Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild.
The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component.
“Memory corruption when adding user-supplied data without checking available buffer space,” Qualcomm said in an advisory, describing it as an integer overflow.
The chipmaker said the flaw was reported to it through Google’s Android Security team on December 18, 2025. Customers were notified of the security defect on February 2, 2026.
There are currently no details on how the vulnerability is being exploited in the wild. However, Google acknowledged in its monthly Android security bulletin that “there are indications that CVE-2026-21385 may be under limited, targeted exploitation.”
Google’s March 2026 update contains patches for a total of 129 vulnerabilities, including a critical flaw in the System component (CVE-2026-0006) that could lead to remote code execution without requiring any additional privileges or user interaction. In contrast, Google addressed one Android vulnerability in January 2026 and none last month.
Also patched by Google are multiple critical-rated bugs: a privilege escalation bug in Framework (CVE-2026-0047), a denial-of-service (DoS) in System (CVE-2025-48631), and seven privilege escalation flaws in Kernel components (CVE-2024-43859, CVE-2026-0037, CVE-2026-0038, CVE-2026-0027, CVE-2026-0028, CVE-2026-0030, and CVE-2026-0031).
The Android security bulletin includes two patch levels – 2026-03-01 and 2026-03-05 – to give Android partners the flexibility to address common vulnerabilities on different devices more quickly.
The second patch level includes fixes for Kernel components, as well as those from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unisoc.
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
