CVE-2026-21380: CWE-416 Use After Free in Qualcomm, Inc. Snapdragon
CVE-2026-21380 is a high-severity use-after-free vulnerability in Qualcomm Snapdragon products related to deprecated DMABUF IOCTL calls used for managing video memory. This memory corruption flaw can lead to high impact on confidentiality, integrity, and availability. The vulnerability affects multiple Snapdragon platforms and components. No official patch or remediation guidance has been published yet, and no known exploits are reported in the wild.
AI Analysis
Technical Summary
CVE-2026-21380 is a use-after-free vulnerability (CWE-416) in Qualcomm Snapdragon devices caused by memory corruption when using deprecated DMABUF IOCTL calls to manage video memory. The flaw allows an attacker with low privileges and local access to potentially execute arbitrary code or cause denial of service by exploiting the improper handling of video memory buffers. The vulnerability affects a broad range of Snapdragon platforms and components, including FastConnect modules and various WCD and WSA series chips. The CVSS 3.1 base score is 7.8, indicating high severity with impacts on confidentiality, integrity, and availability. As of the published date, no official patch or remediation level has been provided by Qualcomm, and no known exploits have been observed in the wild.
Potential Impact
Successful exploitation of this use-after-free vulnerability can result in memory corruption leading to unauthorized disclosure of information, modification of data, or denial of service on affected Snapdragon devices. The vulnerability requires local access with low privileges and does not require user interaction. The high CVSS score reflects the potential for significant impact on device security and stability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or mitigation level has been published by Qualcomm, users and administrators should monitor Qualcomm's advisories for updates. Until a patch is available, limiting local access to affected devices and avoiding use of deprecated DMABUF IOCTL calls where possible may reduce risk.
CVE-2026-21380: CWE-416 Use After Free in Qualcomm, Inc. Snapdragon
Description
CVE-2026-21380 is a high-severity use-after-free vulnerability in Qualcomm Snapdragon products related to deprecated DMABUF IOCTL calls used for managing video memory. This memory corruption flaw can lead to high impact on confidentiality, integrity, and availability. The vulnerability affects multiple Snapdragon platforms and components. No official patch or remediation guidance has been published yet, and no known exploits are reported in the wild.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-21380 is a use-after-free vulnerability (CWE-416) in Qualcomm Snapdragon devices caused by memory corruption when using deprecated DMABUF IOCTL calls to manage video memory. The flaw allows an attacker with low privileges and local access to potentially execute arbitrary code or cause denial of service by exploiting the improper handling of video memory buffers. The vulnerability affects a broad range of Snapdragon platforms and components, including FastConnect modules and various WCD and WSA series chips. The CVSS 3.1 base score is 7.8, indicating high severity with impacts on confidentiality, integrity, and availability. As of the published date, no official patch or remediation level has been provided by Qualcomm, and no known exploits have been observed in the wild.
Potential Impact
Successful exploitation of this use-after-free vulnerability can result in memory corruption leading to unauthorized disclosure of information, modification of data, or denial of service on affected Snapdragon devices. The vulnerability requires local access with low privileges and does not require user interaction. The high CVSS score reflects the potential for significant impact on device security and stability.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or mitigation level has been published by Qualcomm, users and administrators should monitor Qualcomm's advisories for updates. Until a patch is available, limiting local access to affected devices and avoiding use of deprecated DMABUF IOCTL calls where possible may reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- qualcomm
- Date Reserved
- 2025-12-17T04:35:45.743Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d3dfaa0a160ebd92c7026a
Added to database: 4/6/2026, 4:30:34 PM
Last enriched: 4/6/2026, 4:45:43 PM
Last updated: 4/6/2026, 5:48:56 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.