CISA Warns Qualcomm Chipsets Memory Corruption Vulnerability Is Actively Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) added the critical Qualcomm chipset vulnerability to its Known Exploited Vulnerabilities (KEV) catalog on March 3, 2026, confirming active exploitation in the wild.

The flaw, tracked as CVE-2026-21385, impacts multiple Qualcomm chipsets and introduces a serious memory corruption risk. Attackers can leverage this vulnerability to compromise affected devices.

Vulnerability Overview

The vulnerability stems from an integer overflow condition (CWE-190) occurring during memory allocation alignment operations across several Qualcomm chipsets. When processing specific memory alignment requests, improper validation allows integer values to overflow, corrupting adjacent memory regions. This flaw enables threat actors to execute arbitrary code, escalate privileges, or destabilize targeted systems. Given the widespread deployment of Qualcomm chipsets in mobile, embedded, and IoT environments, this vulnerability significantly broadens the attack surface.

Qualcomm processors power hundreds of millions of Android smartphones, tablets, automotive systems, and connected devices globally, making this a highly attractive target for both state-sponsored actors and cybercriminals.

Field Details
CVE ID CVE-2026-21385
Vendor/Product Qualcomm / Multiple Chipsets
Vulnerability Type Memory Corruption
CWE CWE-190 (Integer Overflow or Wraparound)
Date Added to KEV March 03, 2026
Remediation Due Date March 24, 2026
Ransomware Usage Unknown
CISA Action Apply vendor mitigations or discontinue product use

CISA’s inclusion of this flaw in the KEV catalog confirms that threat actors are actively exploiting CVE-2026-21385 in real-world attacks. While ransomware campaign involvement remains unknown at this stage, memory corruption vulnerabilities of this class are frequently weaponized for privilege escalation, remote code execution chains, and persistent device compromise. The broad deployment of Qualcomm chipsets makes this an attractive target for both state-sponsored actors and cybercriminal groups.

CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies remediate this vulnerability by March 24, 2026, in line with Binding Operational Directive (BOD) 22-01. CISA recommends all organizations take the following steps immediately:

  • Apply patches as soon as Qualcomm releases official mitigations or firmware updates
  • Follow BOD 22-01 guidance for cloud-based services using affected chipsets
  • Discontinue use of affected products if no mitigations are available
  • Monitor devices running Qualcomm chipsets for anomalous behavior or unauthorized memory access attempts
  • Subscribe to CISA KEV catalog updates to stay informed of newly exploited vulnerabilities

Organizations relying on Qualcomm-powered infrastructure should treat this as a high-priority remediation item given the active exploitation status confirmed by CISA.

Related Articles

Back to top button