CVE-2026-21372
Published: 06 April 2026
Summary
CVE-2026-21372 is a high-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Qualcomm Cologne Firmware. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces validation of IOCTL request buffer sizes to prevent heap-based buffer overflows from invalid inputs during memcpy operations.
Implements memory protections that mitigate unauthorized access, modification, or exploitation resulting from the heap-based buffer overflow in Qualcomm components.
Requires timely patching of the specific memory corruption flaw in IOCTL handling as recommended in Qualcomm's security bulletin.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local heap buffer overflow in Qualcomm IOCTL handling directly enables kernel/user-mode exploitation for privilege escalation and arbitrary code execution.
NVD Description
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
Deeper analysisAI
CVE-2026-21372 is a memory corruption vulnerability stemming from improper handling of IOCTL requests with invalid buffer sizes during memcpy operations, classified under CWE-122 (Heap-based Buffer Overflow). It affects Qualcomm components, as detailed in the vendor's security bulletin. The vulnerability received a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact potential with low complexity and local access requirements.
A local attacker with low privileges can exploit this flaw by sending specially crafted IOCTL requests that trigger buffer overflows in memcpy operations, leading to memory corruption. Successful exploitation could allow arbitrary code execution, data tampering, or denial of service, compromising confidentiality, integrity, and availability on the affected system.
Qualcomm's April 2026 security bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html) provides details on affected products and recommends applying vendor-supplied patches to mitigate the issue.
Details
- CWE(s)