Snapdragon 6 Gen 1 Mobile Platform Firmware
Monthly
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally.
Memory Corruption when adding user-supplied data without checking available buffer space. [CVSS 7.8 HIGH]
Memory Corruption when accessing trusted execution environment without proper privilege check. [CVSS 7.8 HIGH]
5G Fixed Wireless Access Platform Firmware versions up to - contains a vulnerability that allows attackers to cryptographic issue when a VoWiFi call is triggered from UE (CVSS 7.2).
Memory Corruption when accessing buffers with invalid length during TA invocation. [CVSS 7.8 HIGH]
5G Fixed Wireless Access Platform Firmware versions up to - is affected by reachable assertion (CVSS 6.5).
Memory corruption occurs when a secure application is launched on a device with insufficient memory. [CVSS 7.8 HIGH]
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. [CVSS 7.8 HIGH]
Memory corruption while passing pages to DSP with an unaligned starting address. [CVSS 7.8 HIGH]
Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID. [CVSS 5.5 MEDIUM]
Memory corruption while processing identity credential operations in the trusted application. [CVSS 7.8 HIGH]
Memory corruption while processing a secure logging command in the trusted application. [CVSS 7.8 HIGH]
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
Memory corruption while deinitializing a HDCP session. [CVSS 7.8 HIGH]
Memory corruption while processing shared command buffer packet between camera userspace and kernel. [CVSS 6.7 MEDIUM]
Memory corruption while handling buffer mapping operations in the cryptographic driver. [CVSS 6.6 MEDIUM]
Memory corruption while processing a config call from userspace. [CVSS 6.7 MEDIUM]
Information disclosure while processing a firmware event. [CVSS 6.1 MEDIUM]
Transient DOS while parsing video packets received from the video firmware. [CVSS 5.5 MEDIUM]
Memory corruption due to global buffer overflow when a test command uses an invalid payload type. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory corruption during graphics rendering. KEV-listed, this vulnerability can be triggered through Chrome on Android devices with Qualcomm chipsets, providing a kernel-level exploitation path from web content.
Information disclosure while sending implicit broadcast containing APP launch information. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS while handling PS event when Program Service name length offset value is set to 255. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally.
Memory Corruption when adding user-supplied data without checking available buffer space. [CVSS 7.8 HIGH]
Memory Corruption when accessing trusted execution environment without proper privilege check. [CVSS 7.8 HIGH]
5G Fixed Wireless Access Platform Firmware versions up to - contains a vulnerability that allows attackers to cryptographic issue when a VoWiFi call is triggered from UE (CVSS 7.2).
Memory Corruption when accessing buffers with invalid length during TA invocation. [CVSS 7.8 HIGH]
5G Fixed Wireless Access Platform Firmware versions up to - is affected by reachable assertion (CVSS 6.5).
Memory corruption occurs when a secure application is launched on a device with insufficient memory. [CVSS 7.8 HIGH]
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. [CVSS 7.8 HIGH]
Memory corruption while passing pages to DSP with an unaligned starting address. [CVSS 7.8 HIGH]
Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID. [CVSS 5.5 MEDIUM]
Memory corruption while processing identity credential operations in the trusted application. [CVSS 7.8 HIGH]
Memory corruption while processing a secure logging command in the trusted application. [CVSS 7.8 HIGH]
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
Memory corruption while deinitializing a HDCP session. [CVSS 7.8 HIGH]
Memory corruption while processing shared command buffer packet between camera userspace and kernel. [CVSS 6.7 MEDIUM]
Memory corruption while handling buffer mapping operations in the cryptographic driver. [CVSS 6.6 MEDIUM]
Memory corruption while processing a config call from userspace. [CVSS 6.7 MEDIUM]
Information disclosure while processing a firmware event. [CVSS 6.1 MEDIUM]
Transient DOS while parsing video packets received from the video firmware. [CVSS 5.5 MEDIUM]
Memory corruption due to global buffer overflow when a test command uses an invalid payload type. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Qualcomm Adreno GPU drivers in Chrome contain a use-after-free vulnerability (CVE-2025-27038, CVSS 7.5) enabling memory corruption during graphics rendering. KEV-listed, this vulnerability can be triggered through Chrome on Android devices with Qualcomm chipsets, providing a kernel-level exploitation path from web content.
Information disclosure while sending implicit broadcast containing APP launch information. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Transient DOS while handling PS event when Program Service name length offset value is set to 255. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.