Vulnerabilities ›

CVE-2026-21372

High

CWE-122 — Weakness Type

                    Published: Apr 6, 2026                      ·  Modified: Apr 13, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.

🤖 AI Executive Summary

CVE-2026-21372 is a high-severity memory corruption vulnerability in Qualcomm firmware affecting multiple chipsets used in mobile devices and IoT platforms. The vulnerability exists in IOCTL request handling where invalid buffer sizes trigger buffer overflow conditions during memcpy operations. Without available patches, this vulnerability poses significant risk to Saudi organizations relying on Qualcomm-based devices for critical communications and operations.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 28, 2026 19:57

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily impacts Saudi telecommunications sector (STC, Mobily, Zain) through compromised mobile infrastructure and enterprise devices. Government agencies and NCA operations utilizing Qualcomm-based communication devices face elevated risk of device compromise and data exfiltration. Banking sector exposure is moderate through mobile banking platforms and employee devices. Healthcare institutions using Qualcomm-based medical IoT devices and ARAMCO's operational technology networks face potential disruption. The absence of available patches significantly elevates risk across all sectors.

🏢 Affected Saudi Sectors

Telecommunications (STC, Mobily, Zain) Government and NCA Banking and Financial Services Healthcare Energy (ARAMCO) IoT and Smart City Infrastructure

🎯 MITRE ATT&CK Techniques

T1055 - Process Injection T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1499 - Endpoint Denial of Service T1557 - Man-in-the-Middle

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Inventory all Qualcomm-based devices (Snapdragon 460/662, FastConnect 6700/6900/7800, QCM5430/6490) across your organization

2. Isolate or restrict network access for devices running affected firmware versions until patches are available

3. Implement network segmentation to limit IOCTL request exposure from untrusted sources

4. Monitor for suspicious IOCTL requests with malformed buffer parameters



Compensating Controls:

5. Deploy application-level input validation to reject IOCTL requests with invalid buffer sizes

6. Implement firmware integrity verification mechanisms where possible

7. Restrict user-mode access to IOCTL interfaces through privilege escalation controls

8. Enable memory protection features (ASLR, DEP/NX) on affected devices



Detection Rules:

9. Monitor kernel logs for memcpy buffer overflow attempts and memory access violations

10. Alert on IOCTL calls with buffer size mismatches or zero-length buffers

11. Track firmware version compliance and flag unpatched devices in asset management systems

12. Establish baseline for normal IOCTL request patterns and alert on anomalies

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. قم بحصر جميع أجهزة Qualcomm (Snapdragon 460/662، FastConnect 6700/6900/7800، QCM5430/6490) عبر مؤسستك

2. عزل أو تقييد الوصول إلى الشبكة للأجهزة التي تعمل بإصدارات البرامج الثابتة المتأثرة حتى توفر التصحيحات

3. تنفيذ تقسيم الشبكة لتحديد تعرض طلبات IOCTL من مصادر غير موثوقة

4. مراقبة طلبات IOCTL المريبة ذات معاملات المخزن المؤقت المشوهة

الضوابط البديلة:

5. نشر التحقق من صحة المدخلات على مستوى التطبيق لرفض طلبات IOCTL ذات أحجام المخزن المؤقت غير الصحيحة

6. تنفيذ آليات التحقق من سلامة البرامج الثابتة حيث أمكن

7. تقييد الوصول من وضع المستخدم إلى واجهات IOCTL من خلال ضوابط تصعيد الامتيازات

8. تفعيل ميزات حماية الذاكرة (ASLR، DEP/NX) على الأجهزة المتأثرة

قواعد الكشف:

9. مراقبة سجلات النواة لمحاولات تجاوز memcpy والوصول غير القانوني للذاكرة

10. تنبيه استدعاءات IOCTL مع عدم تطابق حجم المخزن المؤقت أو المخازن المؤقتة بطول صفر

11. تتبع امتثال إصدار البرامج الثابتة وتحديد الأجهزة غير المصححة في أنظمة إدارة الأصول

12. إنشاء خط أساس لأنماط طلبات IOCTL العادية والتنبيه على الشذوذ

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.14.2.1 - Secure development policy ECC 2024 A.12.2.1 - Monitoring and logging of access

🔵 SAMA CSF

SAMA CSF ID.RA-1 - Asset management and vulnerability identification SAMA CSF PR.IP-12 - Security testing and vulnerability management SAMA CSF DE.CM-1 - Detection and monitoring of anomalies

🟡 ISO 27001:2022

ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities ISO 27001:2022 A.14.2.1 - Secure development and change management ISO 27001:2022 A.8.1.1 - Inventory of assets

🟣 PCI DSS v4.0.1

PCI DSS 6.2 - Security patches and updates PCI DSS 11.2 - Vulnerability scanning and management

🔗 References & Sources 1

🔗

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin....

product-security@qualcomm.com

Vendor Advisory

📦 Affected Products / CPE 28 entries

qualcomm:cologne_firmware:-

qualcomm:fastconnect_6700_firmware:-

qualcomm:fastconnect_6900_firmware:-

qualcomm:fastconnect_7800_firmware:-

qualcomm:qcm5430_firmware:-

qualcomm:qcm6490_firmware:-

qualcomm:video_collaboration_vc3_platform_firmware:-

qualcomm:snapdragon_460_mobile_platform_firmware:-

qualcomm:snapdragon_662_mobile_platform_firmware:-

qualcomm:snapdragon_7c\+_gen_3_compute_firmware:-

qualcomm:wcd9370_firmware:-

qualcomm:wcd9375_firmware:-

qualcomm:wcd9378c_firmware:-

qualcomm:wcd9380_firmware:-

qualcomm:wcd9385_firmware:-

qualcomm:wcn3950_firmware:-

qualcomm:wcn3988_firmware:-

qualcomm:wsa8840_firmware:-

qualcomm:wsa8845_firmware:-

qualcomm:wsa8845h_firmware:-

qualcomm:x2000077_firmware:-

qualcomm:x2000086_firmware:-

qualcomm:x2000090_firmware:-

qualcomm:x2000092_firmware:-

qualcomm:x2000094_firmware:-

qualcomm:xg101002_firmware:-

qualcomm:xg101032_firmware:-

qualcomm:xg101039_firmware:-

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-122

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-04-06

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-122

🏢 Vendor Advisories

🔗 https://docs.qualcomm.com/product/publicresources/se...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-21372

💬 Comments

Introduce Yourself

Sign In Required