CVE-2026-21378

high-risk

Published 2026-04-06

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

Do I need to act?

0.01% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Fastconnect 6900 Firmware

Fastconnect 7800 Firmware

Qca0000 Firmware

Qca6391 Firmware

Qca6420 Firmware

Qca6430 Firmware

Qcm5430 Firmware

Qcm6490 Firmware

Video Collaboration Vc3 Platform Firmware

Sc8380Xp Firmware

Sm6250 Firmware

Snapdragon 460 Mobile Platform Firmware

Snapdragon 662 Mobile Platform Firmware

Snapdragon 7C Compute Platform Firmware

Snapdragon 7C Gen 2 Compute Platform Firmware

Snapdragon 7C\+ Gen 3 Compute Firmware

Snapdragon 8C Compute Platform Firmware

Snapdragon 8Cx Compute Platform Firmware

Snapdragon 8Cx Gen 2 5G Compute Platform Firmware

Snapdragon 8Cx Gen 3 Compute Platform Firmware

Qualcomm

Vendor Advisory https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-bu...

/ 100

high-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 26/34 · High