Vulnerabilities ›

CVE-2026-21373

High

CWE-126 — Weakness Type

                    Published: Apr 6, 2026                      ·  Modified: Apr 13, 2026                      ·  Source: NVD                

CVSS v3

7.8

🔗 NVD Official

📄 Description (English)

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

🤖 AI Executive Summary

CVE-2026-21373 is a high-severity memory corruption vulnerability in Qualcomm wireless firmware affecting multiple FastConnect and QCA chipsets used in enterprise and consumer devices. The vulnerability exists in IOCTL processing where output buffer sizes are not validated, potentially allowing local attackers to corrupt kernel memory and achieve privilege escalation. This poses significant risk to Saudi organizations relying on Qualcomm-based networking infrastructure, particularly in banking, government, and telecommunications sectors.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: Apr 28, 2026 22:01

🇸🇦 Saudi Arabia Impact Assessment

Banking sector (SAMA-regulated institutions) faces risk through compromised endpoint security and network infrastructure. Government agencies and NCA systems using Qualcomm-based wireless equipment could experience privilege escalation attacks. Telecommunications providers (STC, Mobily, Zain) operating FastConnect 6700/6800/6900 infrastructure are directly exposed. Healthcare institutions using wireless medical devices and ARAMCO's operational technology networks utilizing these chipsets are at elevated risk. The vulnerability enables local privilege escalation, potentially compromising sensitive data in SWIFT systems, government networks, and critical infrastructure control systems.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Telecommunications Healthcare Energy and Utilities Critical Infrastructure Defense and Security Enterprise IT

🎯 MITRE ATT&CK Techniques

T1548 - Abuse Elevation Control Mechanism T1548.004 - Abuse Elevation Control Mechanism: Elevated Execution with Prompt T1134 - Access Token Manipulation T1134.003 - Access Token Manipulation: Make and Impersonate Token T1547 - Boot or Logon Autostart Execution T1547.010 - Boot or Logon Autostart Execution: Port Monitors T1543 - Create or Modify System Process T1543.003 - Create or Modify System Process: Windows Service T1140 - Deobfuscate/Decode Files or Information T1036 - Masquerading T1036.005 - Masquerading: Match Legitimate Name or Location T1566 - Phishing T1566.002 - Phishing: Spearphishing Link T1053 - Scheduled Task/Job T1053.005 - Scheduled Task/Job: Scheduled Task T1218 - System Binary Proxy Execution T1218.009 - System Binary Proxy Execution: Regsvcs/Regasm T1204 - User Execution T1204.002 - User Execution: Malicious File T1047 - Windows Management Instrumentation T1059 - Command and Scripting Interpreter T1059.001 - Command and Scripting Interpreter: PowerShell T1059.003 - Command and Scripting Interpreter: Windows Command Shell

⚖️ Saudi Risk Score (AI)

7.8

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Inventory all devices using affected Qualcomm firmware (FastConnect 6200/6700/6800/6900, QCA6391/QCA6420, AQT1000, Cologne)

2. Restrict local access to affected systems through network segmentation and access controls

3. Monitor for suspicious IOCTL calls and kernel memory access patterns

4. Disable unnecessary IOCTL interfaces where operationally feasible



PATCHING GUIDANCE:

1. Contact Qualcomm for firmware updates addressing CWE-126 buffer validation

2. Prioritize patching for banking, government, and critical infrastructure systems

3. Test patches in isolated environments before production deployment

4. Establish firmware update schedule with device manufacturers (Samsung, Xiaomi, etc.)



COMPENSATING CONTROLS (until patches available):

1. Implement kernel address space layout randomization (KASLR) on host systems

2. Enable Control Flow Guard (CFG) and Data Execution Prevention (DEP)

3. Deploy endpoint detection and response (EDR) solutions monitoring kernel anomalies

4. Restrict physical access to affected devices

5. Implement application whitelisting to prevent unauthorized IOCTL calls



DETECTION RULES:

1. Monitor for abnormal IOCTL calls to wireless drivers (ioctl codes 0x80000000-0x8FFFFFFF range)

2. Alert on kernel memory access violations from user-space processes

3. Track firmware version mismatches across enterprise deployments

4. Monitor for privilege escalation attempts following wireless driver interactions

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. حصر جميع الأجهزة التي تستخدم برامج ثابتة كوالكوم المتأثرة (FastConnect 6200/6700/6800/6900، QCA6391/QCA6420، AQT1000، Cologne)

2. تقييد الوصول المحلي للأنظمة المتأثرة من خلال تقسيم الشبكة والتحكم في الوصول

3. مراقبة استدعاءات IOCTL المريبة وأنماط الوصول إلى ذاكرة النواة

4. تعطيل واجهات IOCTL غير الضرورية حيث يكون ذلك ممكناً من الناحية التشغيلية

إرشادات التصحيح:

1. التواصل مع كوالكوم للحصول على تحديثات البرامج الثابتة التي تعالج التحقق من حجم المخزن المؤقت

2. إعطاء الأولوية لتصحيح أنظمة البنوك والحكومة والبنية التحتية الحرجة

3. اختبار التصحيحات في بيئات معزولة قبل النشر في الإنتاج

4. إنشاء جدول زمني لتحديث البرامج الثابتة مع مصنعي الأجهزة

الضوابط البديلة (حتى توفر التصحيحات):

1. تنفيذ عشوائية تخطيط مساحة العناوين في النواة (KASLR) على الأنظمة المضيفة

2. تفعيل Control Flow Guard (CFG) و Data Execution Prevention (DEP)

3. نشر حلول الكشف والاستجابة على نقاط النهاية (EDR) لمراقبة شذوذ النواة

4. تقييد الوصول المادي للأجهزة المتأثرة

5. تنفيذ القائمة البيضاء للتطبيقات لمنع استدعاءات IOCTL غير المصرح بها

قواعد الكشف:

1. مراقبة استدعاءات IOCTL غير الطبيعية لمشغلات الشبكات اللاسلكية

2. تنبيهات على انتهاكات الوصول إلى ذاكرة النواة من عمليات المستخدم

3. تتبع عدم تطابق إصدارات البرامج الثابتة عبر نشرات المؤسسات

4. مراقبة محاولات تصعيد الامتيازات بعد تفاعلات مشغل الشبكة اللاسلكية

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.5.2.1 - Access control implementation A.5.2.3 - User access management A.5.2.4 - Access rights review A.6.1.1 - Cryptographic controls A.6.2.1 - Physical and environmental security A.7.1.1 - Secure development policy A.7.1.2 - Change management A.8.1.1 - Operational security procedures A.8.2.1 - Malware protection A.8.2.2 - Removable media management A.8.2.3 - Information backup A.8.3.1 - Event logging A.8.3.2 - Monitoring and review

🔵 SAMA CSF

Governance - Risk Management Framework Governance - Third-party Risk Management Protection - Access Control and Authentication Protection - Data Protection and Privacy Protection - Cryptography Detection - Security Monitoring and Incident Detection Detection - Vulnerability Management Response - Incident Response and Management Recovery - Business Continuity and Disaster Recovery

🟡 ISO 27001:2022

5.1 - Policies for information security 5.2 - Information security roles and responsibilities 5.3 - Segregation of duties 6.1 - Screening 6.2 - Terms and conditions of employment 6.5 - Access control 7.1 - Cryptography 7.2 - Physical and environmental security 8.1 - Operational planning and preparation 8.2 - Protection against malware 8.3 - Backup 8.4 - Event logging 8.5 - Monitoring 8.6 - Master data management 8.7 - Exchange of information 8.8 - Mobile devices 8.9 - Network security 8.10 - Boundary protection 8.11 - Segregation of networks 8.12 - Configuration management 8.13 - Information deletion 8.14 - Data masking 8.15 - Data leakage prevention 8.16 - Monitoring delivery of services 8.17 - System monitoring 8.18 - Clock synchronization 8.19 - Installation of software on operational systems 8.20 - Information systems audit considerations 8.21 - Portable media 8.22 - Information systems disposal 8.23 - Information security incident management 8.24 - Backup and recovery of information systems 8.25 - Availability and resilience 8.26 - Redundancy of information and communication facilities 8.27 - Resilience of information systems 8.28 - Separating information systems 8.29 - Security testing 8.30 - Development environment 8.31 - Separation of development, test and production environments 8.32 - Change management 8.33 - Test information 8.34 - Protection of information systems from exploitation

🟣 PCI DSS v4.0.1

1.1 - Firewall configuration standards 2.1 - Default security parameters 2.2 - Configuration standards for system components 2.4 - Document and communicate security configuration 6.2 - Ensure security patches are installed 6.3 - Develop secure software 6.4 - Security testing of applications 6.5 - Prevent common coding vulnerabilities 8.1 - Assign unique ID to each person 8.2 - Restrict access by business need-to-know 8.3 - Restrict access to cardholder data 10.1 - Implement audit trails 10.2 - Implement automated audit trails 10.3 - Protect audit trail history 11.1 - Wireless access point detection 11.2 - Run vulnerability scans 11.3 - Conduct penetration testing

🔗 References & Sources 1

🔗

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bulletin....

product-security@qualcomm.com

Vendor Advisory

📦 Affected Products / CPE 50 entries

qualcomm:aqt1000_firmware:-

qualcomm:cologne_firmware:-

qualcomm:fastconnect_6200_firmware:-

qualcomm:fastconnect_6700_firmware:-

qualcomm:fastconnect_6800_firmware:-

qualcomm:fastconnect_6900_firmware:-

qualcomm:fastconnect_7800_firmware:-

qualcomm:qca0000_firmware:-

qualcomm:qca6391_firmware:-

qualcomm:qca6420_firmware:-

qualcomm:qca6430_firmware:-

qualcomm:qcm5430_firmware:-

qualcomm:qcm6490_firmware:-

qualcomm:video_collaboration_vc3_platform_firmware:-

qualcomm:sc8380xp_firmware:-

qualcomm:sm6250_firmware:-

qualcomm:snapdragon_460_mobile_platform_firmware:-

qualcomm:snapdragon_662_mobile_platform_firmware:-

qualcomm:snapdragon_7c_compute_platform_firmware:-

qualcomm:snapdragon_7c_gen_2_compute_platform_firmware:-

qualcomm:snapdragon_7c\+_gen_3_compute_firmware:-

qualcomm:snapdragon_8c_compute_platform_firmware:-

qualcomm:snapdragon_8c_compute_platform_\(sc8180xp-ad\)_firmware:-

qualcomm:snapdragon_8cx_compute_platform_firmware:-

qualcomm:snapdragon_8cx_compute_platform_\"poipu_pro\"_firmware:-

qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_firmware:-

qualcomm:snapdragon_8cx_gen_2_5g_compute_platform_\"poipu_pro\"_firmware:-

qualcomm:snapdragon_8cx_gen_3_compute_platform_firmware:-

qualcomm:snapdragon_ar1_gen_1_platform_firmware:-

qualcomm:wcd9340_firmware:-

qualcomm:wcd9341_firmware:-

qualcomm:wcd9370_firmware:-

qualcomm:wcd9375_firmware:-

qualcomm:wcd9378c_firmware:-

qualcomm:wcd9380_firmware:-

qualcomm:wcd9385_firmware:-

qualcomm:wcn3950_firmware:-

qualcomm:wcn3988_firmware:-

qualcomm:wsa8810_firmware:-

qualcomm:wsa8815_firmware:-

qualcomm:wsa8830_firmware:-

qualcomm:wsa8832_firmware:-

qualcomm:wsa8835_firmware:-

qualcomm:wsa8840_firmware:-

qualcomm:wsa8845_firmware:-

qualcomm:wsa8845h_firmware:-

qualcomm:x2000077_firmware:-

qualcomm:x2000086_firmware:-

qualcomm:x2000090_firmware:-

qualcomm:x2000092_firmware:-

📊 CVSS Score

7.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.8

CWECWE-126

EPSS0.01%

Exploit No

Patch ✗ No

Published 2026-04-06

Source Feed nvd

🇸🇦 Saudi Risk Score

7.8

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-126

🏢 Vendor Advisories

🔗 https://docs.qualcomm.com/product/publicresources/se...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-21373

💬 Comments

Introduce Yourself

Sign In Required