CVE-2026-21385
published 2026-03-02CVE-2026-21385: Memory corruption while using alignments for memory allocation.
PriorityP185high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2026-03-24
Exploited in the wild
EPSS
1.07%
60.6th percentile
Memory corruption while using alignments for memory allocation.
Affected
235 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2026-21385 is a memory corruption vulnerability in Qualcomm GPU/chipset components triggered via alignment handling during memory allocation; monitor for crashes or unexpected process termination in GPU-related processes on Android devices with affected Qualcomm chipsets. ↗
- →CVE-2026-21385 has been confirmed as actively exploited in limited, targeted attacks (added to CISA KEV); prioritize detection and patching on Android devices using any of the 234–235 affected Qualcomm chipsets. ↗
- →Exploitation pattern is consistent with commercial spyware or nation-state operations targeting high-profile individuals; correlate CVE-2026-21385 exploitation attempts with spyware-related indicators on targeted Android devices. ↗
- →Apply the Android 2026-03-05 security patch level (or later) to remediate CVE-2026-21385; devices not yet at this patch level should be treated as potentially vulnerable and monitored for exploitation indicators. ↗
- ·Affected scope is broad: 234–235 Qualcomm chipsets across Android phones, tablets, and IoT devices are affected; patch availability depends on individual OEM/vendor timelines, not just Google's patch release. ↗
- ·Google Pixel devices receive patches immediately, but other Android vendors typically take longer to validate and distribute updates for their specific hardware configurations. ↗
- ·Qualcomm's own February advisory had not yet flagged CVE-2026-21385 as exploited in attacks at time of reporting, despite active exploitation being confirmed by Google TAG and CISA. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Qualcomm Multiple Chipsets Memory Corruption Vulnerability
cisa·2026-03-03·CVSS 7.8
CVE-2026-21385 [HIGH] CWE-190 Qualcomm Multiple Chipsets Memory Corruption Vulnerability
Vulnerability: Qualcomm Multiple Chipsets Memory Corruption Vulnerability
Affected: Qualcomm Multiple Chipsets
Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385
Remediation Due Date: 2026-03-24
GHSA
GHSA-wwwq-962j-m7x8: Memory corruption while using alignments for memory allocation
ghsa_unreviewed·2026-03-02
CVE-2026-21385 [HIGH] CWE-190 GHSA-wwwq-962j-m7x8: Memory corruption while using alignments for memory allocation
Memory corruption while using alignments for memory allocation.
VulnCheck
Qualcomm Multiple Chipsets Memory Corruption Vulnerability
vulncheck·2026·CVSS 7.8
CVE-2026-21385 [HIGH] CWE-190 Qualcomm Multiple Chipsets Memory Corruption Vulnerability
Qualcomm Multiple Chipsets Memory Corruption Vulnerability
Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation.
Affected: Qualcomm Multiple Chipsets
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://source.android.com/docs/security/bulletin/2026/2026-03-01; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://blog.talosintelligence.com/patch-track-repeat-the-2025-cve-retrospective/
Remediation Due: 2026-03-24
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Google fixes one actively exploited Android zero-day, 124 flaws
blogs_bleepingcomputer·2026-06-02·CVSS 7.8
CVE-2025-48595 [HIGH] Google fixes one actively exploited Android zero-day, 124 flaws
## Google fixes one actively exploited Android zero-day, 124 flaws
## Sergiu Gatlan
"Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible."
While Google has yet to share technical details about the flaw or provide more information about the ongoing attacks targeting it, similar flaws have been exploited in the past by commercial spyware and by nation-state operations targeting high-profile or high-interest individuals.
With this month's Android security updates, Google has fixed 18 critical vulnerabilities across System, Framework, and Qualcomm closed-source components that attackers can abuse to trigger denial-of-service conditions and e
Checkpoint
9th March – Threat Intelligence Report
blogs_checkpoint·2026-03-09
CVE-2026-0628 9th March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 9th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 9th March, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
AkzoNobel, a Netherlands-based global paint manufacturer, has confirmed a cyberattack affecting one of its United States sites. The company said the intrusion was contained, while the Anubis ransomware group claimed it stole 170 GB of data, including employee and financial records.
LexisNexis, a global legal data and analytics
Talos
Patch, track, repeat: The 2025 CVE retrospective
blogs_talos·2026-03-05
Patch, track, repeat: The 2025 CVE retrospective
## Patch, track, repeat: The 2025 CVE retrospective
Welcome to this week's edition of the Threat Source newsletter.
It's time to look back at a year that pushed the vulnerability landscape to new heights. I'll admit this retrospective is arriving a bit later than planned. With 48,196 CVEs in 2025 (a stunning 132 vulnerabilities per day), the analysis takes time — especially when you're operating one-handed after an encounter with black ice breaks your dominant arm. But better thorough than rushed, right?
What concerns me more than the sheer volume is what's inside these CVEs. XSS, SQL injection, and deserialization vulnerabilities continue to dominate, accounting for roughly 10,000 CVEs. Despite decades of awareness, these fundamental software security weaknesses persist.
The Known Exp
Talos
Patch, track, repeat: The 2025 CVE retrospective
blogs_talos·2026-03-05
Patch, track, repeat: The 2025 CVE retrospective
Welcome to this week's edition of the Threat Source newsletter.
It's time to look back at a year that pushed the vulnerability landscape to new heights. I'll admit this retrospective is arriving a bit later than planned. With 48,196 CVEs in 2025 (a stunning 132 vulnerabilities per day), the analysis takes time — especially when you're operating one-handed after an encounter with black ice breaks your dominant arm. But better thorough than rushed, right?
What concerns me more than the sheer volume is what's inside these CVEs. XSS, SQL injection, and deserialization vulnerabilities continue to dominate, accounting for roughly 10,000 CVEs. Despite decades of awareness, these fundamental software security weaknesses persist.
The Known Exploited Vulnerabilities (KEV) Catalog tells an even mo
Bleepingcomputer
Android gets patches for Qualcomm zero-day exploited in attacks
blogs_bleepingcomputer·2026-03-03·CVSS 7.8
CVE-2026-21385 [HIGH] Android gets patches for Qualcomm zero-day exploited in attacks
## Android gets patches for Qualcomm zero-day exploited in attacks
## Sergiu Gatlan
Qualcomm says it was alerted to this high-severity vulnerability on December 18 by Google's Android Security team , and it notified customers on February 2. According to its February advisory, which has yet to flag CVE-2026-21385 as exploited in attacks, the security flaw affects 235 Qualcomm chipsets.
"We commend the researchers from Google’s Threat Analysis Group for using coordinated disclosure practices," a Qualcomm spokesperson told BleepingComputer. "Regarding their GPU-related research, fixes were made available to our customers in January 2026. We encourage end users to apply security updates as they become available from device makers."
With this month's Android security updates, Google fixed 1
2026-03-02
Published
2026-03-03
Added to CISA KEV
Exploited in the wild