Skip to main content

Qualcomm Snapdragon CVE-2026-21379

| EUVDEUVD-2026-41929 HIGH
Buffer Over-read (CWE-126)
2026-07-06 qualcomm GHSA-8956-f28w-h25c
7.8
CVSS 3.1 · Vendor: qualcomm
Share

Severity by source

Vendor (qualcomm) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local trigger via a device-resident process gives AV:L and PR:L; unbounded allocation is low-complexity (AC:L) and yields full memory-corruption impact (C/I/A:H).

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (qualcomm).

CVSS VectorVendor: qualcomm

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 06, 2026 - 21:07 vuln.today

DescriptionCVE.org

Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.

AnalysisAI

Local privilege escalation via memory corruption affects Qualcomm Snapdragon platforms, where allocating memory with sizes exceeding the maximum allowed value corrupts adjacent memory (CWE-126, buffer over-read/overflow). A local attacker with low privileges (PR:L) and no user interaction can compromise confidentiality, integrity, and availability (all High), scoring CVSS 7.8. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-priv code execution
Delivery
Call vulnerable allocation interface
Exploit
Request size over maximum allowed
Execution
Trigger memory corruption
Persist
Overwrite privileged structures
Impact
Escalate privileges on device

Vulnerability AssessmentAI

Exploitation Exploitation requires local code execution on the affected Snapdragon device with at least low-level privileges (CVSS PR:L) - for example, an installed app or a compromised unprivileged process - and the ability to reach the vulnerable memory-allocation code path that fails to enforce the maximum allowed allocation size. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, 7.8 High) indicates a locally exploitable, low-complexity flaw requiring only low privileges and no user interaction, with full triad impact - consistent with a local privilege-escalation primitive rather than a remote attack. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A malicious application installed on a Snapdragon-based device runs as a normal low-privilege process and invokes the vulnerable platform interface with a crafted request that specifies an allocation size beyond the maximum allowed value. The resulting memory corruption is used to overwrite privileged data structures, escalating the attacker's control over the device. …
Remediation Apply the Qualcomm-supplied fix as delivered through your device OEM: install the firmware/OS update whose security patch level incorporates the July 2026 Qualcomm bulletin fixes (https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2026-bulletin.html) - the exact fixed version is device- and chipset-specific and is not enumerated in the provided data, so cite the OEM's patched build rather than a single global version number. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Create an inventory of all Snapdragon devices in use, prioritizing business-critical systems (executive mobile devices, IoT gateways, industrial controllers). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-25293 CRITICAL
9.6 May 04

Buffer overflow in Qualcomm Snapdragon firmware enables authentication bypass on adjacent networks, allowing remote unau

CVE-2026-25268 HIGH
8.8 Jul 06

Local privilege escalation and memory corruption in Qualcomm Snapdragon WLAN firmware occurs when the driver parses malf

CVE-2026-25277 HIGH
8.8 Jun 01

Memory corruption in Qualcomm Snapdragon Strongbox component allows local low-privileged attackers to trigger a buffer o

CVE-2026-25276 HIGH
8.8 Jun 01

Local privilege escalation in Qualcomm Snapdragon chipsets stems from an out-of-bounds memory access in the Strongbox tr

CVE-2025-47392 HIGH
8.8 Apr 06

Memory corruption in Qualcomm Snapdragon chipsets allows adjacent network attackers to achieve arbitrary code execution

CVE-2026-24088 HIGH
8.2 Jun 01

Bootloader integrity bypass in Qualcomm Snapdragon platforms allows a high-privileged local attacker to write to a speci

CVE-2025-59616 HIGH
7.8 Jul 06

Use-after-free memory corruption in Qualcomm Snapdragon platform driver code allows a local low-privileged process to tr

CVE-2025-59615 HIGH
7.8 Jul 06

Local privilege escalation via memory corruption affects a broad range of Qualcomm Snapdragon chipsets, where a use-afte

CVE-2026-25259 HIGH
7.8 Jun 01

Local privilege escalation in Qualcomm Snapdragon platforms is possible through memory corruption when processing multip

CVE-2026-25258 HIGH
7.8 Jun 01

Local privilege escalation in Qualcomm Snapdragon platforms stems from an out-of-bounds read (CWE-125) triggered during

CVE-2025-59606 HIGH
7.8 Jun 01

Local privilege escalation and memory corruption in Qualcomm Snapdragon platforms allows an attacker with low-privileged

CVE-2025-59605 HIGH
7.8 Jun 01

Local privilege escalation via memory corruption in Qualcomm Snapdragon platform components allows an authenticated low-

Share

CVE-2026-21379 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy