CVE-2026-21376
Published: 06 April 2026
Summary
CVE-2026-21376 is a high-severity Buffer Over-read (CWE-126) vulnerability in Qualcomm Aqt1000 Firmware. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of information inputs like buffer sizes during IOCTL processing to prevent buffer over-read memory corruption.
Implements memory protection mechanisms that comprehensively mitigate exploitation of memory corruption vulnerabilities in drivers.
Ensures timely identification, reporting, and patching of flaws like this buffer over-read in the camera sensor driver as detailed in Qualcomm's bulletin.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local kernel driver memory corruption (IOCTL buffer over-read) directly enables exploitation for privilege escalation to achieve arbitrary code execution.
NVD Description
Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.
Deeper analysisAI
CVE-2026-21376 is a memory corruption vulnerability stemming from CWE-126 (Buffer Over-read), occurring when an output buffer is accessed without validating its size during IOCTL processing in a camera sensor driver. This issue affects Qualcomm components, as documented in their security resources.
The vulnerability carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). A local attacker with low privileges can exploit it through low-complexity means without requiring user interaction, potentially achieving high impacts on confidentiality, integrity, and availability, such as arbitrary code execution or data corruption within the affected driver context.
Qualcomm's April 2026 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html details the vulnerability, including affected products and guidance on mitigation through available patches or updates.
Details
- CWE(s)