Cyber Resilience

CVE-2026-21378

High

Published: 06 April 2026

Published
06 April 2026
Modified
08 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21378 is a high-severity Buffer Over-read (CWE-126) vulnerability in Qualcomm Fastconnect 6900 Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2026-21378 is a memory corruption vulnerability stemming from a failure to validate the size of an output buffer during IOCTL processing in a camera sensor driver. This issue, classified under CWE-126 (Buffer Over-read), affects Qualcomm camera sensor drivers and was published on April 6, 2026, with a CVSS v3.1 base score of 7.8 (High).

The vulnerability can be exploited by a local attacker with low privileges, requiring low attack complexity and no user interaction. Successful exploitation grants high impacts on confidentiality, integrity, and availability, potentially allowing arbitrary code execution, data tampering, or system crashes within the affected driver context.

Qualcomm's April 2026 security bulletin at https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html provides details on affected products and recommended patches or mitigations for this vulnerability.

EU & UK References

Vulnerability details

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local memory corruption in kernel driver (IOCTL) directly enables exploitation for privilege escalation to arbitrary code execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-21374Same product: Qualcomm Aqt1000
CVE-2026-21376Same product: Qualcomm Aqt1000
CVE-2026-21373Same product: Qualcomm Aqt1000
CVE-2026-21371Same product: Qualcomm Aqt1000
CVE-2026-21375Same product: Qualcomm Cologne
CVE-2025-47390Same product: Qualcomm Cologne
CVE-2025-59600Same product: Qualcomm Fastconnect 6200
CVE-2024-45561Same product: Qualcomm Aqt1000
CVE-2026-21372Same product: Qualcomm Cologne
CVE-2026-25260Same product: Qualcomm Cologne

Affected Assets

qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
qca0000 firmware
all versions
qualcomm
qca6391 firmware
all versions
qualcomm
qca6420 firmware
all versions
qualcomm
qca6430 firmware
all versions
qualcomm
qcm5430 firmware
all versions
qualcomm
qcm6490 firmware
all versions
qualcomm
video collaboration vc3 platform firmware
all versions
qualcomm
sc8380xp firmware
all versions
+41 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Flaw remediation directly addresses the vulnerability by identifying, patching, and deploying fixes for the buffer size validation failure in the camera sensor driver as recommended in Qualcomm's bulletin.

prevent

Information input validation enforces checks on IOCTL parameters, such as output buffer sizes, preventing the memory corruption from unvalidated access.

prevent

Memory protection mechanisms like address space layout randomization and data execution prevention mitigate exploitation of the buffer over-read for arbitrary code execution or crashes.

References