CVE-2026-21383 PUBLISHED

Reusing a Nonce, Key Pair in Encryption in HLOS

Assigner: qualcomm
Reserved: 17.12.2025 Published: 06.07.2026 Updated: 06.07.2026

Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security.

Metrics

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVSS Score: 7.1

Product Status

Vendor Qualcomm, Inc.
Product Snapdragon
Versions Default: unaffected
  • Version FastConnect 6900 is affected
  • Version FastConnect 7800 is affected
  • Version LeMans_AU_LGIT is affected
  • Version LeMansAU is affected
  • Version Pandeiro is affected
  • Version QAM8255P is affected
  • Version QAM8397P is affected
  • Version QAM8797P is affected
  • Version QAMSRV1H is affected
  • Version QAMSRV1M is affected
  • Version QCA6595AU is affected
  • Version QCA6696 is affected
  • Version QCA6698AQ is affected
  • Version QCA6797AQ is affected
  • Version QCA8695AU is affected
  • Version QDU1000 is affected
  • Version QDU1110 is affected
  • Version QDU1210 is affected
  • Version QDX1010 is affected
  • Version QDX1011 is affected
  • Version QLN1083BD is affected
  • Version QLN1086BD is affected
  • Version QPA1083BD is affected
  • Version QPA1086BD is affected
  • Version Qualcomm Dragonwing X100 Accelerator Card is affected
  • Version QXM1093 is affected
  • Version QXM1094 is affected
  • Version QXM1095 is affected
  • Version QXM1096 is affected
  • Version SA7255P is affected
  • Version SA7775P is affected
  • Version SA8255P is affected
  • Version SA8620P is affected
  • Version SA8770P is affected
  • Version SA9000P is affected
  • Version SAR1165P is affected
  • Version SAR2130P is affected
  • Version Snapdragon AR1 Gen 1 Platform is affected
  • Version Snapdragon AR1+ Gen 1 Platform is affected
  • Version SRV1H is affected
  • Version SRV1M is affected
  • Version SXR2230P is affected
  • Version SXR2250P is affected
  • Version WCD9380 is affected
  • Version WCD9385 is affected
  • Version WCN3950 is affected
  • Version WCN7860 is affected
  • Version WCN7861 is affected
  • Version WSA8830 is affected
  • Version WSA8832 is affected
  • Version WSA8835 is affected
  • Version XRV7209 is affected
  • Version XRV9209 is affected

References

Problem Types

  • CWE-323: Reusing a Nonce, Key Pair in Encryption CWE