CVE-2026-21378 PUBLISHED

Buffer Over-read in Camera

Assigner: qualcomm
Reserved: 17.12.2025 Published: 06.04.2026 Updated: 06.04.2026

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.8

Product Status

Vendor Qualcomm, Inc.
Product Snapdragon
Versions Default: unaffected
  • Version AQT1000 is affected
  • Version Cologne is affected
  • Version FastConnect 6200 is affected
  • Version FastConnect 6700 is affected
  • Version FastConnect 6800 is affected
  • Version FastConnect 6900 is affected
  • Version FastConnect 7800 is affected
  • Version QCA0000 is affected
  • Version QCA6391 is affected
  • Version QCA6420 is affected
  • Version QCA6430 is affected
  • Version QCM5430 is affected
  • Version QCM6490 is affected
  • Version Qualcomm Video Collaboration VC3 Platform is affected
  • Version SC8380XP is affected
  • Version SM6250 is affected
  • Version Snapdragon 460 Mobile Platform is affected
  • Version Snapdragon 662 Mobile Platform is affected
  • Version Snapdragon 7c Compute Platform is affected
  • Version Snapdragon 7c Gen 2 Compute Platform "Rennell Pro" is affected
  • Version Snapdragon 7c+ Gen 3 Compute is affected
  • Version Snapdragon 8c Compute Platform "Poipu Lite" is affected
  • Version Snapdragon 8cx Compute Platform is affected
  • Version Snapdragon 8cx Gen 2 5G Compute Platform "Poipu Pro" is affected
  • Version Snapdragon 8cx Gen 3 Compute Platform is affected
  • Version Snapdragon AR1 Gen 1 Platform is affected
  • Version WCD9340 is affected
  • Version WCD9341 is affected
  • Version WCD9370 is affected
  • Version WCD9375 is affected
  • Version WCD9378C is affected
  • Version WCD9380 is affected
  • Version WCD9385 is affected
  • Version WCN3950 is affected
  • Version WCN3988 is affected
  • Version WSA8810 is affected
  • Version WSA8815 is affected
  • Version WSA8830 is affected
  • Version WSA8832 is affected
  • Version WSA8835 is affected
  • Version WSA8840 is affected
  • Version WSA8845 is affected
  • Version WSA8845H is affected
  • Version X2000077 is affected
  • Version X2000086 is affected
  • Version X2000090 is affected
  • Version X2000092 is affected
  • Version X2000094 is affected
  • Version XG101002 is affected
  • Version XG101032 is affected
  • Version XG101039 is affected

References

Problem Types

  • CWE-126 Buffer Over-read CWE