Vulnerabilities ›

CVE-2026-24092

High

CWE-1286 — Weakness Type

                    Published: Jun 1, 2026                      ·  Modified: Jun 8, 2026                      ·  Source: NVD                

CVSS v3

7.2

🔗 NVD Official

📄 Description (English)

Memory Corruption when processing fastboot commands to set display mode.

🤖 AI Executive Summary

CVE-2026-24092 is a high-severity memory corruption vulnerability in Qualcomm firmware affecting multiple chipsets used in networking and IoT devices. The vulnerability exists in fastboot command processing for display mode configuration, potentially allowing local attackers to execute arbitrary code or cause denial of service. This impacts Saudi organizations relying on Qualcomm-based networking infrastructure, particularly in telecommunications and enterprise environments.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Jun 6, 2026 18:16

🇸🇦 Saudi Arabia Impact Assessment

Telecommunications sector (STC, Mobily, Zain) faces significant risk as these Qualcomm chipsets are commonly used in network infrastructure and 5G equipment. Banking and financial institutions using Qualcomm-based networking devices for secure communications are at moderate risk. Government agencies and critical infrastructure operators managing network equipment require immediate assessment. Healthcare sector utilizing networked medical devices with affected Qualcomm components may experience service disruptions. Energy sector (ARAMCO) infrastructure relying on IoT and networking equipment could be compromised.

🏢 Affected Saudi Sectors

Telecommunications Banking and Financial Services Government and Public Administration Healthcare Energy and Utilities Critical Infrastructure Enterprise IT

🎯 MITRE ATT&CK Techniques

T1542 — Pre-OS Boot (Firmware modification) T1548 — Abuse Elevation Control Mechanism T1499 — Endpoint Denial of Service T1203 — Exploitation for Client Execution T1561 — Disk Wipe

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

1. IMMEDIATE ACTIONS:

   - Inventory all devices using affected Qualcomm chipsets (AR8031, AR8035, Cologne, CQ series, CSRA series, FastConnect 6200/6700)

   - Restrict physical access to devices with fastboot capabilities

   - Disable fastboot functionality where operationally feasible

   - Monitor for unauthorized fastboot command attempts



2. PATCHING GUIDANCE:

   - Contact Qualcomm for firmware updates addressing CVE-2026-24092

   - Prioritize patching in production network infrastructure

   - Test patches in non-production environments before deployment

   - Establish firmware update schedule for all affected devices



3. COMPENSATING CONTROLS:

   - Implement physical security controls restricting device access

   - Deploy network segmentation isolating affected devices

   - Enable secure boot and firmware verification mechanisms

   - Implement access controls for fastboot interfaces



4. DETECTION RULES:

   - Monitor system logs for fastboot command execution attempts

   - Alert on memory corruption errors or unexpected device reboots

   - Track firmware modification attempts

   - Monitor for display mode configuration changes via fastboot

🔧 خطوات المعالجة (العربية)

1. الإجراءات الفورية:

   - جرد جميع الأجهزة التي تستخدم رقاقات Qualcomm المتأثرة (AR8031, AR8035, Cologne, سلسلة CQ, سلسلة CSRA, FastConnect 6200/6700)

   - تقييد الوصول المادي للأجهزة ذات قدرات fastboot

   - تعطيل وظيفة fastboot حيث يكون ذلك ممكناً من الناحية التشغيلية

   - مراقبة محاولات أوامر fastboot غير المصرح بها



2. إرشادات التصحيح:

   - الاتصال بـ Qualcomm للحصول على تحديثات البرامج الثابتة التي تعالج CVE-2026-24092

   - إعطاء الأولوية لتصحيح البنية التحتية للشبكة الإنتاجية

   - اختبار التصحيحات في بيئات غير الإنتاج قبل النشر

   - إنشاء جدول تحديث البرامج الثابتة لجميع الأجهزة المتأثرة



3. الضوابط البديلة:

   - تنفيذ ضوابط الأمان المادي التي تقيد الوصول للأجهزة

   - نشر تقسيم الشبكة لعزل الأجهزة المتأثرة

   - تفعيل التحقق الآمن من الإقلاع والبرامج الثابتة

   - تنفيذ ضوابط الوصول لواجهات fastboot



4. قواعد الكشف:

   - مراقبة سجلات النظام لمحاولات تنفيذ أوامر fastboot

   - التنبيه على أخطاء فساد الذاكرة أو إعادة تشغيل الأجهزة غير المتوقعة

   - تتبع محاولات تعديل البرامج الثابتة

   - مراقبة التغييرات في تكوين وضع العرض عبر fastboot

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 - 5.1.1 (Asset Management and Inventory) ECC 2024 - 5.2.1 (Vulnerability Management) ECC 2024 - 5.3.1 (Patch Management) ECC 2024 - 6.1.1 (Access Control and Authentication)

🔵 SAMA CSF

SAMA CSF - ID.AM-1 (Asset Management) SAMA CSF - ID.RA-1 (Risk Assessment) SAMA CSF - PR.IP-12 (System and Information Integrity) SAMA CSF - DE.CM-8 (Vulnerability Scans)

🟡 ISO 27001:2022

ISO 27001:2022 - A.5.9 (Access Control) ISO 27001:2022 - A.8.1 (User Endpoint Devices) ISO 27001:2022 - A.8.2 (Privileged Access Rights) ISO 27001:2022 - A.14.2 (System Development and Change Management)

🟣 PCI DSS v4.0.1

PCI DSS 4.0 - 2.4 (Configure System Security Parameters) PCI DSS 4.0 - 6.2 (Ensure Security Patches Installed) PCI DSS 4.0 - 6.3.1 (Vulnerability Management Program)

🔗 References & Sources 1

🔗

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2026-bulletin.html

product-security@qualcomm.com

Patch Vendor Advisory

📦 Affected Products / CPE 50 entries

qualcomm:ar8031_firmware:-

qualcomm:ar8035_firmware:-

qualcomm:cologne_firmware:-

qualcomm:cq7790_firmware:-

qualcomm:cq8725s_firmware:-

qualcomm:cq8750m_firmware:-

qualcomm:csra6620_firmware:-

qualcomm:csra6640_firmware:-

qualcomm:fastconnect_6200_firmware:-

qualcomm:fastconnect_6700_firmware:-

qualcomm:fastconnect_6900_firmware:-

qualcomm:fastconnect_7800_firmware:-

qualcomm:flight_rb5_5g_platform_firmware:-

qualcomm:fwa_gen_3_ultra_firmware:-

qualcomm:fwa_gen_5_elite_firmware:-

qualcomm:g1_gen_1_firmware:-

qualcomm:g2_gen_1_firmware:-

qualcomm:g3x_gen_2_firmware:-

qualcomm:iq-9075_firmware:-

qualcomm:kalpeni_firmware:-

qualcomm:kobuk_firmware:-

qualcomm:lemans_au_lgit_firmware:-

qualcomm:lemansau_firmware:-

qualcomm:milos_firmware:-

qualcomm:milos_iot_firmware:-

qualcomm:molokai_firmware:-

qualcomm:netrani_firmware:-

qualcomm:orne_firmware:-

qualcomm:palawan25_firmware:-

qualcomm:pandeiro_firmware:-

qualcomm:qam8255p_firmware:-

qualcomm:qam8295p_firmware:-

qualcomm:qam8397p_firmware:-

qualcomm:qam8797p_firmware:-

qualcomm:qamsrv1h_firmware:-

qualcomm:qamsrv1m_firmware:-

qualcomm:qca2066_firmware:-

qualcomm:qca6174a_firmware:-

qualcomm:qca6391_firmware:-

qualcomm:qca6564au_firmware:-

qualcomm:snapdragon_8_gen_3_mobile_platform_firmware:-

qualcomm:snapdragon_8\+_gen_2_mobile_platform_firmware:-

qualcomm:snapdragon_ar1_gen_1_platform_firmware:-

qualcomm:snapdragon_ar1\+_gen_1_platform_firmware:-

qualcomm:snapdragon_auto_5g_modem-rf_gen_2_firmware:-

qualcomm:snapdragon_w5\+_gen_1_wearable_platform_firmware:-

qualcomm:snapdragon_x32_5g_modem-rf_system_firmware:-

qualcomm:snapdragon_x35_5g_modem-rf_system_firmware:-

qualcomm:snapdragon_x72_5g_modem-rf_system_firmware:-

qualcomm:snapdragon_x75_5g_modem-rf_system_firmware:-

📊 CVSS Score

7.2

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack VectorP — Physical

Attack ComplexityL — Low / Local

Privileges RequiredH — High

User InteractionN — None / Network

ScopeC — Changed

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.2

CWECWE-1286

EPSS0.02%

Exploit No

Patch ✓ Yes

Published 2026-06-01

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

patch-available CWE-1286

🏢 Vendor Advisories

🔗 https://docs.qualcomm.com/product/publicresources/se...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-24092

Introduce Yourself

Sign In Required