CVE-2026-21385

HighCISA KEVActive Exploitation

Published: 02 March 2026

Published

02 March 2026

Modified

04 March 2026

KEV Added

03 March 2026

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0020 41.2th percentile

Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Description

Memory corruption while using alignments for memory allocation.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires timely identification, reporting, and patching of known flaws like this memory corruption vulnerability in Qualcomm components.

SI-16 Memory Protection good match

prevent

Provides memory protection techniques such as ASLR and DEP to prevent exploitation of memory corruption from integer overflow in allocation alignments.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Enables detection of the presence of CVE-2026-21385 in the environment through vulnerability scanning, especially given its CISA KEV status.

Security SummaryAI

CVE-2026-21385 is a memory corruption vulnerability that occurs while using alignments for memory allocation, mapped to CWE-190 (Integer Overflow or Wraparound). It affects Qualcomm components, as documented in the Qualcomm March 2026 security bulletin, and is addressed in the Android security bulletin for March 1, 2026.

The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A local attacker with low privileges can exploit it with low attack complexity and no user interaction required, achieving high impacts on confidentiality, integrity, and availability within the affected component.

Qualcomm and Android security bulletins provide patches to mitigate the issue. The vulnerability is listed in the CISA Known Exploited Vulnerabilities Catalog, indicating real-world exploitation.

Security practitioners should prioritize patching affected Qualcomm-based Android devices, given its presence in the CISA catalog.

Details

CWE(s): CWE-190
KEV Date Added: 03 March 2026

Affected Products

qualcomm

sm7675p firmware

all versions

qualcomm

sm8475p firmware

all versions

qualcomm

sm8550p firmware

all versions

qualcomm

sm8635 firmware

all versions

qualcomm

sm8635p firmware

all versions

qualcomm

sm8650q firmware

all versions

qualcomm

sm8750p firmware

all versions

qualcomm

smart audio 400 platform firmware

all versions

qualcomm

smart display 200 platform firmware

all versions

qualcomm

snapdragon 4 gen 1 mobile platform firmware

all versions

+227 more product configuration(s) — see NVD for full list

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Local low-privilege memory corruption vulnerability (integer overflow) enables exploitation for privilege escalation, matching T1068, with confirmed real-world exploitation per CISA KEV.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html
Patch, Vendor Advisory · product-security@qualcomm.com
https://source.android.com/docs/security/bulletin/2026/2026-03-01
Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21385
US Government Resource · 134c704f-9b21-4f2e-91b3-4a467353bcc0