Description
Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
Published: 2026-04-06
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a heap‑based buffer overflow triggered by malformed IOCTL requests that contain invalid buffer sizes when the driver performs a memcpy operation. The overflow corrupts heap memory and can lead to arbitrary code execution or a denial of service on the device. This flaw is identified as CWE‑122, indicating an unbounded write into adjacent memory.

Affected Systems

Affected systems encompass Qualcomm Snapdragon platforms and their firmware, including Snapdragon 460, Snapdragon 662, Snapdragon 7c+ Gen 3 Compute, FastConnect modules, Video Collaboration platforms, and associated firmware components. The broad list of CPEs shows that both the operating system and the specialized DSP/firmware layers may be impacted.

Risk and Exploitability

The reported CVSS score of 7.8 reflects high severity, yet the EPSS score of less than 1 % points to a low probability of real‑world exploitation, and the flaw is not listed in CISA’s KEV catalog. Therefore, the exposure is moderate. The likely attack vector is local: an attacker must interact with the vulnerable driver and send malformed IOCTLs; remote exploitation would require the driver to be exposed over a network or via a privileged service, which is not explicitly documented.

Generated by OpenCVE AI on April 8, 2026 at 23:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check Qualcomm’s security bulletin for a patch or firmware update.
  • Apply any available firmware or driver patch as soon as it is released.
  • Restrict access to the vulnerable Power Management IC driver to trusted users or processes.
  • Audit and disable unused device drivers if possible to reduce attack surface.
  • Monitor system logs for abnormal IOCTL activity or crash events that could indicate exploitation attempts.

Generated by OpenCVE AI on April 8, 2026 at 23:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm cologne
Qualcomm cologne Firmware
Qualcomm fastconnect 6700
Qualcomm fastconnect 6700 Firmware
Qualcomm fastconnect 6900
Qualcomm fastconnect 6900 Firmware
Qualcomm fastconnect 7800
Qualcomm fastconnect 7800 Firmware
Qualcomm qcm5430
Qualcomm qcm5430 Firmware
Qualcomm qcm6490
Qualcomm qcm6490 Firmware
Qualcomm snapdragon 460 Mobile Platform
Qualcomm snapdragon 460 Mobile Platform Firmware
Qualcomm snapdragon 662 Mobile Platform
Qualcomm snapdragon 662 Mobile Platform Firmware
Qualcomm snapdragon 7c\+ Gen 3 Compute
Qualcomm snapdragon 7c\+ Gen 3 Compute Firmware
Qualcomm video Collaboration Vc3 Platform
Qualcomm video Collaboration Vc3 Platform Firmware
Qualcomm wcd9370
Qualcomm wcd9370 Firmware
Qualcomm wcd9375
Qualcomm wcd9375 Firmware
Qualcomm wcd9378c
Qualcomm wcd9378c Firmware
Qualcomm wcd9380
Qualcomm wcd9380 Firmware
Qualcomm wcd9385
Qualcomm wcd9385 Firmware
Qualcomm wcn3950
Qualcomm wcn3950 Firmware
Qualcomm wcn3988
Qualcomm wcn3988 Firmware
Qualcomm wsa8840
Qualcomm wsa8840 Firmware
Qualcomm wsa8845
Qualcomm wsa8845 Firmware
Qualcomm wsa8845h
Qualcomm wsa8845h Firmware
Qualcomm x2000077
Qualcomm x2000077 Firmware
Qualcomm x2000086
Qualcomm x2000086 Firmware
Qualcomm x2000090
Qualcomm x2000090 Firmware
Qualcomm x2000092
Qualcomm x2000092 Firmware
Qualcomm x2000094
Qualcomm x2000094 Firmware
Qualcomm xg101002
Qualcomm xg101002 Firmware
Qualcomm xg101032
Qualcomm xg101032 Firmware
Qualcomm xg101039
Qualcomm xg101039 Firmware
CPEs cpe:2.3:h:qualcomm:cologne:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_6700:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_6900:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:fastconnect_7800:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcm5430:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcm6490:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_460_mobile_platform:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_662_mobile_platform:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:snapdragon_7c\+_gen_3_compute:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:video_collaboration_vc3_platform:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9378c:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8840:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:wsa8845h:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000077:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000086:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000090:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000092:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:x2000094:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:xg101002:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:xg101032:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:xg101039:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:cologne_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:fastconnect_6700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:fastconnect_6900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:fastconnect_7800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcm5430_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:snapdragon_460_mobile_platform_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:snapdragon_662_mobile_platform_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:snapdragon_7c\+_gen_3_compute_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:video_collaboration_vc3_platform_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9378c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8840_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:wsa8845h_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000077_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000086_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000090_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000092_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:x2000094_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:xg101002_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:xg101032_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:xg101039_firmware:-:*:*:*:*:*:*:*
Vendors & Products Qualcomm cologne
Qualcomm cologne Firmware
Qualcomm fastconnect 6700
Qualcomm fastconnect 6700 Firmware
Qualcomm fastconnect 6900
Qualcomm fastconnect 6900 Firmware
Qualcomm fastconnect 7800
Qualcomm fastconnect 7800 Firmware
Qualcomm qcm5430
Qualcomm qcm5430 Firmware
Qualcomm qcm6490
Qualcomm qcm6490 Firmware
Qualcomm snapdragon 460 Mobile Platform
Qualcomm snapdragon 460 Mobile Platform Firmware
Qualcomm snapdragon 662 Mobile Platform
Qualcomm snapdragon 662 Mobile Platform Firmware
Qualcomm snapdragon 7c\+ Gen 3 Compute
Qualcomm snapdragon 7c\+ Gen 3 Compute Firmware
Qualcomm video Collaboration Vc3 Platform
Qualcomm video Collaboration Vc3 Platform Firmware
Qualcomm wcd9370
Qualcomm wcd9370 Firmware
Qualcomm wcd9375
Qualcomm wcd9375 Firmware
Qualcomm wcd9378c
Qualcomm wcd9378c Firmware
Qualcomm wcd9380
Qualcomm wcd9380 Firmware
Qualcomm wcd9385
Qualcomm wcd9385 Firmware
Qualcomm wcn3950
Qualcomm wcn3950 Firmware
Qualcomm wcn3988
Qualcomm wcn3988 Firmware
Qualcomm wsa8840
Qualcomm wsa8840 Firmware
Qualcomm wsa8845
Qualcomm wsa8845 Firmware
Qualcomm wsa8845h
Qualcomm wsa8845h Firmware
Qualcomm x2000077
Qualcomm x2000077 Firmware
Qualcomm x2000086
Qualcomm x2000086 Firmware
Qualcomm x2000090
Qualcomm x2000090 Firmware
Qualcomm x2000092
Qualcomm x2000092 Firmware
Qualcomm x2000094
Qualcomm x2000094 Firmware
Qualcomm xg101002
Qualcomm xg101002 Firmware
Qualcomm xg101032
Qualcomm xg101032 Firmware
Qualcomm xg101039
Qualcomm xg101039 Firmware

Tue, 07 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 06 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 06 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
Description Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.
Title Heap-Based Buffer Overflow in Power Management IC
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Qualcomm Cologne Cologne Firmware Fastconnect 6700 Fastconnect 6700 Firmware Fastconnect 6900 Fastconnect 6900 Firmware Fastconnect 7800 Fastconnect 7800 Firmware Qcm5430 Qcm5430 Firmware Qcm6490 Qcm6490 Firmware Snapdragon Snapdragon 460 Mobile Platform Snapdragon 460 Mobile Platform Firmware Snapdragon 662 Mobile Platform Snapdragon 662 Mobile Platform Firmware Snapdragon 7c\+ Gen 3 Compute Snapdragon 7c\+ Gen 3 Compute Firmware Video Collaboration Vc3 Platform Video Collaboration Vc3 Platform Firmware Wcd9370 Wcd9370 Firmware Wcd9375 Wcd9375 Firmware Wcd9378c Wcd9378c Firmware Wcd9380 Wcd9380 Firmware Wcd9385 Wcd9385 Firmware Wcn3950 Wcn3950 Firmware Wcn3988 Wcn3988 Firmware Wsa8840 Wsa8840 Firmware Wsa8845 Wsa8845 Firmware Wsa8845h Wsa8845h Firmware X2000077 X2000077 Firmware X2000086 X2000086 Firmware X2000090 X2000090 Firmware X2000092 X2000092 Firmware X2000094 X2000094 Firmware Xg101002 Xg101002 Firmware Xg101032 Xg101032 Firmware Xg101039 Xg101039 Firmware
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-04-07T03:55:49.327Z

Reserved: 2025-12-17T04:35:45.742Z

Link: CVE-2026-21372

cve-icon Vulnrichment

Updated: 2026-04-06T16:21:05.474Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-06T16:16:29.767

Modified: 2026-04-08T21:07:02.380

Link: CVE-2026-21372

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:28:54Z

Weaknesses