Sxr2350p Firmware
Monthly
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally.
Memory Corruption when adding user-supplied data without checking available buffer space. [CVSS 7.8 HIGH]
Memory Corruption when accessing trusted execution environment without proper privilege check. [CVSS 7.8 HIGH]
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. [CVSS 7.8 HIGH]
Memory Corruption when accessing buffers with invalid length during TA invocation. [CVSS 7.8 HIGH]
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers. [CVSS 7.8 HIGH]
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors. [CVSS 7.8 HIGH]
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input. [CVSS 7.1 HIGH]
Memory corruption occurs when a secure application is launched on a device with insufficient memory. [CVSS 7.8 HIGH]
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. [CVSS 7.8 HIGH]
Memory corruption while passing pages to DSP with an unaligned starting address. [CVSS 7.8 HIGH]
Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID. [CVSS 5.5 MEDIUM]
Memory corruption while processing identity credential operations in the trusted application. [CVSS 7.8 HIGH]
Memory corruption while processing a secure logging command in the trusted application. [CVSS 7.8 HIGH]
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
Memory corruption while handling sensor utility operations. [CVSS 6.7 MEDIUM]
Memory corruption while deinitializing a HDCP session. [CVSS 7.8 HIGH]
Memory corruption while accessing a synchronization object during concurrent operations. [CVSS 6.7 MEDIUM]
Memory corruption while processing shared command buffer packet between camera userspace and kernel. [CVSS 6.7 MEDIUM]
Memory corruption while handling buffer mapping operations in the cryptographic driver. [CVSS 6.6 MEDIUM]
Memory corruption while processing a config call from userspace. [CVSS 6.7 MEDIUM]
Information disclosure while processing a firmware event. [CVSS 6.1 MEDIUM]
Transient DOS while parsing video packets received from the video firmware. [CVSS 5.5 MEDIUM]
Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A Qualcomm chipset vulnerability (CVE-2026-21385) causes memory corruption through improper integer handling during memory allocation, enabling local privilege escalation to kernel level. KEV-listed and patched, this vulnerability affects Qualcomm-based mobile devices and embedded systems, potentially impacting billions of Android devices globally.
Memory Corruption when adding user-supplied data without checking available buffer space. [CVSS 7.8 HIGH]
Memory Corruption when accessing trusted execution environment without proper privilege check. [CVSS 7.8 HIGH]
Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls. [CVSS 7.8 HIGH]
Memory Corruption when accessing buffers with invalid length during TA invocation. [CVSS 7.8 HIGH]
Memory Corruption while deallocating graphics processing unit memory buffers due to improper handling of memory pointers. [CVSS 7.8 HIGH]
Memory Corruption when initiating GPU memory mapping using scatter-gather lists due to unchecked IOMMU mapping errors. [CVSS 7.8 HIGH]
Cryptographic issue when a Trusted Zone with outdated code is triggered by a HLOS providing incorrect input. [CVSS 7.1 HIGH]
Memory corruption occurs when a secure application is launched on a device with insufficient memory. [CVSS 7.8 HIGH]
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations. [CVSS 7.8 HIGH]
Memory corruption while passing pages to DSP with an unaligned starting address. [CVSS 7.8 HIGH]
Information disclosure when a weak hashed value is returned to userland code in response to a IOCTL call to obtain a session ID. [CVSS 5.5 MEDIUM]
Memory corruption while processing identity credential operations in the trusted application. [CVSS 7.8 HIGH]
Memory corruption while processing a secure logging command in the trusted application. [CVSS 7.8 HIGH]
Cryptographic issue may occur while encrypting license data. [CVSS 8.4 HIGH]
Memory corruption while handling sensor utility operations. [CVSS 6.7 MEDIUM]
Memory corruption while deinitializing a HDCP session. [CVSS 7.8 HIGH]
Memory corruption while accessing a synchronization object during concurrent operations. [CVSS 6.7 MEDIUM]
Memory corruption while processing shared command buffer packet between camera userspace and kernel. [CVSS 6.7 MEDIUM]
Memory corruption while handling buffer mapping operations in the cryptographic driver. [CVSS 6.6 MEDIUM]
Memory corruption while processing a config call from userspace. [CVSS 6.7 MEDIUM]
Information disclosure while processing a firmware event. [CVSS 6.1 MEDIUM]
Transient DOS while parsing video packets received from the video firmware. [CVSS 5.5 MEDIUM]
Transient DOS when a remote device sends an invalid connection request during BT connectable LE scan. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.