7.8 CVE-2026-21379

Enriched by CISA
 

Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
https://nvd.nist.gov/vuln/detail/CVE-2026-21379

Categories

CWE-126 : Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Use tools that are integrated duringcompilation to insert runtime error-checking mechanismsrelated to memory safety errors, such as AddressSanitizer(ASan) for C/C++ [REF-1518]. Text editor has out-of-bounds read past end of line while indenting C code Chain: "Heartbleed" bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data. Chain: product does not handle when an input string is not NULL terminated, leading to buffer over-read or heap-based buffer overflow.

References


 

AFFECTED (from MITRE)


Vendor Product Versions
Qualcomm, Inc. Snapdragon
  • AQT1000 [affected]
  • Cologne [affected]
  • FastConnect 6200 [affected]
  • FastConnect 6700 [affected]
  • FastConnect 6800 [affected]
  • FastConnect 6900 [affected]
  • FastConnect 7800 [affected]
  • IQX5121 [affected]
  • IQX7181 [affected]
  • QCA0000 [affected]
  • QCA6391 [affected]
  • QCA6420 [affected]
  • QCA6430 [affected]
  • QCM5430 [affected]
  • QCM6490 [affected]
  • Qualcomm Video Collaboration VC3 Platform [affected]
  • SC8380XP [affected]
  • Snapdragon 7c+ Gen 3 Compute [affected]
  • Snapdragon 8c Compute Platform "Poipu Lite" [affected]
  • Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite" [affected]
  • Snapdragon 8cx Compute Platform [affected]
  • Snapdragon 8cx Compute Platform "Poipu Pro" [affected]
  • Snapdragon 8cx Gen 2 5G Compute Platform [affected]
  • Snapdragon 8cx Gen 2 5G Compute Platform "Poipu Pro" [affected]
  • Snapdragon 8cx Gen 3 Compute Platform [affected]
  • WCD9340 [affected]
  • WCD9341 [affected]
  • WCD9370 [affected]
  • WCD9375 [affected]
  • WCD9378C [affected]
  • WCD9380 [affected]
  • WCD9385 [affected]
  • WSA8810 [affected]
  • WSA8815 [affected]
  • WSA8830 [affected]
  • WSA8835 [affected]
  • WSA8840 [affected]
  • WSA8845 [affected]
  • WSA8845H [affected]
  • X2000077 [affected]
  • X2000086 [affected]
  • X2000090 [affected]
  • X2000092 [affected]
  • X2000094 [affected]
  • XG101002 [affected]
  • XG101032 [affected]
  • XG101039 [affected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe start end
Configuration 1
AND
   cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:aqt1000:-:*:*:*:*:*:*:*
Configuration 2
AND
   cpe:2.3:o:qualcomm:cologne_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:cologne:-:*:*:*:*:*:*:*
Configuration 3
AND
   cpe:2.3:o:qualcomm:fastconnect_6200_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:fastconnect_6200:-:*:*:*:*:*:*:*
Configuration 4
AND
   cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*
Configuration 5
AND
   cpe:2.3:o:qualcomm:fastconnect_6800_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:fastconnect_6800:-:*:*:*:*:*:*:*
Configuration 6
AND
   cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*
Configuration 7
AND
   cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
Configuration 8
AND
   cpe:2.3:o:qualcomm:iqx5121_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:iqx5121:-:*:*:*:*:*:*:*
Configuration 9
AND
   cpe:2.3:o:qualcomm:iqx7181_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:iqx7181:-:*:*:*:*:*:*:*
Configuration 10
AND
   cpe:2.3:o:qualcomm:qca0000_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qca0000:-:*:*:*:*:*:*:*
Configuration 11
AND
   cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*
Configuration 12
AND
   cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qca6420:-:*:*:*:*:*:*:*
Configuration 13
AND
   cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qca6430:-:*:*:*:*:*:*:*
Configuration 14
AND
   cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*
Configuration 15
AND
   cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*
Configuration 16
AND
   cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*
Configuration 17
AND
   cpe:2.3:o:qualcomm:sc8380xp_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:sc8380xp:-:*:*:*:*:*:*:*
Configuration 18
AND
   cpe:2.3:o:qualcomm:snapdragon_7c+_gen_3_compute_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:snapdragon_7c+_gen_3_compute:-:*:*:*:*:*:*:*
Configuration 19
AND
   cpe:2.3:o:qualcomm:snapdragon_8c_compute_platform_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:snapdragon_8c_compute_platform:-:*:*:*:*:*:*:*
Configuration 20
AND
   cpe:2.3:o:qualcomm:snapdragon_8c_compute_platform_(sc8180xp-ad)_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:snapdragon_8c_compute_platform_(sc8180xp-ad):-:*:*:*:*:*:*:*
Configuration 21
AND
   cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:snapdragon_8cx_compute_platform:-:*:*:*:*:*:*:*
Configuration 22
AND
   cpe:2.3:o:qualcomm:snapdragon_8cx_compute_platform_"poipu_pro"_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:snapdragon_8cx_compute_platform_"poipu_pro":-:*:*:*:*:*:*:*
Configuration 23
AND
   cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform:-:*:*:*:*:*:*:*
Configuration 24
AND
   cpe:2.3:o:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_"poipu_pro"_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_"poipu_pro":-:*:*:*:*:*:*:*
Configuration 25
AND
   cpe:2.3:o:qualcomm:snapdragon_8cx_gen_3_compute_platform_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:snapdragon_8cx_gen_3_compute_platform:-:*:*:*:*:*:*:*
Configuration 26
AND
   cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wcd9340:-:*:*:*:*:*:*:*
Configuration 27
AND
   cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*
Configuration 28
AND
   cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*
Configuration 29
AND
   cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*
Configuration 30
AND
   cpe:2.3:o:qualcomm:wcd9378c_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wcd9378c:-:*:*:*:*:*:*:*
Configuration 31
AND
   cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
Configuration 32
AND
   cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*
Configuration 33
AND
   cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*
Configuration 34
AND
   cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*
Configuration 35
AND
   cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*
Configuration 36
AND
   cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
Configuration 37
AND
   cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*
Configuration 38
AND
   cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*
Configuration 39
AND
   cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*
Configuration 40
AND
   cpe:2.3:o:qualcomm:x2000077_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:x2000077:-:*:*:*:*:*:*:*
Configuration 41
AND
   cpe:2.3:o:qualcomm:x2000086_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:x2000086:-:*:*:*:*:*:*:*
Configuration 42
AND
   cpe:2.3:o:qualcomm:x2000090_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:x2000090:-:*:*:*:*:*:*:*
Configuration 43
AND
   cpe:2.3:o:qualcomm:x2000092_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:x2000092:-:*:*:*:*:*:*:*
Configuration 44
AND
   cpe:2.3:o:qualcomm:x2000094_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:x2000094:-:*:*:*:*:*:*:*
Configuration 45
AND
   cpe:2.3:o:qualcomm:xg101002_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:xg101002:-:*:*:*:*:*:*:*
Configuration 46
AND
   cpe:2.3:o:qualcomm:xg101032_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:xg101032:-:*:*:*:*:*:*:*
Configuration 47
AND
   cpe:2.3:o:qualcomm:xg101039_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:xg101039:-:*:*:*:*:*:*:*


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry