CVE-2026-24082
Published: 04 May 2026
Description
Memory Corruption when copying data from a freed source while executing performance counter deselect operation.
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.
Security SummaryAI
CVE-2026-24082 is a memory corruption vulnerability stemming from copying data from a freed source during the execution of a performance counter deselect operation, classified under CWE-416 (Use After Free). It affects components within Qualcomm products, as documented in the vendor's security bulletin.
The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating it can be exploited by a local attacker with low privileges. Exploitation requires low complexity and no user interaction, potentially allowing the attacker to achieve high impacts on confidentiality, integrity, and availability, such as arbitrary code execution or system compromise.
Mitigation details, including patches and affected product versions, are provided in the Qualcomm May 2026 security bulletin available at https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2026-bulletin.html. Security practitioners should consult this advisory for deployment guidance.
Details
- CWE(s)