7.1 CVE-2026-21383

Enriched by CISA
 

Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security.
https://nvd.nist.gov/vuln/detail/CVE-2026-21383

Categories

CWE-323 : Reusing a Nonce, Key Pair in Encryption
Nonces should be used for the present occasion and only once. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Refuse to reuse nonce values. Use techniques such as requiring incrementing, time based and/or challenge response to assure uniqueness of nonces. social networking app reuses a nonce/key pair, allowing MITM attackers to manipulate direct messages Rust package reuses a nonce/key pair when an object is cloned, which resets the random number generation

References


 

AFFECTED (from MITRE)


Vendor Product Versions
Qualcomm, Inc. Snapdragon
  • FastConnect 6900 [affected]
  • FastConnect 7800 [affected]
  • LeMans_AU_LGIT [affected]
  • LeMansAU [affected]
  • Pandeiro [affected]
  • QAM8255P [affected]
  • QAM8397P [affected]
  • QAM8797P [affected]
  • QAMSRV1H [affected]
  • QAMSRV1M [affected]
  • QCA6595AU [affected]
  • QCA6696 [affected]
  • QCA6698AQ [affected]
  • QCA6797AQ [affected]
  • QCA8695AU [affected]
  • QDU1000 [affected]
  • QDU1110 [affected]
  • QDU1210 [affected]
  • QDX1010 [affected]
  • QDX1011 [affected]
  • QLN1083BD [affected]
  • QLN1086BD [affected]
  • QPA1083BD [affected]
  • QPA1086BD [affected]
  • Qualcomm Dragonwing X100 Accelerator Card [affected]
  • QXM1093 [affected]
  • QXM1094 [affected]
  • QXM1095 [affected]
  • QXM1096 [affected]
  • SA7255P [affected]
  • SA7775P [affected]
  • SA8255P [affected]
  • SA8620P [affected]
  • SA8770P [affected]
  • SA9000P [affected]
  • SAR1165P [affected]
  • SAR2130P [affected]
  • Snapdragon AR1 Gen 1 Platform [affected]
  • Snapdragon AR1+ Gen 1 Platform [affected]
  • SRV1H [affected]
  • SRV1M [affected]
  • SXR2230P [affected]
  • SXR2250P [affected]
  • WCD9380 [affected]
  • WCD9385 [affected]
  • WCN3950 [affected]
  • WCN7860 [affected]
  • WCN7861 [affected]
  • WSA8830 [affected]
  • WSA8832 [affected]
  • WSA8835 [affected]
  • XRV7209 [affected]
  • XRV9209 [affected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe start end
Configuration 1
AND
   cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*
Configuration 2
AND
   cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
Configuration 3
AND
   cpe:2.3:o:qualcomm:lemans_au_lgit_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:lemans_au_lgit:-:*:*:*:*:*:*:*
Configuration 4
AND
   cpe:2.3:o:qualcomm:lemansau_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:lemansau:-:*:*:*:*:*:*:*
Configuration 5
AND
   cpe:2.3:o:qualcomm:pandeiro_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:pandeiro:-:*:*:*:*:*:*:*
Configuration 6
AND
   cpe:2.3:o:qualcomm:qam8255p_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qam8255p:-:*:*:*:*:*:*:*
Configuration 7
AND
   cpe:2.3:o:qualcomm:qam8397p_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qam8397p:-:*:*:*:*:*:*:*
Configuration 8
AND
   cpe:2.3:o:qualcomm:qam8797p_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qam8797p:-:*:*:*:*:*:*:*
Configuration 9
AND
   cpe:2.3:o:qualcomm:qamsrv1h_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qamsrv1h:-:*:*:*:*:*:*:*
Configuration 10
AND
   cpe:2.3:o:qualcomm:qamsrv1m_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qamsrv1m:-:*:*:*:*:*:*:*
Configuration 11
AND
   cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*
Configuration 12
AND
   cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*
Configuration 13
AND
   cpe:2.3:o:qualcomm:qca6698aq_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qca6698aq:-:*:*:*:*:*:*:*
Configuration 14
AND
   cpe:2.3:o:qualcomm:qca6797aq_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qca6797aq:-:*:*:*:*:*:*:*
Configuration 15
AND
   cpe:2.3:o:qualcomm:qca8695au_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qca8695au:-:*:*:*:*:*:*:*
Configuration 16
AND
   cpe:2.3:o:qualcomm:qdu1000_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qdu1000:-:*:*:*:*:*:*:*
Configuration 17
AND
   cpe:2.3:o:qualcomm:qdu1110_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qdu1110:-:*:*:*:*:*:*:*
Configuration 18
AND
   cpe:2.3:o:qualcomm:qdu1210_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qdu1210:-:*:*:*:*:*:*:*
Configuration 19
AND
   cpe:2.3:o:qualcomm:qdx1010_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qdx1010:-:*:*:*:*:*:*:*
Configuration 20
AND
   cpe:2.3:o:qualcomm:qdx1011_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qdx1011:-:*:*:*:*:*:*:*
Configuration 21
AND
   cpe:2.3:o:qualcomm:qln1083bd_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qln1083bd:-:*:*:*:*:*:*:*
Configuration 22
AND
   cpe:2.3:o:qualcomm:qln1086bd_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qln1086bd:-:*:*:*:*:*:*:*
Configuration 23
AND
   cpe:2.3:o:qualcomm:qpa1083bd_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qpa1083bd:-:*:*:*:*:*:*:*
Configuration 24
AND
   cpe:2.3:o:qualcomm:qpa1086bd_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qpa1086bd:-:*:*:*:*:*:*:*
Configuration 25
AND
   cpe:2.3:o:qualcomm:qualcomm_dragonwing_x100_accelerator_card_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qualcomm_dragonwing_x100_accelerator_card:-:*:*:*:*:*:*:*
Configuration 26
AND
   cpe:2.3:o:qualcomm:qxm1093_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qxm1093:-:*:*:*:*:*:*:*
Configuration 27
AND
   cpe:2.3:o:qualcomm:qxm1094_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qxm1094:-:*:*:*:*:*:*:*
Configuration 28
AND
   cpe:2.3:o:qualcomm:qxm1095_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qxm1095:-:*:*:*:*:*:*:*
Configuration 29
AND
   cpe:2.3:o:qualcomm:qxm1096_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:qxm1096:-:*:*:*:*:*:*:*
Configuration 30
AND
   cpe:2.3:o:qualcomm:sa7255p_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:sa7255p:-:*:*:*:*:*:*:*
Configuration 31
AND
   cpe:2.3:o:qualcomm:sa7775p_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:sa7775p:-:*:*:*:*:*:*:*
Configuration 32
AND
   cpe:2.3:o:qualcomm:sa8255p_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:sa8255p:-:*:*:*:*:*:*:*
Configuration 33
AND
   cpe:2.3:o:qualcomm:sa8620p_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:sa8620p:-:*:*:*:*:*:*:*
Configuration 34
AND
   cpe:2.3:o:qualcomm:sa8770p_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:sa8770p:-:*:*:*:*:*:*:*
Configuration 35
AND
   cpe:2.3:o:qualcomm:sa9000p_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:sa9000p:-:*:*:*:*:*:*:*
Configuration 36
AND
   cpe:2.3:o:qualcomm:sar1165p_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:sar1165p:-:*:*:*:*:*:*:*
Configuration 37
AND
   cpe:2.3:o:qualcomm:sar2130p_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:sar2130p:-:*:*:*:*:*:*:*
Configuration 38
AND
   cpe:2.3:o:qualcomm:snapdragon_ar1_gen_1_platform_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:snapdragon_ar1_gen_1_platform:-:*:*:*:*:*:*:*
Configuration 39
AND
   cpe:2.3:o:qualcomm:snapdragon_ar1+_gen_1_platform_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:snapdragon_ar1+_gen_1_platform:-:*:*:*:*:*:*:*
Configuration 40
AND
   cpe:2.3:o:qualcomm:srv1h_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:srv1h:-:*:*:*:*:*:*:*
Configuration 41
AND
   cpe:2.3:o:qualcomm:srv1m_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:srv1m:-:*:*:*:*:*:*:*
Configuration 42
AND
   cpe:2.3:o:qualcomm:sxr2230p_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:sxr2230p:-:*:*:*:*:*:*:*
Configuration 43
AND
   cpe:2.3:o:qualcomm:sxr2250p_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:sxr2250p:-:*:*:*:*:*:*:*
Configuration 44
AND
   cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
Configuration 45
AND
   cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*
Configuration 46
AND
   cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*
Configuration 47
AND
   cpe:2.3:o:qualcomm:wcn7860_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wcn7860:-:*:*:*:*:*:*:*
Configuration 48
AND
   cpe:2.3:o:qualcomm:wcn7861_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wcn7861:-:*:*:*:*:*:*:*
Configuration 49
AND
   cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*
Configuration 50
AND
   cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wsa8832:-:*:*:*:*:*:*:*
Configuration 51
AND
   cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
Configuration 52
AND
   cpe:2.3:o:qualcomm:xrv7209_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:xrv7209:-:*:*:*:*:*:*:*
Configuration 53
AND
   cpe:2.3:o:qualcomm:xrv9209_firmware:-:*:*:*:*:*:*:*
  Running on/with
  cpe:2.3:h:qualcomm:xrv9209:-:*:*:*:*:*:*:*


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry