This

Available on HarborGuard: detection is active for CVE-2026-24087 and matched against all scanned images on every pipeline run. Because Qualcomm has not yet published a fix, no patched-image rebuild is available at this time. HarborGuard re-checks the advisory on every ingest cycle and will surface a rebuild automatically once an upstream fix is released. In the interim, customers can use HarborGuard network-policy suggestions to restrict deployment of affected images to isolated environments, apply egress-filtering rules to limit lateral movement from any compromised host, and use feature-flag gating or deployment-policy rules to block images containing the affected component from reaching production until a patch is confirmed.

See how HarborGuard automates this
Affected packages
  • Qualcomm, Inc. / Snapdragon
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References