HighCISA KEVExploited in the wildPublic exploit
Memory Corruption in Qualcomm Graphics/Display Component
IdentifiersCVE-2026-21385CWE-190· Integer Overflow or Wraparound
CVE-2026-21385 is a high-severity vulnerability affecting an open-source Qualcomm Graphics/Display component used across multiple Qualcomm chipsets in Android devices. Qualcomm describes the issue as "memory corruption while using alignments for memory allocation," and multiple sources in the provided content characterize it as an integer overflow or wraparound condition in alignment or size calculations during memory allocation. The resulting corruption has also been described as a buffer over-read in the Graphics component, indicating that malformed or unexpected size/alignment handling can cause out-of-bounds memory access. Google included fixes for the issue in the March 2026 Android Security Bulletin and stated there were indications of limited, targeted exploitation in the wild. The flaw reportedly affects a large number of Qualcomm chipsets used in phones, tablets, and some IoT/embedded devices.
Share:
For your environment
Are you exposed to this one?
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
ANALYST BRIEF
Impact, mitigation & remediation
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
Impact
What an attacker gets, and what they’ve been doing with it.
Successful exploitation can cause memory corruption in the affected Qualcomm graphics/display component, leading to device instability or crashes. Depending on the exact code path, privileges of the vulnerable component, and exploit reliability, the issue may also permit exposure of sensitive memory contents via out-of-bounds reads and potentially arbitrary code execution. Multiple sources in the provided content explicitly note possible access to sensitive memory data, while others state the flaw could potentially allow code execution. The vulnerability has been reported as actively exploited in limited, targeted attacks.
Mitigation
If you can’t patch tonight, do this now.
Until patches are fully deployed, reduce exposure by enforcing rapid mobile OS/security update compliance through MDM or equivalent controls, restricting sideloading and untrusted application installation, and limiting local code execution opportunities on affected devices. Monitor for repeated crashes, unexpected reboots, or abnormal low-level service instability that could indicate attempted exploitation. Because exploitation appears targeted, prioritize high-risk users and exposed fleets for accelerated update rollout and tighter device policy enforcement.
Remediation
Patch, then assume compromise.
Apply the vendor-provided fixes delivered through the March 2026 Android Security Bulletin, specifically the 2026-03-05 patch level or later where applicable. OEMs and device manufacturers need to integrate Qualcomm’s fixes into firmware/OS updates for affected models and release them to end users. Organizations should prioritize patching affected Android devices and Qualcomm-based products according to OEM advisories. Where applicable, follow CISA KEV remediation guidance and vendor instructions; if no mitigation or patch path exists for a deployed product, discontinue use of the affected product.
PUBLIC EXPLOITS
Exploits
No valid public exploits. Mallory filtered out 2 candidates as fakes, detection scripts, or README-only repos.
VALID 0 / 2 TOTALView more in app
All candidate exploits were filtered out by Mallory's validation.
EXPOSURE SURFACE
Affected products & vendors
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
VendorProductType
Qualcomm5g Fixed Wireless Access Platform Firmwareoperating_system
QualcommApq8098 Firmwareoperating_system
QualcommAr8031 Firmwareoperating_system
QualcommAr8035 Firmwareoperating_system
QualcommC-V2x 9150 Firmwareoperating_system
QualcommCsra6620 Firmwareoperating_system
QualcommCsra6640 Firmwareoperating_system
QualcommFastconnect 6200 Firmwareoperating_system
QualcommFastconnect 6700 Firmwareoperating_system
QualcommFastconnect 6800 Firmwareoperating_system
QualcommFastconnect 6900 Firmwareoperating_system
QualcommFastconnect 7800 Firmwareoperating_system
QualcommFlight Rb5 5g Platform Firmwareoperating_system
QualcommFsm100 Platform Firmwareoperating_system
QualcommG1 Gen 1 Firmwareoperating_system
QualcommG2 Gen 1 Firmwareoperating_system
QualcommIq-615 Firmwareoperating_system
QualcommIq-8275 Firmwareoperating_system
QualcommIq-8300 Firmwareoperating_system
QualcommIq-9075 Firmwareoperating_system
QualcommIq-9100 Firmwareoperating_system
QualcommLemans Au Lgit Firmwareoperating_system
QualcommLemansau Firmwareoperating_system
QualcommMdm9250 Firmwareoperating_system
QualcommMdm9628 Firmwareoperating_system
QualcommMilos Firmwareoperating_system
QualcommMonaco Iot Firmwareoperating_system
QualcommNetrani Firmwareoperating_system
QualcommOrne Firmwareoperating_system
QualcommPalawan25 Firmwareoperating_system
QualcommPandeiro Firmwareoperating_system
QualcommQam8255p Firmwareoperating_system
QualcommQam8295p Firmwareoperating_system
QualcommQamsrv1h Firmwareoperating_system
QualcommQamsrv1m Firmwareoperating_system
QualcommQca2066 Firmwareoperating_system
QualcommQca6174a Firmwareoperating_system
QualcommQca6391 Firmwareoperating_system
QualcommQca6564a Firmwareoperating_system
QualcommQca6564au Firmwareoperating_system
QualcommQca6574 Firmwareoperating_system
QualcommQca6574a Firmwareoperating_system
QualcommQca6574au Firmwareoperating_system
QualcommQca6584au Firmwareoperating_system
QualcommQca6595 Firmwareoperating_system
QualcommQca6595au Firmwareoperating_system
QualcommQca6678aq Firmwareoperating_system
QualcommQca6688aq Firmwareoperating_system
QualcommQca6696 Firmwareoperating_system
QualcommQca6698aq Firmwareoperating_system
QualcommQca6698au Firmwareoperating_system
QualcommQca6797aq Firmwareoperating_system
QualcommQca8081 Firmwareoperating_system
QualcommQca8337 Firmwareoperating_system
QualcommQca8695au Firmwareoperating_system
QualcommQca9367 Firmwareoperating_system
QualcommQca9377 Firmwareoperating_system
QualcommQcm2290 Firmwareoperating_system
QualcommQcm4325 Firmwareoperating_system
QualcommQcm4490 Firmwareoperating_system
QualcommQcm5430 Firmwareoperating_system
QualcommQcm6125 Firmwareoperating_system
QualcommQcm6490 Firmwareoperating_system
QualcommQcn6024 Firmwareoperating_system
QualcommQcn9011 Firmwareoperating_system
QualcommQcn9012 Firmwareoperating_system
QualcommQcn9024 Firmwareoperating_system
QualcommQcs2290 Firmwareoperating_system
QualcommQcs4290 Firmwareoperating_system
QualcommQcs4490 Firmwareoperating_system
QualcommQcs8550 Firmwareoperating_system
QualcommQln1083bd Firmwareoperating_system
QualcommQln1086bd Firmwareoperating_system
QualcommQmp1000 Firmwareoperating_system
QualcommQpa1083bd Firmwareoperating_system
QualcommQpa1086bd Firmwareoperating_system
QualcommQrb5165m Firmwareoperating_system
QualcommQrb5165n Firmwareoperating_system
QualcommQualcomm 215 Mobile Platform Firmwareoperating_system
QualcommQxm1083 Firmwareoperating_system
QualcommQxm1086 Firmwareoperating_system
QualcommQxm1093 Firmwareoperating_system
QualcommQxm1094 Firmwareoperating_system
QualcommQxm1095 Firmwareoperating_system
QualcommQxm1096 Firmwareoperating_system
QualcommRobotics Rb2 Platform Firmwareoperating_system
QualcommRobotics Rb5 Platform Firmwareoperating_system
QualcommSa4150p Firmwareoperating_system
QualcommSa4155p Firmwareoperating_system
QualcommSa6145p Firmwareoperating_system
QualcommSa6150p Firmwareoperating_system
QualcommSa6155 Firmwareoperating_system
QualcommSa6155p Firmwareoperating_system
QualcommSa7255p Firmwareoperating_system
QualcommSa7775p Firmwareoperating_system
QualcommSa8145p Firmwareoperating_system
QualcommSa8150p Firmwareoperating_system
QualcommSa8155 Firmwareoperating_system
QualcommSa8155p Firmwareoperating_system
QualcommSa8195p Firmwareoperating_system
QualcommSa8255p Firmwareoperating_system
QualcommSa8295p Firmwareoperating_system
QualcommSa8620p Firmwareoperating_system
QualcommSa8770p Firmwareoperating_system
QualcommSa9000p Firmwareoperating_system
QualcommSar1165p Firmwareoperating_system
QualcommSar1250p Firmwareoperating_system
QualcommSar2130p Firmwareoperating_system
QualcommSar2230p Firmwareoperating_system
QualcommSc8380xp Firmwareoperating_system
QualcommSd626 Firmwareoperating_system
QualcommSd662 Firmwareoperating_system
QualcommSd865 5g Firmwareoperating_system
QualcommSda660 Firmwareoperating_system
QualcommSdm429w Firmwareoperating_system
QualcommSdx61 Firmwareoperating_system
QualcommSm6225p Firmwareoperating_system
QualcommSm6650p Firmwareoperating_system
QualcommSm7325p Firmwareoperating_system
QualcommSm7435 Firmwareoperating_system
QualcommSm7550 Firmwareoperating_system
QualcommSm7550p Firmwareoperating_system
QualcommSm7635p Firmwareoperating_system
QualcommSm7675 Firmwareoperating_system
QualcommSm7675p Firmwareoperating_system
QualcommSm8475p Firmwareoperating_system
QualcommSm8550p Firmwareoperating_system
QualcommSm8635 Firmwareoperating_system
QualcommSm8635p Firmwareoperating_system
QualcommSm8650q Firmwareoperating_system
QualcommSm8750p Firmwareoperating_system
QualcommSmart Audio 400 Platform Firmwareoperating_system
QualcommSmart Display 200 Platform Firmwareoperating_system
QualcommSnapdragon 4 Gen 1 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 4 Gen 2 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 429 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 460 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 480 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 480+ 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 6 Gen 1 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 6 Gen 3 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 6 Gen 4 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 625 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 626 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 660 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 662 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 680 4g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 685 4g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 690 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 695 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 7 Gen 1 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 7+ Gen 2 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 778g 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 778g+ 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 782g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 7c+ Gen 3 Compute Firmwareoperating_system
QualcommSnapdragon 7s Gen 3 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 8 Elite Firmwareoperating_system
QualcommSnapdragon 8 Elite Gen 5 Firmwareoperating_system
QualcommSnapdragon 8 Gen 1 Firmwareoperating_system
QualcommSnapdragon 8 Gen 1 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 8 Gen 2 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 8 Gen 3 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 8+ Gen 1 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 8+ Gen 2 Mobile Platform Firmwareoperating_system
QualcommSnapdragon 820 Automotive Platform Firmwareoperating_system
QualcommSnapdragon 820am Firmwareoperating_system
QualcommSnapdragon 865 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 865+ 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 870 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 888 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon 888+ 5g Mobile Platform Firmwareoperating_system
QualcommSnapdragon Ar1 Gen 1 Platform Firmwareoperating_system
QualcommSnapdragon Ar1+ Gen 1 Platform Firmwareoperating_system
QualcommSnapdragon Auto 5g Modem-Rf Firmwareoperating_system
QualcommSnapdragon W5+ Gen 1 Wearable Platform Firmwareoperating_system
QualcommSnapdragon X12 Lte Modem Firmwareoperating_system
QualcommSnapdragon X5 Lte Modem Firmwareoperating_system
QualcommSnapdragon X53 5g Modem-Rf System Firmwareoperating_system
QualcommSnapdragon X55 5g Modem-Rf System Firmwareoperating_system
QualcommSnapdragon X65 5g Modem-Rf System Firmwareoperating_system
QualcommSnapdragon Xr2 5g Platform Firmwareoperating_system
QualcommSnapdragon Xr2+ Gen 1 Platform Firmwareoperating_system
QualcommSrv1h Firmwareoperating_system
QualcommSrv1m Firmwareoperating_system
QualcommSw5100 Firmwareoperating_system
QualcommSw5100p Firmwareoperating_system
QualcommSw6100 Firmwareoperating_system
QualcommSw6100p Firmwareoperating_system
QualcommSxr2230p Firmwareoperating_system
QualcommSxr2250p Firmwareoperating_system
QualcommSxr2330p Firmwareoperating_system
QualcommSxr2350p Firmwareoperating_system
QualcommThemisto Firmwareoperating_system
QualcommVideo Collaboration Vc1 Platform Firmwareoperating_system
QualcommVideo Collaboration Vc3 Platform Firmwareoperating_system
QualcommVideo Collaboration Vc5 Platform Firmwareoperating_system
QualcommVision Intelligence 100 Platform Firmwareoperating_system
QualcommVision Intelligence 200 Platform Firmwareoperating_system
QualcommVision Intelligence 400 Platform Firmwareoperating_system
QualcommWcd9326 Firmwareoperating_system
QualcommWcd9330 Firmwareoperating_system
QualcommWcd9335 Firmwareoperating_system
QualcommWcd9341 Firmwareoperating_system
QualcommWcd9360 Firmwareoperating_system
QualcommWcd9370 Firmwareoperating_system
QualcommWcd9371 Firmwareoperating_system
QualcommWcd9375 Firmwareoperating_system
QualcommWcd9378 Firmwareoperating_system
QualcommWcd9380 Firmwareoperating_system
QualcommWcd9385 Firmwareoperating_system
QualcommWcd9390 Firmwareoperating_system
QualcommWcd9395 Firmwareoperating_system
QualcommWcn3615 Firmwareoperating_system
QualcommWcn3620 Firmwareoperating_system
QualcommWcn3660b Firmwareoperating_system
QualcommWcn3680b Firmwareoperating_system
QualcommWcn3910 Firmwareoperating_system
QualcommWcn3950 Firmwareoperating_system
QualcommWcn3980 Firmwareoperating_system
QualcommWcn3988 Firmwareoperating_system
QualcommWcn3990 Firmwareoperating_system
QualcommWcn6450 Firmwareoperating_system
QualcommWcn6650 Firmwareoperating_system
QualcommWcn6755 Firmwareoperating_system
QualcommWcn7860 Firmwareoperating_system
QualcommWcn7861 Firmwareoperating_system
QualcommWcn7880 Firmwareoperating_system
QualcommWcn7881 Firmwareoperating_system
QualcommWsa8810 Firmwareoperating_system
QualcommWsa8815 Firmwareoperating_system
QualcommWsa8830 Firmwareoperating_system
QualcommWsa8832 Firmwareoperating_system
QualcommWsa8835 Firmwareoperating_system
QualcommWsa8840 Firmwareoperating_system
QualcommWsa8845 Firmwareoperating_system
QualcommWsa8845h Firmwareoperating_system
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
ACTIVITY FEED
Recent activity
128 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
128 SOURCESView more in app
xakepNews
В Android исправили 124 уязвимости, включая 0-day под атаками - Хакер
A vulnerability in the Qualcomm display component for Android that was patched in March 2026 and was reported as used in limited targeted attacks.
Read more
bleeping computerNews
Google fixes one actively exploited Android zero-day, 124 flaws
A zero-day vulnerability in a Qualcomm display component that Google patched and said was under limited, targeted exploitation.
Read more
scworldNews
Google patches critical Android remote code execution flaw | brief | SC Media
A previously disclosed Qualcomm Graphics component vulnerability that could expose sensitive memory data and was reported as actively exploited.
Read more
security affairsNews
Critical Android vulnerability CVE-2026-0073 fixed by Google
A vulnerability in an open-source Qualcomm Graphics component for Android, described as a buffer over-read that could expose sensitive memory data and was confirmed by Google as actively exploited.
Read more
What this page doesn’t show
The version that knows your environment.
This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Exposure mapping
Query your assets running an affected version, and investigate the blast radius.
Threat actor evidence
Every observed campaign linking this CVE to a named adversary.
Associated malware
Malware families riding this exploit, with evidence and IOCs.
Detection signatures2
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Vendor-by-vendor mapping
Cross-references every affected SKU, including bundled OEM variants.
Social activity103
Community discussion across Reddit, Mastodon, and other social sources.
EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2026-21385
NVD
nvd.nist.gov/vuln/detail/CVE-2026-21385
MITRE CWE · CWE-190
Integer Overflow or Wraparound
Patch
docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html
Vendor Advisory
source.android.com/docs/security/bulletin/2026/2026-03-01
US Government Resource
cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-21385