CVE-2026-21385

HIGH KEV

Qualcomm Memory Allocation Alignments Firmware - Memory Corruption

Title source: llm

Exploitation Summary

CVE-2026-21385 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 3, 2026. EIP tracks 2 public exploits from researchers including XiaomingX, unionnx.

AI-analyzed exploit summary This repository contains a Python-based scanner for detecting and patching CVE-2026-21385 in Qualcomm devices via an official API. It does not include exploit code but interacts with Qualcomm's API to check for vulnerabilities and apply patches.

Description

Memory corruption while using alignments for memory allocation.

Exploits (2)

github SCANNER 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-21385

View Code ZIP pw:eip

This repository contains a Python-based scanner for detecting and patching CVE-2026-21385 in Qualcomm devices via an official API. It does not include exploit code but interacts with Qualcomm's API to check for vulnerabilities and apply patches.

Classification

Scanner 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Qualcomm devices (specific version not specified)

Auth required

Prerequisites: Qualcomm API key · device ID

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Mar 05, 2026 Full analysis →

nomisec SCANNER

by unionnx · poc

https://github.com/unionnx/CVE-2026-21385

View Code ZIP pw:eip

This repository contains a Python-based scanner to detect if an Android device is vulnerable to CVE-2026-21385, an integer overflow in the Qualcomm Display component. It checks the device's chipset and security patch level to determine vulnerability status.

Classification

Scanner 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Qualcomm Display component on Android devices

No auth needed

Prerequisites: Android device with Termux installed · Python 3.x

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Mar 23, 2026 Full analysis →

References (3)

Core 3

Core References

Various Sources

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html

Vendor Advisory

https://source.android.com/docs/security/bulletin/2026/2026-03-01

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21385

Scores

CVSS v3 7.8

EPSS 0.0023

EPSS Percentile 45.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2026-03-03

VulnCheck KEV 2026-03-02

ENISA EUVD EUVD-2026-9202

CWE

CWE-190

Status published

Products (50)

qualcomm/5g_fixed_wireless_access_platform_firmware

qualcomm/apq8098_firmware

qualcomm/ar8031_firmware

qualcomm/ar8035_firmware

qualcomm/c-v2x_9150_firmware

qualcomm/csra6620_firmware

qualcomm/csra6640_firmware

qualcomm/fastconnect_6200_firmware

qualcomm/fastconnect_6700_firmware

qualcomm/fastconnect_6800_firmware

... and 40 more

Published Mar 02, 2026

KEV Added Mar 03, 2026

Tracked Since Mar 03, 2026