Developer Workspace

Loading...

Bring your ideas to life by saving your favorite products, comparing specifications and sharing with your team to work collaboratively.

0 Projects

Sort

You do not have any projects yet. Start building your Workspace.

Documentation

Security Bulletin

Navigator

Close
2026 Security Bulletins
July
June
May
April
March
February
January
2025 Security Bulletins
December
November
October
September
August
July
June
May
April
March
February
January
2024 Security Bulletins
December
November
October
September
August
July
June
May
April
March
February
January
2023 Security Bulletins
December
November
October
September
August
July
June
May
April
March
February
January
2022 Security Bulletins
December
November
October
September
August
July
June
May
April
March
February
January
2021 Security Bulletins
December
November
October
September
August
July
June
May
April
March
February
January
2020 Security Bulletins
December
November
October
September
August
July
June
May
April
March
February
January
2019 Security Bulletins
December
November
October
September
August
July
June
May
April
March
February
January
2018 Security Bulletins
December
November
October
September
August
July
June
May

Legal notice

July 2026 Security Bulletin

Published: 07/06/2026

This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security issues that have been addressed in QTI’s proprietary code and (ii) links to publicly available code where security issues have been addressed.

Please reach out to securitybulletin@qti.qualcomm.com for any questions related to this bulletin.

Table of Contents

Announcements
Acknowledgements
Proprietary Software Issues
Open Source Software Issues
Industry Coordination

Announcements

None

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2026-25271,CVE-2025-59615,CVE-2025-59616,CVE-2025-59617,CVE-2026-21368,CVE-2026-21369,CVE-2026-21370,CVE-2026-21384 heidada (heiheidada)

Proprietary Software Issues

The tables below summarize security vulnerabilities that were addressed through proprietary software

This table lists high impact security vulnerabilities. Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible. Please contact the device manufacturer for information on the patching status of released devices.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2026-25268 Critical High WLAN Host Internal
CVE-2026-21379 High High Windows Compute Internal
CVE-2026-21383 High High HLOS Internal
CVE-2026-25271 High High DSP Service 11/17/2025

CVE-2026-25268

CVE ID CVE-2026-25268
Title Stack-based Buffer Overflow in WLAN Host
Description Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations.
Technology Area WLAN Host
Vulnerability Type CWE-121 Stack-based Buffer Overflow
Access Vector Remote
Security Rating Critical
CVSS Rating High
CVSS Score 8.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 2026/04/06
Affected Chipsets* 5G Fixed Wireless Access Platform, AR8035, CQ7790, CQ8725S, CSR8811, FastConnect 6700, FastConnect 6900, FastConnect 7800, FWA Gen 3 Ultra Platform, FWA Gen 5 Elite Platform, Immersive Home 214 Platform, Immersive Home 216 Platform, Immersive Home 316 Platform, Immersive Home 318 Platform, Immersive Home 3210 Platform, Immersive Home 326 Platform, IPQ5010, IPQ5028, IPQ5300, IPQ5302, IPQ5312, IPQ5332, IPQ6000, IPQ6010, IPQ6018, IPQ8076, IPQ8078, IPQ9008, IPQ9048, IPQ9554, IPQ9570, IPQ9574, Kobuk, Marina, Networking Pro 1200 Platform, Networking Pro 1210 Platform, Networking Pro 1610 Platform, Networking Pro 400 Platform, Networking Pro 600 Platform, Networking Pro 610 Platform, Networking Pro 800 Platform, Networking Pro 810 Platform, Orne, QCA0000, QCA4024, QCA6174A, QCA8075, QCA8080, QCA8081, QCA8082, QCA8084, QCA8085, QCA8101, QCA8102, QCA8111, QCA8112, QCA8337, QCA8384, QCA8385, QCA8386, QCA9888, QCA9889, QCC710, QCF8000, QCF8001, QCM5430, QCM6490, QCN5022, QCN5024, QCN5052, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5224, QCN6023, QCN6024, QCN6112, QCN6122, QCN6132, QCN6224, QCN6274, QCN6402, QCN6412, QCN6422, QCN6432, QCN9000, QCN9012, QCN9013, QCN9022, QCN9024, QCN9070, QCN9100, QCN9160, QCN9274, QFW7114, QFW7124, QFW7224, QMX82L, QMX85L, Qualcomm® Video Collaboration VC3 Platform, QXM8083, SAR2130P, SDX61, SDX65M, SDX81, Snapdragon 460 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon Auto 5G Modem-RF, Snapdragon X62 5G Modem-RF System, Snapdragon X65 5G Modem-RF System, Snapdragon X72 5G Modem-RF System, Snapdragon X75 5G Modem-RF System, SW-only, WCD9340, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3988, WCN6755, WCN7861, WCN7881, WSA8830, WSA8832, WSA8835

CVE-2026-21379

CVE ID CVE-2026-21379
Title Buffer Over-read in Windows Compute
Description Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.
Technology Area Windows Compute
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 2026/01/05
Affected Chipsets* AQT1000, Cologne, FastConnect 6200, FastConnect 6700, FastConnect 6800, FastConnect 6900, FastConnect 7800, IQX5121, IQX7181, QCA0000, QCA6391, QCA6420, QCA6430, QCM5430, QCM6490, Qualcomm® Video Collaboration VC3 Platform, SC8380XP, Snapdragon 7c+ Gen 3 Compute, Snapdragon 8c Compute Platform "Poipu Lite", Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite", Snapdragon 8cx Compute Platform, Snapdragon 8cx Compute Platform "Poipu Pro", Snapdragon 8cx Gen 2 5G Compute Platform, Snapdragon 8cx Gen 2 5G Compute Platform "Poipu Pro", Snapdragon 8cx Gen 3 Compute Platform, WCD9340, WCD9341, WCD9370, WCD9375, WCD9378C, WCD9380, WCD9385, WSA8810, WSA8815, WSA8830, WSA8835, WSA8840, WSA8845, WSA8845H, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039

CVE-2026-21383

CVE ID CVE-2026-21383
Title Reusing a Nonce, Key Pair in Encryption in HLOS
Description Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security.
Technology Area HLOS
Vulnerability Type CWE-323: Reusing a Nonce, Key Pair in Encryption
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.1
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Date Reported Internal
Customer Notified Date 2026/01/05
Affected Chipsets* FastConnect 6900, FastConnect 7800, LeMans_AU_LGIT, LeMansAU, Pandeiro, QAM8255P, QAM8397P, QAM8797P, QAMSRV1H, QAMSRV1M, QCA6595AU, QCA6696, QCA6698AQ, QCA6797AQ, QCA8695AU, QDU1000, QDU1110, QDU1210, QDX1010, QDX1011, QLN1083BD, QLN1086BD, QPA1083BD, QPA1086BD, Qualcomm Dragonwing™ X100 Accelerator Card, QXM1093, QXM1094, QXM1095, QXM1096, SA7255P, SA7775P, SA8255P, SA8620P, SA8770P, SA9000P, SAR1165P, SAR2130P, Snapdragon AR1 Gen 1 Platform, Snapdragon AR1+ Gen 1 Platform, SRV1H, SRV1M, SXR2230P, SXR2250P, WCD9380, WCD9385, WCN3950, WCN7860, WCN7861, WSA8830, WSA8832, WSA8835, XRV7209, XRV9209

CVE-2026-25271

CVE ID CVE-2026-25271
Title Time-of-check Time-of-use (TOCTOU) Race Condition in DSP Service
Description Memory Corruption when processing asynchronous input parameters due to improper handling of modified values between check and use.
Technology Area DSP Service
Vulnerability Type CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported 2025/11/17
Customer Notified Date 2026/04/06
Affected Chipsets* Cologne, FastConnect 6900, FastConnect 7800, IQX5121, IQX7181, QCA0000, SC8380XP, WCD9378C, WCD9380, WCD9385, WSA8840, WSA8845, WSA8845H, X2000077, X2000086, X2000090, X2000092, X2000094, XG101002, XG101032, XG101039

*The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.

Open Source Software Issues

The tables below summarize security vulnerabilities that were addressed through open source software

This table lists high impact security vulnerabilities. Patches are being actively shared with OEMs, who have been notified and strongly recommended to deploy those patches on released devices as soon as possible. Please contact the device manufacturer for information on the patching status of released devices.

Public ID Security Rating CVSS Rating Technology Area Date Reported

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2025-59615 Medium Medium Computer Vision 07/24/2025
CVE-2025-59616 Medium Medium Computer Vision 07/20/2025
CVE-2025-59617 Medium Medium Computer Vision 08/04/2025
CVE-2026-21368 Medium Medium Camera Driver 07/31/2025
CVE-2026-21369 Medium Medium Camera Driver 07/23/2025
CVE-2026-21370 Medium Medium Camera Driver 08/04/2025
CVE-2026-21384 Medium Medium Camera Driver 08/04/2025

CVE-2025-59615

CVE ID CVE-2025-59615
Title Use After Free in Computer Vision
Description Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization.
Technology Area Computer Vision
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.6
CVSS String CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
Date Reported 2025/07/24
Customer Notified Date 2026/01/05
Affected Chipsets* FastConnect 6700, FastConnect 6900, FastConnect 7800, Molokai, Orne, Pandeiro, QCM5430, QCM6490, QLN1083BD, QLN1086BD, QMP1000, QMP2001, QPA1083BD, QPA1086BD, Qualcomm® Video Collaboration VC3 Platform, QXM1093, QXM1094, QXM1095, QXM1096, SC8380XP, SD865 5G, SM6850, SM8845P, Snapdragon 460 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 8 Elite Gen 5, Snapdragon AR1 Gen 1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SXR2230P, SXR2250P, SXR2330P, SXR2350P, WCD9370, WCD9375, WCD9378, WCD9380, WCD9385, WCD9395, WCN3950, WCN3988, WCN6450, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, WSA8850, WSA8850W, WSA8855C, XRV7209, XRV9209
Patch**
  • https://git.codelinaro.org/clo/la/platform/vendor/opensource/eva-kernel/-/commit/8cbb20ad32820628ecaca80cb9bac32629a7615d

CVE-2025-59616

CVE ID CVE-2025-59616
Title Use After Free in Computer Vision
Description Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.
Technology Area Computer Vision
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.6
CVSS String CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
Date Reported 2025/07/20
Customer Notified Date 2026/01/05
Affected Chipsets* FastConnect 6700, FastConnect 6900, FastConnect 7800, Molokai, Orne, Pandeiro, QCM5430, QCM6490, QMP1000, QMP2001, Qualcomm® Video Collaboration VC3 Platform, SC8380XP, SD865 5G, SM6850, SM8845P, Snapdragon 460 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 8 Elite Gen 5, Snapdragon AR1 Gen 1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SXR2230P, SXR2250P, WCD9370, WCD9375, WCD9378, WCD9380, WCD9385, WCD9395, WCN3950, WCN3988, WCN6450, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, WSA8850, WSA8850W, WSA8855C
Patch**
  • https://git.codelinaro.org/clo/la/platform/vendor/opensource/eva-kernel/-/commit/ba8935a2e4bb6412d76b74f78e53edc3b3a02297

CVE-2025-59617

CVE ID CVE-2025-59617
Title Use After Free in Computer Vision
Description Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input.
Technology Area Computer Vision
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.6
CVSS String CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
Date Reported 2025/08/04
Customer Notified Date 2026/01/05
Affected Chipsets* FastConnect 6700, FastConnect 6900, FastConnect 7800, Molokai, Orne, Pandeiro, QCM5430, QCM6490, QMP1000, QMP2001, Qualcomm® Video Collaboration VC3 Platform, SC8380XP, SD865 5G, SM6850, SM8845P, Snapdragon 460 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 8 Elite Gen 5, Snapdragon AR1 Gen 1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SXR2230P, SXR2250P, WCD9370, WCD9375, WCD9378, WCD9380, WCD9385, WCD9395, WCN3950, WCN3988, WCN6450, WCN7760, WCN7860, WCN7861, WCN7880, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, WSA8850, WSA8850W, WSA8855C
Patch**
  • https://git.codelinaro.org/clo/la/platform/vendor/opensource/eva-kernel/-/commit/ba8935a2e4bb6412d76b74f78e53edc3b3a02297

CVE-2026-21368

CVE ID CVE-2026-21368
Title Out-of-bounds Write in Camera Driver
Description Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.
Technology Area Camera Driver
Vulnerability Type CWE-787: Out-of-bounds Write
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 5.3
CVSS String CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Date Reported 2025/07/31
Customer Notified Date 2026/01/05
Affected Chipsets* FastConnect 6700, FastConnect 6900, FastConnect 7800, G3x Gen 2, IQ9 Series Platform, LeMans_AU_LGIT, LeMansAU, Netrani, Pandeiro, QAM8255P, QAMSRV1H, QAMSRV1M, QCA6595, QCA6595AU, QCA6678AQ, QCA6698AQ, QCA6698AU, QCA6797AQ, QCM4490, QCM8838, QCS4490, QCS8550, QLN1083BD, QLN1086BD, QPA1083BD, QPA1086BD, QXM1093, QXM1094, QXM1095, QXM1096, SA7255P, SA7775P, SA8255P, SA8620P, SA8770P, SA9000P, SAR2130P, SC8380XP, SD 8 Gen1 5G, SD865 5G, SDR753, SM7435, SM7525, SM7550, SM7550P, SM8550P, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 7 Gen 1 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SRV1H, SRV1M, SXR2230P, SXR2330P, SXR2350P, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3950, WCN3988, WCN6450, WCN6650, WCN6755, WCN7860, WCN7861, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, X1E80100, XRV7209, XRV9209
Patch**
  • https://git.codelinaro.org/clo/la/platform/vendor/opensource/camera-kernel/-/commit/cfd26cd939b546fece73d404dff63413c56dd89f
  • https://git.codelinaro.org/clo/le/platform/vendor/opensource/camera-kernel/-/commit/542b6248909fe3a7d40ad613cd409b1a9f7d1935

CVE-2026-21369

CVE ID CVE-2026-21369
Title Out-of-bounds Write in Camera Driver
Description Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification.
Technology Area Camera Driver
Vulnerability Type CWE-787: Out-of-bounds Write
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 5.3
CVSS String CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Date Reported 2025/07/23
Customer Notified Date 2026/01/05
Affected Chipsets* FastConnect 6200, FastConnect 6700, FastConnect 6900, FastConnect 7800, G1 Gen 1, G3x Gen 2, IQ9 Series Platform, Kalpeni, LeMans_AU_LGIT, LeMansAU, Pandeiro, QAM8255P, QAM8295P, QAMSRV1H, QAMSRV1M, QCA6574AU, QCA6595, QCA6688AQ, QCA6696, QCA6698AQ, QCA6797AQ, QCA8695AU, QCM2290, QCM4325, QCM4490, QCM5430, QCM6490, QCM8838, QCS2290, QCS4290, QCS4490, QLN1083BD, QLN1086BD, QPA1083BD, QPA1086BD, Qualcomm® Video Collaboration VC3 Platform, QXM1093, QXM1094, QXM1095, QXM1096, SA6155P, SA7255P, SA7775P, SA8155P, SA8195P, SA8255P, SA8295P, SA8620P, SA8770P, SA9000P, SAR2130P, SC8380XP, SD662, SD865 5G, SDR753, SM6225P, SM7525, SM7550, SM7550P, SM8550P, Snapdragon 4 Gen 1 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 480 5G Mobile Platform, Snapdragon 480+ 5G Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 680 4G Mobile Platform, Snapdragon 685 4G Mobile Platform, Snapdragon 695 5G Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, Snapdragon® Wear Elite platform, SRV1H, SRV1M, SXR2230P, SXR2330P, SXR2350P, Themisto, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3910, WCN3950, WCN3988, WCN6450, WCN6650, WCN6755, WCN7860, WCN7861, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, X1E80100, XRV7209, XRV9209
Patch**
  • https://git.codelinaro.org/clo/la/platform/vendor/opensource/camera-kernel/-/commit/2e84a9851a94f228001d6cafdaea3924e9bd1482
  • https://git.codelinaro.org/clo/le/platform/vendor/opensource/camera-kernel/-/commit/e4c7866339366ba2e884cb671b390a10c97411b6

CVE-2026-21370

CVE ID CVE-2026-21370
Title Out-of-bounds Write in Camera Driver
Description Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.
Technology Area Camera Driver
Vulnerability Type CWE-787: Out-of-bounds Write
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 5.3
CVSS String CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Date Reported 2025/08/04
Customer Notified Date 2026/01/05
Affected Chipsets* FastConnect 6700, FastConnect 6900, FastConnect 7800, G3x Gen 2, IQ9 Series Platform, LeMans_AU_LGIT, LeMansAU, Netrani, Pandeiro, QAM8255P, QAMSRV1H, QAMSRV1M, QCA6595, QCA6595AU, QCA6678AQ, QCA6698AQ, QCA6698AU, QCA6797AQ, QCM4490, QCM8838, QCS4490, QCS8550, QLN1083BD, QLN1086BD, QPA1083BD, QPA1086BD, QXM1093, QXM1094, QXM1095, QXM1096, SA7255P, SA7775P, SA8255P, SA8620P, SA8770P, SA9000P, SAR2130P, SC8380XP, SD 8 Gen1 5G, SD865 5G, SDR753, SM7435, SM7525, SM7550, SM7550P, SM8550P, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 7 Gen 1 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon 8 Gen 2 Mobile Platform, Snapdragon 8+ Gen 2 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SRV1H, SRV1M, SXR2230P, SXR2330P, SXR2350P, WCD9370, WCD9371, WCD9375, WCD9378, WCD9380, WCD9385, WCD9390, WCD9395, WCN3950, WCN3988, WCN6450, WCN6650, WCN6755, WCN7860, WCN7861, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, X1E80100, XRV7209, XRV9209
Patch**
  • https://git.codelinaro.org/clo/la/platform/vendor/opensource/camera-kernel/-/commit/2384bb3718b1116ec4964faa59127d52e3ec1804
  • https://git.codelinaro.org/clo/le/platform/vendor/opensource/camera-kernel/-/commit/295c217dff61515eb8e695721b4334e170e95553

CVE-2026-21384

CVE ID CVE-2026-21384
Title Out-of-bounds Write in Camera Driver
Description Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits.
Technology Area Camera Driver
Vulnerability Type CWE-787: Out-of-bounds Write
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 5.3
CVSS String CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Date Reported 2025/08/04
Customer Notified Date 2026/01/05
Affected Chipsets* FastConnect 6700, FastConnect 6900, FastConnect 7800, LeMans_AU_LGIT, LeMansAU, Netrani, Pandeiro, QAM8255P, QAMSRV1H, QAMSRV1M, QCA6595, QCA6595AU, QCA6678AQ, QCA6698AQ, QCA6698AU, QCA6797AQ, QCM4490, QCM5430, QCM6490, QCM8838, QCS4490, QCS8550, QLN1083BD, QLN1086BD, QPA1083BD, QPA1086BD, Qualcomm® Video Collaboration VC3 Platform, QXM1093, QXM1094, QXM1095, QXM1096, SA7255P, SA7775P, SA8255P, SA8620P, SA8770P, SA9000P, SAR2130P, SC8380XP, SD 8 Gen1 5G, SD865 5G, SDR753, SM7435, Snapdragon 4 Gen 2 Mobile Platform, Snapdragon 460 Mobile Platform, Snapdragon 6 Gen 1 Mobile Platform, Snapdragon 6 Gen 3 Mobile Platform, Snapdragon 662 Mobile Platform, Snapdragon 7 Gen 1 Mobile Platform, Snapdragon 8 Elite, Snapdragon 8 Gen 1 Mobile Platform, Snapdragon AR1 Gen 1 Platform, Snapdragon XR2 5G Platform, Snapdragon XR2+ Gen 1 Platform, SRV1H, SRV1M, SXR2230P, SXR2330P, SXR2350P, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3988, WCN6755, WCN7860, WCN7861, WCN7881, WSA8810, WSA8815, WSA8830, WSA8832, WSA8835, WSA8840, WSA8845, WSA8845H, XRV7209, XRV9209
Patch**
  • https://git.codelinaro.org/clo/la/platform/vendor/opensource/camera-kernel/-/commit/2795d6ec4979ad43d7155e28d5177d068bd853b1

* The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.

** Data is generated only at the time of bulletin creation

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

  • Consideration of security protections such as SELinux not enforced on some platforms
  • Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.

This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.

Qualcomm Technologies, Inc.

San Diego, CA 92121

U.S.A.

© 2022 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.

  • Table of Contents
  • Announcements
  • Acknowledgements
  • Proprietary Software Issues
  • CVE-2026-25268
  • CVE-2026-21379
  • CVE-2026-21383
  • CVE-2026-25271
  • Open Source Software Issues
  • CVE-2025-59615
  • CVE-2025-59616
  • CVE-2025-59617
  • CVE-2026-21368
  • CVE-2026-21369
  • CVE-2026-21370
  • CVE-2026-21384
  • Industry Coordination
Qualcomm relentlessly innovates to deliver intelligent computing everywhere, helping the world tackle some of its most important challenges. Our leading-edge AI, high performance, low-power computing, and unrivaled connectivity deliver proven solutions that transform major industries. At Qualcomm, we are engineering human progress.

Quick links

  • Products
  • Support
  • Partners
  • Contact us
  • Developer

Company info

  • About us
  • Careers
  • Investors
  • News & media
  • Our businesses
  • Email Subscriptions

Stay connected

Get the latest Qualcomm and industry information delivered to your inbox.

Subscribe
Manage your subscription
  • Terms of Use
  • Privacy
  • Cookie Policy
  • Accessibility Statement
  • Responsible AI Policy
  • Do Not Sell or Share My Personal Information

Languages

  • English ( United States )
  • 简体中文 ( China )

© Qualcomm Technologies, Inc. and/or its affiliated companies.

Snapdragon and Qualcomm branded products are products of Qualcomm Technologies, Inc. and/or its subsidiaries. Qualcomm patented technologies are licensed by Qualcomm Incorporated.

Note: Certain services and materials may require you to accept additional terms and conditions before accessing or using those items.

References to "Qualcomm" may mean Qualcomm Incorporated, or subsidiaries or business units within the Qualcomm corporate structure, as applicable.

Qualcomm Incorporated includes our licensing business, QTL, and the vast majority of our patent portfolio. Qualcomm Technologies, Inc., a subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of our engineering, research and development functions, and substantially all of our products and services businesses, including our QCT semiconductor business.

Materials that are as of a specific date, including but not limited to press releases, presentations, blog posts and webcasts, may have been superseded by subsequent events or disclosures.

Nothing in these materials is an offer to sell or license any of the services or materials referenced herein.

Scroll To Top
This website processes personal data through our and third parties’ online tracking technologies, including analytics and advertising cookies. To learn more about how we and our affiliates within the Qualcomm Group may use your personal data and cookies, please review the Privacy Policy published at the bottom of this website and Qualcomm’s Cookie Policy. If you don’t want to share your website activities, including browsing behavior, with our third-party partners via these tracking technologies, click on “Cookie Settings" below to update your preferences. You can also update your cookie preferences at any time by clicking the Do Not Sell or Share My Personal Information link at the bottom of this website.
Company Logo
Opt-Out Request Honored

Do Not Sell or Share My Personal Data

As described in greater detail in the Privacy Policy at the bottom of this website and Qualcomm’s Cookie Policy, we use certain third party advertising and other cookies on this website, which may be considered a “sale” of personal information or “sharing” of personal information for targeted advertising under applicable data privacy laws. To opt out of the sale or sharing of your personal information, please click the “Share or Sale of Personal Information” toggle button below. When you have opted out, the button color will change from blue to grey. We will also honor your opt-out of sale or sharing requests communicated via opt-out preference signals, such as the Global Privacy Control.

Manage Consent Preferences

Strictly Necessary Cookies

Always Active

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.

Share Or Sale of Personal Information

As described above, you may exercise your right to opt out of the sale or sharing of personal information by using this toggle button

  • Analytics Cookies

    label

    These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

  • Personalization Cookies

    label

    These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

  • Targeting Cookies

    label

    These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising.

Cookie List

Search Icon
  • label
Consent Leg.Interest
label
label
label
Powered by Onetrust