CVE-2026-21367: CWE-126 Buffer Over-read in Qualcomm, Inc. Snapdragon
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
AI Analysis
Technical Summary
This vulnerability involves a buffer over-read condition in Qualcomm Snapdragon devices triggered by processing malformed FILS Discovery Frames containing out-of-range action sizes during initial scanning phases. The issue results in a transient denial of service, impacting device availability. It affects numerous Snapdragon platforms and related wireless components. The CVSS v3.1 base score is 7.6 (high), reflecting network attack vector, high privileges required, user interaction needed, and potential for complete confidentiality, integrity, and availability impact. No vendor advisory or patch information is currently available.
Potential Impact
Successful exploitation causes a transient denial of service on affected Qualcomm Snapdragon devices by triggering a buffer over-read during wireless frame processing. This can disrupt normal device operation temporarily. The vulnerability impacts confidentiality, integrity, and availability as per the CVSS vector, but no further exploitation details or persistent impacts are documented. No known active exploits have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, monitor vendor communications for updates. No specific mitigations or workarounds are documented at this time.
CVE-2026-21367: CWE-126 Buffer Over-read in Qualcomm, Inc. Snapdragon
Description
Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a buffer over-read condition in Qualcomm Snapdragon devices triggered by processing malformed FILS Discovery Frames containing out-of-range action sizes during initial scanning phases. The issue results in a transient denial of service, impacting device availability. It affects numerous Snapdragon platforms and related wireless components. The CVSS v3.1 base score is 7.6 (high), reflecting network attack vector, high privileges required, user interaction needed, and potential for complete confidentiality, integrity, and availability impact. No vendor advisory or patch information is currently available.
Potential Impact
Successful exploitation causes a transient denial of service on affected Qualcomm Snapdragon devices by triggering a buffer over-read during wireless frame processing. This can disrupt normal device operation temporarily. The vulnerability impacts confidentiality, integrity, and availability as per the CVSS vector, but no further exploitation details or persistent impacts are documented. No known active exploits have been reported.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, monitor vendor communications for updates. No specific mitigations or workarounds are documented at this time.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- qualcomm
- Date Reserved
- 2025-12-17T04:35:45.741Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d3dfaa0a160ebd92c70252
Added to database: 4/6/2026, 4:30:34 PM
Last enriched: 4/6/2026, 4:46:35 PM
Last updated: 4/7/2026, 7:08:20 AM
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.