🟢 CVE-2026-21385

CVE-2026-21385 is an integer overflow vulnerability in Qualcomm Snapdragon graphics processing causing memory corruption. While listed in CISA KEV indicating active exploitation, this affects primarily mobile devices, automotive systems, and embedded IoT platforms rather than internet-facing servers.

← Back to Overview
LOW_RISK
Risk Level
7.8
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 — Exploitation for Privilege Escalation
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2026-03-02

Added to CISA KEV: 2026-03-03 1 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2026-21385 is a high-severity memory corruption vulnerability identified in Qualcomm graphics subcomponents, which was addressed in the March 2026 Android security updates [1] [4].

Key Details
FeatureStatus/Description
Active ExploitationYes, there have been indications of limited, targeted exploitation in the wild [1].
Vulnerability TypeInteger overflow or wraparound leading to memory corruption during memory allocation alignment handling?id=CVE-2026-21385?kagi_q=CVE-2026-21385 [3].
ImpactSuccessful exploitation can result in memory corruption, which typically allows for arbitrary code execution or system instability depending on the context of the attack [2].
Exploitation ContextTargeted attacks; no widespread ransomware campaigns have been linked to this specific CVE at this time [1].
Patch StatusPatched in the March 2026 Android security patch level [1].
Additional Information
  • Attack Method: The vulnerability stems from unsafe handling of memory allocation alignments within the graphics driver/component [2]. While specific exploit chains are not publicly detailed in full, such flaws in graphics drivers often require an attacker to trigger specific rendering operations or interact with the graphics subsystem, sometimes requiring local access or a compromised application to initiate the exploit.
  • PoC Availability: While some security research entities have discussed the vulnerability and provided illustrative information, users should rely on official vendor patches rather than third-party proof-of-concept code, which can be unstable or malicious [2].
  • Mitigation: The primary and most effective mitigation is to ensure that all devices running affected Qualcomm chipsets are updated to the March 2026 security patch level or later, as provided by the device manufacturer [1].

Sources

  1. Android Security Bulletin—March 2026 - Android Open Source Project

    Note: There are indications that CVE-2026-21385 may be under limited, targeted exploitation. 2026-03-01 security patch level vulnerability details In the sections below, we provide details for each of the security vulnerabilities that apply to the 2026-03-01 patch level. Vulnerabilities are grouped…

  2. CVE-2026-21385: Qualcomm Multiple Chipsets Memory Corruption

    CVE-2026-21385 is a Qualcomm chipset graphics/display memory-corruption flaw tied to unsafe alignment handling during allocation. See what’s affected, how to patch, practical mitigations, potential impact, and a safe illustrative PoC.

  3. March 2026 Security Bulletin - Qualcomm Docs

    CVE-2026-21385 ; Title, Integer Overflow or Wraparound in Graphics ; Description, Memory corruption while using alignments for memory allocation.

  4. Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited

    Google’s March 2026 Android update patches 129 vulnerabilities, including exploited Qualcomm flaw CVE-2026-21385 and critical RCE CVE-2026-0006.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed