CVE-2026-24082 Qualcomm, Inc. CVE debrief

Who should care

This vulnerability affects various Qualcomm products, including Snapdragon mobile platforms, QXM, and Robotics RB2/RB5. Users of affected products should apply the patch provided by Qualcomm to mitigate the vulnerability. The vulnerability requires local access and low privileges to exploit, making it a significant concern for users with physical access to the device.

Technical summary

The vulnerability occurs in the performance counter deselect operation, where data is copied from a freed source, leading to memory corruption. This can be exploited by an attacker with local access and low privileges to gain elevated privileges and execute arbitrary code. The vulnerability is caused by a use-after-free error in the performance counter deselect operation.

Defensive priority

High

Recommended defensive actions

• Apply the patch provided by Qualcomm in the May 2026 security bulletin.
• Ensure that all affected Qualcomm products are updated with the latest firmware.
• Implement additional security measures, such as memory protection and address space layout randomization (ASLR), to mitigate the vulnerability.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, its impact, and mitigation steps. The source item URL provides additional information on the vulnerability and its affected products.

Official resources