{"id":132,"date":"2026-03-03T08:49:23","date_gmt":"2026-03-03T08:49:23","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=132"},"modified":"2026-03-03T08:49:23","modified_gmt":"2026-03-03T08:49:23","slug":"google-confirms-cve-2026-21385-in-qualcomm-android-component-exploited","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=132","title":{"rendered":"Google Confirms CVE-2026-21385 in Qualcomm Android Component Exploited"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Mar 03, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Mobile Security<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjR_pPCmiYZpBkIhumuW9B55rXBX7U9PZto5xPxHsLBbx5EstbqXgUI-XLZkQQV8OCsdaOi5RuSapl0V4LPKX9B_8MDBqSteyX83vXpj7G8-87BBhyphenhyphen75Os_0RhTFWBL_yxr7JVwXXtZ-qdbbugAlw9MoC5mFEx0hfQMncgnDRR8tLlEMXsLiPmim2sTjzNO\/s1700-e365\/android-exploit.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>Google on Monday <a href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2026\/2026-03-01\" rel=\"noopener\" target=\"_blank\">disclosed<\/a> that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild.<\/p>\n<p>The vulnerability in question is <strong>CVE-2026-21385<\/strong> (CVSS score: 7.8), a buffer over-read in the Graphics component.<\/p>\n<p>\u00abMemory corruption when adding user-supplied data without checking available buffer space,\u00bb Qualcomm <a href=\"https:\/\/docs.qualcomm.com\/securitybulletin\/march-2026-bulletin.html\" rel=\"noopener\" target=\"_blank\">said<\/a> in an advisory, describing it as an integer overflow.<\/p>\n<p>The chipmaker said the flaw was reported to it through Google&#8217;s Android Security team on December 18, 2025. Customers were notified of the security defect on February 2, 2026.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/xm-cyber-comm-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjeddeABvLw_c_ToOCMJPgQbMsApaTV3NUf6HM6UvXJMdWuMwDjqX3SsAJ3AFa2tLmqtvPxYwtaaAxhEbjMflJYYBOEtruJgSbLmu5axVBfkb-epbRoJmYPS79p3QMYea_Z3OfeaKYa4ocXewrWsdMRRSUW7UE5dNMGns2eNUwSelaseMB4sblfZnEgxWTH\/s728-e100\/risk-d.png\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>There are currently no details on how the vulnerability is being exploited in the wild. However, Google acknowledged in its monthly Android security bulletin that \u00abthere are indications that CVE-2026-21385 may be under limited, targeted exploitation.\u00bb<\/p>\n<p>Google&#8217;s March 2026 update contains patches for a total of 129 vulnerabilities, including a critical flaw in the System component (CVE-2026-0006) that could lead to remote code execution without requiring any additional privileges or user interaction. In contrast, Google addressed one Android vulnerability in January 2026 and none last month.<\/p>\n<p>Also patched by Google are multiple critical-rated bugs: a privilege escalation bug in Framework (CVE-2026-0047), a denial-of-service (DoS) in System (CVE-2025-48631), and seven privilege escalation flaws in Kernel components (CVE-2024-43859, CVE-2026-0037, CVE-2026-0038, CVE-2026-0027, CVE-2026-0028, CVE-2026-0030, and CVE-2026-0031).<\/p>\n<p>The Android security bulletin includes two patch levels \u2013 2026-03-01 and 2026-03-05 \u2013 to give Android partners the flexibility to address common vulnerabilities on different devices more quickly.<\/p>\n<p>The second patch level includes fixes for Kernel components, as well as those from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unisoc.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Mar 03, 2026Vulnerability \/ Mobile Security Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the&hellip;<\/p>\n","protected":false},"author":1,"featured_media":133,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[281,374,63,372,128,2,373],"class_list":["post-132","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-android","tag-component","tag-confirms","tag-cve202621385","tag-exploited","tag-google","tag-qualcomm"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/132","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=132"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/132\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/133"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=132"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=132"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=132"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}