Description
Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
Published: 2026-07-06
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer over‑read that occurs during memory allocation when the requested size exceeds the maximum allowable limit. This results in memory corruption, which may affect the stability or correctness of the program. The issue is classified as CWE‑126.

Affected Systems

Qualcomm, Inc. Snapdragon chipsets. No specific firmware or hardware versions are listed in the advisory, so all devices that use Qualcomm Snapdragon processors may be affected unless they have applied the vendor’s fix.

Risk and Exploitability

The CVSS base score is 7.8, indicating a high severity vulnerability. The EPSS score is < 1%, and it is not listed in CISA’s KEV catalog, indicating a very low probability of exploitation. No specific details about the attacker’s required access or how exploitation would be performed are provided in the advisory; therefore the risk assessment remains based on the CVSS metric alone.

Generated by OpenCVE AI on July 10, 2026 at 06:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest firmware updates or patches released by Qualcomm following the July2026 security bulletin.
  • If a patch is not yet available, configure the device or disable any components that permit large buffer allocations from untrusted sources, limiting the maximum size to the vendor‑specified maximum.
  • Implement runtime checks in any custom code that interacts with Qualcomm libraries or drivers to validate allocation sizes against the defined maximum before proceeding.

Generated by OpenCVE AI on July 10, 2026 at 06:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Jul 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Qualcomm
Qualcomm snapdragon
Vendors & Products Qualcomm
Qualcomm snapdragon

Mon, 06 Jul 2026 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Description Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
Title Buffer Over-read in Windows Compute
Weaknesses CWE-126
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Qualcomm Snapdragon
cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published:

Updated: 2026-07-07T03:56:18.731Z

Reserved: 2025-12-17T04:35:45.743Z

Link: CVE-2026-21379

cve-icon Vulnrichment

Updated: 2026-07-06T20:55:07.755Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-10T07:00:06Z

Weaknesses