{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-21380", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "state": "PUBLISHED", "assignerShortName": "qualcomm", "dateReserved": "2025-12-17T04:35:45.743Z", "datePublished": "2026-04-06T15:33:54.786Z", "dateUpdated": "2026-04-06T16:22:14.608Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Snapdragon Compute", "Snapdragon Industrial IOT"], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "Cologne"}, {"status": "affected", "version": "FastConnect 6900"}, {"status": "affected", "version": "FastConnect 7800"}, {"status": "affected", "version": "QCA0000"}, {"status": "affected", "version": "SC8380XP"}, {"status": "affected", "version": "Snapdragon AR1 Gen 1 Platform"}, {"status": "affected", "version": "WCD9378C"}, {"status": "affected", "version": "WCD9380"}, {"status": "affected", "version": "WCD9385"}, {"status": "affected", "version": "WSA8830"}, {"status": "affected", "version": "WSA8832"}, {"status": "affected", "version": "WSA8835"}, {"status": "affected", "version": "WSA8840"}, {"status": "affected", "version": "WSA8845"}, {"status": "affected", "version": "WSA8845H"}, {"status": "affected", "version": "X2000077"}, {"status": "affected", "version": "X2000086"}, {"status": "affected", "version": "X2000090"}, {"status": "affected", "version": "X2000092"}, {"status": "affected", "version": "X2000094"}, {"status": "affected", "version": "XG101002"}, {"status": "affected", "version": "XG101032"}, {"status": "affected", "version": "XG101039"}]}], "descriptions": [{"lang": "en", "value": "Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-416", "description": "CWE-416 Use After Free", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2026-04-06T15:33:54.786Z"}, "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"}], "title": "Use After Free in DSP Service"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21380", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-06T16:12:35.904632Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T16:22:14.608Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-21380", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-06T16:12:35.904632Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-06T16:19:43.842Z"}}], "cna": {"title": "Use After Free in DSP Service", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Qualcomm, Inc.", "product": "Snapdragon", "versions": [{"status": "affected", "version": "Cologne"}, {"status": "affected", "version": "FastConnect 6900"}, {"status": "affected", "version": "FastConnect 7800"}, {"status": "affected", "version": "QCA0000"}, {"status": "affected", "version": "SC8380XP"}, {"status": "affected", "version": "Snapdragon AR1 Gen 1 Platform"}, {"status": "affected", "version": "WCD9378C"}, {"status": "affected", "version": "WCD9380"}, {"status": "affected", "version": "WCD9385"}, {"status": "affected", "version": "WSA8830"}, {"status": "affected", "version": "WSA8832"}, {"status": "affected", "version": "WSA8835"}, {"status": "affected", "version": "WSA8840"}, {"status": "affected", "version": "WSA8845"}, {"status": "affected", "version": "WSA8845H"}, {"status": "affected", "version": "X2000077"}, {"status": "affected", "version": "X2000086"}, {"status": "affected", "version": "X2000090"}, {"status": "affected", "version": "X2000092"}, {"status": "affected", "version": "X2000094"}, {"status": "affected", "version": "XG101002"}, {"status": "affected", "version": "XG101032"}, {"status": "affected", "version": "XG101039"}], "platforms": ["Snapdragon Compute", "Snapdragon Industrial IOT"], "defaultStatus": "unaffected"}], "references": [{"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"}], "descriptions": [{"lang": "en", "value": "Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm", "dateUpdated": "2026-04-06T15:33:54.786Z"}}}, "cveMetadata": {"cveId": "CVE-2026-21380", "state": "PUBLISHED", "dateUpdated": "2026-04-06T16:22:14.608Z", "dateReserved": "2025-12-17T04:35:45.743Z", "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "datePublished": "2026-04-06T15:33:54.786Z", "assignerShortName": "qualcomm"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Memory Corruption when using deprecated DMABUF IOCTL calls to manage video memory."}], "id": "CVE-2026-21380", "lastModified": "2026-04-06T16:16:30.953", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "product-security@qualcomm.com", "type": "Primary"}]}, "published": "2026-04-06T16:16:30.953", "references": [{"source": "product-security@qualcomm.com", "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin.html"}], "sourceIdentifier": "product-security@qualcomm.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "product-security@qualcomm.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "Cologne"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "FastConnect 6900"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "FastConnect 7800"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "QCA0000"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "SC8380XP"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "Snapdragon AR1 Gen 1 Platform"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WCD9378C"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WCD9380"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WCD9385"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WSA8830"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WSA8832"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WSA8835"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WSA8840"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WSA8845"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "WSA8845H"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "X2000077"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "X2000086"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "X2000090"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "X2000092"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "X2000094"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "XG101002"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "XG101032"}}, {"platform": ["snapdragon_compute", "snapdragon_industrial_iot"], "status": "affected", "versions": {"scheme": "generic", "value": "XG101039"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Snapdragon", "source": "cna", "vendor": "Qualcomm, Inc."}, "product": "snapdragon", "vendor": "qualcomm"}], "analysis": {"en": {"generated_at": "2026-04-06T19:21:11.407813+00:00", "value": {"mitigation_remediation": ["Apply the patch detailed in Qualcomm\u2019s April\u00a02026 Security Bulletin to update the Snapdragon firmware", "Upgrade to the latest Snapdragon release that contains the corrected driver", "If the deprecated DMABUF IOCTLs are not required, disable or remove those interfaces from the device configuration", "Restrict access to the DSP Service\u2019s device nodes via ACLs or SELinux policies to prevent unauthorized use"], "summary": {"action": "Immediate Patch", "impact": "Use after free memory corruption may lead to arbitrary code execution or system instability"}, "threat_synthesis": {"affected_systems": "All Qualcomm Snapdragon platforms that expose the DSP Service via the deprecated DMABUF interface are affected. The vulnerability applies to any device running the affected Snapdragon firmware, regardless of the specific silicon variant, as the issue resides in the OS-level driver handling video memory operations.", "description_and_impact": "The vulnerability is a use\u2011after\u2011free error in the DSP Service, triggered by deprecated DMABUF IOCTL calls that manage video memory. When an invalidated memory reference is accessed, the driver may overwrite control data or execute unintended code, potentially allowing arbitrary code execution or a system crash. The weakness is identified as CWE\u2011416, indicating a classic memory corruption scenario.", "risk_and_exploitability": "The CVSS score of 7.8 classifies this as a high\u2011severity issue. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, but that does not lower the risk. The likely attack vector is local: any process with permission to invoke the DMABUF IOCTLs can trigger the use\u2011after\u2011free. An attacker who obtains local privileges could exploit this to execute code with the DSP Service\u2019s kernel privileges, or potentially cause a denial of service by crashing the service."}}}}, "created": "2026-04-06T20:13:57.889234+00:00", "updated": "2026-04-06T21:31:57.410130+00:00", "vendors": ["qualcomm", "qualcomm$PRODUCT$snapdragon"]}