Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-21372

7.8 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 week, 5 days ago

Heap-Based Buffer Overflow in Power Management IC

Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-b…

Affected products

Snapdragon

==Snapdragon 460 Mobile Platform
==WSA8840
==FastConnect 7800
==QCM6490
==XG101032
==Cologne
==Qualcomm Video Collaboration VC3 Platform
==FastConnect 6700
==WSA8845H
==X2000086
==WCN3988
==WSA8845
==WCD9370
==X2000077
==X2000092
==FastConnect 6900
==XG101002
==WCN3950
==WCD9378C
==Snapdragon 7c+ Gen 3 Compute
==WCD9385
==WCD9375
==WCD9380
==Snapdragon 662 Mobile Platform
==X2000090
==X2000094
==XG101039
==QCM5430

Matching in nixpkgs

pkgs.snapdragon-profiler

An profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2