CVE-2026-21376

| EUVD-2026-19331 HIGH
2026-04-06 qualcomm
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Apr 06, 2026 - 16:00 vuln.today
EUVD ID Assigned
Apr 06, 2026 - 16:00 euvd
EUVD-2026-19331
CVE Published
Apr 06, 2026 - 15:33 nvd
HIGH 7.8

Tags

Buffer Overflow

Description

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

Analysis

Local privilege escalation in Qualcomm Snapdragon camera sensor drivers allows authenticated attackers with low privileges to execute arbitrary code with elevated permissions through unchecked output buffer access during IOCTL operations. This out-of-bounds read vulnerability (CWE-126) achieves complete system compromise (confidentiality, integrity, and availability impact all rated High in CVSS). …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 24 hours: Identify all Snapdragon-based devices in your environment (smartphones, tablets, IoT devices, automotive systems) and document affected models and firmware versions. Within 7 days: Restrict local access privileges for standard users where feasible, enforce device enrollment in mobile device management (MDM) solutions with privilege management, and disable camera driver functionality on non-essential devices if operationally viable. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: 0

Share

CVE-2026-21376 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy