CVE-2026-21374
Received
Received - Intake
Memory Corruption in Qualcomm Sensor IOCTL Due to Buffer Overflow
Publication date: 2026-04-06
Last updated on: 2026-04-08
Assigner: Qualcomm, Inc.
Description
Description
Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| qualcomm | aqt1000_firmware | * |
| qualcomm | cologne_firmware | * |
| qualcomm | fastconnect_6200_firmware | * |
| qualcomm | fastconnect_6700_firmware | * |
| qualcomm | fastconnect_6800_firmware | * |
| qualcomm | wsa8845h_firmware | * |
| qualcomm | x2000077_firmware | * |
| qualcomm | x2000086_firmware | * |
| qualcomm | x2000090_firmware | * |
| qualcomm | x2000092_firmware | * |
| qualcomm | x2000094_firmware | * |
| qualcomm | xg101002_firmware | * |
| qualcomm | xg101032_firmware | * |
| qualcomm | xg101039_firmware | * |
| qualcomm | fastconnect_6900_firmware | * |
| qualcomm | fastconnect_7800_firmware | * |
| qualcomm | qca0000_firmware | * |
| qualcomm | qca6391_firmware | * |
| qualcomm | qca6420_firmware | * |
| qualcomm | qca6430_firmware | * |
| qualcomm | qcm5430_firmware | * |
| qualcomm | qcm6490_firmware | * |
| qualcomm | video_collaboration_vc3_platform_firmware | * |
| qualcomm | sc8380xp_firmware | * |
| qualcomm | sm6250_firmware | * |
| qualcomm | snapdragon_460_mobile_platform_firmware | * |
| qualcomm | snapdragon_662_mobile_platform_firmware | * |
| qualcomm | snapdragon_7c_compute_platform_firmware | * |
| qualcomm | snapdragon_7c_gen_2_compute_platform_firmware | * |
| qualcomm | snapdragon_7c+_gen_3_compute_firmware | * |
| qualcomm | snapdragon_8c_compute_platform_firmware | * |
| qualcomm | snapdragon_8c_compute_platform_(sc8180xp-ad)_firmware | * |
| qualcomm | snapdragon_8cx_compute_platform_firmware | * |
| qualcomm | snapdragon_8cx_compute_platform_"poipu_pro"_firmware | * |
| qualcomm | snapdragon_8cx_gen_2_5g_compute_platform_firmware | * |
| qualcomm | snapdragon_8cx_gen_2_5g_compute_platform_"poipu_pro"_firmware | * |
| qualcomm | snapdragon_8cx_gen_3_compute_platform_firmware | * |
| qualcomm | snapdragon_ar1_gen_1_platform_firmware | * |
| qualcomm | wcd9340_firmware | * |
| qualcomm | wcd9341_firmware | * |
| qualcomm | wcd9370_firmware | * |
| qualcomm | wcd9375_firmware | * |
| qualcomm | wcd9378c_firmware | * |
| qualcomm | wcd9380_firmware | * |
| qualcomm | wcd9385_firmware | * |
| qualcomm | wcn3950_firmware | * |
| qualcomm | wcn3988_firmware | * |
| qualcomm | wsa8810_firmware | * |
| qualcomm | wsa8815_firmware | * |
| qualcomm | wsa8830_firmware | * |
| qualcomm | wsa8832_firmware | * |
| qualcomm | wsa8835_firmware | * |
| qualcomm | wsa8840_firmware | * |
| qualcomm | wsa8845_firmware | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a memory corruption issue that occurs when processing auxiliary sensor input/output control commands. It happens because the system does not properly validate the buffer size, leading to insufficient checks.
How can this vulnerability impact me? :
The vulnerability can have a high impact as indicated by its CVSS score. It can lead to high confidentiality, integrity, and availability impacts, meaning an attacker with low privileges and local access could exploit it to compromise the system's data, alter information, or cause denial of service.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70