Skip to main content

Snapdragon CVE-2026-21374

| EUVDEUVD-2026-19327 HIGH
Buffer Over-read (CWE-126)
2026-04-06 qualcomm GHSA-v4vr-xp28-fx6j
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Apr 06, 2026 - 16:00 euvd
EUVD-2026-19327
Analysis Generated
Apr 06, 2026 - 16:00 vuln.today
CVE Published
Apr 06, 2026 - 15:33 nvd
HIGH 7.8

DescriptionCVE.org

Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.

AnalysisAI

Memory corruption in Qualcomm Snapdragon auxiliary sensor I/O control processing allows authenticated local attackers to achieve arbitrary code execution with high integrity and confidentiality impact. The vulnerability stems from insufficient buffer size validation (CWE-126: Buffer Over-read) when handling sensor control commands. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as local user
Delivery
Send malformed auxiliary sensor I/O command
Exploit
Trigger insufficient buffer validation
Execution
Overflow memory buffer
Impact
Execute arbitrary code with elevated privileges

Vulnerability AssessmentAI

Exploitation Local attacker with low-privilege user access to a system with auxiliary sensor input/output control functionality enabled. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk assessment reveals moderate priority requiring timely but not emergency patching. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker develops a malicious Android application that requests normal sensor permissions (commonly granted without user suspicion). Once installed, the app exploits the auxiliary sensor I/O control vulnerability by crafting specially formatted ioctl commands with manipulated buffer size parameters. …
Remediation Organizations should immediately consult the Qualcomm April 2026 Security Bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html to identify specific affected Snapdragon chipset models and corresponding firmware patch versions. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all Snapdragon-equipped devices in inventory (Android phones, tablets, IoT gateways) and segregate high-value systems from lower-trust networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-25293 CRITICAL
9.6 May 04

Buffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau

CVE-2026-25277 HIGH
8.8 Jun 01

Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o

CVE-2026-25276 HIGH
8.8 Jun 01

Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr

CVE-2025-47392 HIGH
8.8 Apr 06

Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution

CVE-2026-24088 HIGH
8.2 Jun 01

Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci

CVE-2026-25259 HIGH
7.8 Jun 01

Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip

CVE-2026-25258 HIGH
7.8 Jun 01

Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during

CVE-2025-59606 HIGH
7.8 Jun 01

Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged

CVE-2025-59605 HIGH
7.8 Jun 01

Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-

CVE-2025-59604 HIGH
7.8 Jun 01

Local memory corruption in Qualcomm Snapdragon platforms (CVE-2025-59604) allows a low-privileged local attacker to trig

CVE-2026-24082 HIGH
7.8 May 04

Use-after-free vulnerability in Qualcomm Snapdragon chipsets enables local privilege escalation to achieve full device c

CVE-2025-47408 HIGH
7.8 May 04

Memory corruption in Qualcomm Snapdragon allows local authenticated attackers with low privileges to achieve arbitrary c

Share

CVE-2026-21374 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy