CVE-2026-21385

Name of the Vulnerable Software and Affected Versions Qualcomm Android components versions (affected versions not specified)

Description A memory corruption issue exists in Qualcomm open-source display components used in Android devices. This flaw is due to an integer overflow or wraparound, leading to memory corruption. The vulnerability, identified as CVE-2026-21385, affects over 234 chipsets and is reportedly under limited, targeted exploitation. The issue impacts the graphics component and may allow for remote code execution. It has been actively exploited in the wild, potentially linked to commercial spyware or nation-state threat groups. The vulnerability involves memory alignment allocation and may allow local attackers to cause damage to memory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.