CVE-2026-21383
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon | FastConnect 6900 | affected |
| Qualcomm, Inc. | Snapdragon | FastConnect 7800 | affected |
| Qualcomm, Inc. | Snapdragon | LeMans_AU_LGIT | affected |
| Qualcomm, Inc. | Snapdragon | LeMansAU | affected |
| Qualcomm, Inc. | Snapdragon | Pandeiro | affected |
| Qualcomm, Inc. | Snapdragon | QAM8255P | affected |
| Qualcomm, Inc. | Snapdragon | QAM8397P | affected |
| Qualcomm, Inc. | Snapdragon | QAM8797P | affected |
| Qualcomm, Inc. | Snapdragon | QAMSRV1H | affected |
| Qualcomm, Inc. | Snapdragon | QAMSRV1M | affected |
| Qualcomm, Inc. | Snapdragon | QCA6595AU | affected |
| Qualcomm, Inc. | Snapdragon | QCA6696 | affected |
| Qualcomm, Inc. | Snapdragon | QCA6698AQ | affected |
| Qualcomm, Inc. | Snapdragon | QCA6797AQ | affected |
| Qualcomm, Inc. | Snapdragon | QCA8695AU | affected |
| Qualcomm, Inc. | Snapdragon | QDU1000 | affected |
| Qualcomm, Inc. | Snapdragon | QDU1110 | affected |
| Qualcomm, Inc. | Snapdragon | QDU1210 | affected |
| Qualcomm, Inc. | Snapdragon | QDX1010 | affected |
| Qualcomm, Inc. | Snapdragon | QDX1011 | affected |
| Qualcomm, Inc. | Snapdragon | QLN1083BD | affected |
| Qualcomm, Inc. | Snapdragon | QLN1086BD | affected |
| Qualcomm, Inc. | Snapdragon | QPA1083BD | affected |
| Qualcomm, Inc. | Snapdragon | QPA1086BD | affected |
| Qualcomm, Inc. | Snapdragon | Qualcomm Dragonwing X100 Accelerator Card | affected |
| Qualcomm, Inc. | Snapdragon | QXM1093 | affected |
| Qualcomm, Inc. | Snapdragon | QXM1094 | affected |
| Qualcomm, Inc. | Snapdragon | QXM1095 | affected |
| Qualcomm, Inc. | Snapdragon | QXM1096 | affected |
| Qualcomm, Inc. | Snapdragon | SA7255P | affected |
| Qualcomm, Inc. | Snapdragon | SA7775P | affected |
| Qualcomm, Inc. | Snapdragon | SA8255P | affected |
| Qualcomm, Inc. | Snapdragon | SA8620P | affected |
| Qualcomm, Inc. | Snapdragon | SA8770P | affected |
| Qualcomm, Inc. | Snapdragon | SA9000P | affected |
| Qualcomm, Inc. | Snapdragon | SAR1165P | affected |
| Qualcomm, Inc. | Snapdragon | SAR2130P | affected |
| Qualcomm, Inc. | Snapdragon | Snapdragon AR1 Gen 1 Platform | affected |
| Qualcomm, Inc. | Snapdragon | Snapdragon AR1+ Gen 1 Platform | affected |
| Qualcomm, Inc. | Snapdragon | SRV1H | affected |
| Qualcomm, Inc. | Snapdragon | SRV1M | affected |
| Qualcomm, Inc. | Snapdragon | SXR2230P | affected |
| Qualcomm, Inc. | Snapdragon | SXR2250P | affected |
| Qualcomm, Inc. | Snapdragon | WCD9380 | affected |
| Qualcomm, Inc. | Snapdragon | WCD9385 | affected |
| Qualcomm, Inc. | Snapdragon | WCN3950 | affected |
| Qualcomm, Inc. | Snapdragon | WCN7860 | affected |
| Qualcomm, Inc. | Snapdragon | WCN7861 | affected |
| Qualcomm, Inc. | Snapdragon | WSA8830 | affected |
| Qualcomm, Inc. | Snapdragon | WSA8832 | affected |
| Qualcomm, Inc. | Snapdragon | WSA8835 | affected |
| Qualcomm, Inc. | Snapdragon | XRV7209 | affected |
| Qualcomm, Inc. | Snapdragon | XRV9209 | affected |
Weaknesses
- CWE-323: CWE-323: Reusing a Nonce, Key Pair in Encryption
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.