Cyber Resilience

CVE-2026-21380

High

Published: 06 April 2026

Published
06 April 2026
Modified
08 April 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-21380 is a high-severity Use After Free (CWE-416) vulnerability in Qualcomm Cologne Firmware. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-21380 is a memory corruption vulnerability stemming from the use of deprecated DMABUF IOCTL calls to manage video memory, classified under CWE-416 (Use After Free). Published on 2026-04-06, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The vulnerability affects Qualcomm products, as outlined in their security documentation.

A local attacker with low privileges can exploit this issue through low-complexity attacks requiring no user interaction. Exploitation triggers memory corruption in video memory handling, enabling high-impact consequences including unauthorized data access, modification, or system disruption.

Qualcomm's April 2026 security bulletin (https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html) details available patches and recommended mitigations for addressing the vulnerability.

EU & UK References

Vulnerability details

Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local use-after-free memory corruption in kernel video/DMABUF handling directly provides an exploit primitive for privilege escalation from low-privileged local context to full system compromise.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-47358Same product: Qualcomm Fastconnect 6900
CVE-2025-47359Same product: Qualcomm Fastconnect 6900
CVE-2026-21382Same product: Qualcomm Cologne
CVE-2025-47356Same product: Qualcomm Cologne
CVE-2025-59603Same product: Qualcomm Cologne
CVE-2024-43062Same product: Qualcomm Fastconnect 6900
CVE-2024-33059Same product: Qualcomm Fastconnect 6900
CVE-2024-38411Same product: Qualcomm Fastconnect 6900
CVE-2024-45580Same product: Qualcomm Fastconnect 6900
CVE-2024-43059Same product: Qualcomm Fastconnect 6900

Affected Assets

qualcomm
cologne firmware
all versions
qualcomm
fastconnect 6900 firmware
all versions
qualcomm
fastconnect 7800 firmware
all versions
qualcomm
qca0000 firmware
all versions
qualcomm
sc8380xp firmware
all versions
qualcomm
snapdragon ar1 gen 1 platform firmware
all versions
qualcomm
wcd9378c firmware
all versions
qualcomm
wcd9380 firmware
all versions
qualcomm
wcd9385 firmware
all versions
qualcomm
wsa8830 firmware
all versions
+13 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation through vendor patches directly eliminates the use-after-free memory corruption in deprecated DMABUF IOCTL calls for video memory management.

prevent

Memory protection mechanisms such as address space layout randomization, non-executable memory, and stack canaries comprehensively mitigate exploitation of the use-after-free vulnerability in video memory.

prevent

Least functionality restricts or disables deprecated DMABUF IOCTL capabilities in video drivers, reducing the attack surface for local low-privilege memory corruption attacks.

References