Qca8695au Firmware
Monthly
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally.
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. [CVSS 7.8 HIGH]
Memory Corruption when accessing trusted execution environment without proper privilege check. [CVSS 7.8 HIGH]
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. [CVSS 7.8 HIGH]
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. [CVSS 7.8 HIGH]
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. [CVSS 7.8 HIGH]
Memory corruption while handling different IOCTL calls from the user-space simultaneously. [CVSS 7.8 HIGH]
Memory Corruption when accessing buffers with invalid length during TA invocation. [CVSS 7.8 HIGH]
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers. [CVSS 7.8 HIGH]
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors. [CVSS 7.8 HIGH]
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input. [CVSS 7.1 HIGH]
Memory corruption while calculating offset from partition start point. [CVSS 6.8 MEDIUM]
Memory corruption when calculating oversized partition sizes without proper checks. [CVSS 6.8 MEDIUM]
Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption while processing large input data from a remote source via a communication interface. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while processing message from client with invalid payload. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption when triggering a subsystem crash with an out-of-range identifier. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing client message during device management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally.
Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs. [CVSS 7.8 HIGH]
Memory Corruption when accessing trusted execution environment without proper privilege check. [CVSS 7.8 HIGH]
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. [CVSS 7.8 HIGH]
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. [CVSS 7.8 HIGH]
Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls. [CVSS 7.8 HIGH]
Memory corruption while handling different IOCTL calls from the user-space simultaneously. [CVSS 7.8 HIGH]
Memory Corruption when accessing buffers with invalid length during TA invocation. [CVSS 7.8 HIGH]
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers. [CVSS 7.8 HIGH]
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors. [CVSS 7.8 HIGH]
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input. [CVSS 7.1 HIGH]
Memory corruption while calculating offset from partition start point. [CVSS 6.8 MEDIUM]
Memory corruption when calculating oversized partition sizes without proper checks. [CVSS 6.8 MEDIUM]
Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory corruption while processing large input data from a remote source via a communication interface. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Information disclosure while processing message from client with invalid payload. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption when triggering a subsystem crash with an out-of-range identifier. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Memory corruption while processing client message during device management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.