Untriaged
Permalink
CVE-2026-21383
7.1 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Local (L)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Local (L)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): None (N)
Activity log
- Created suggestion
Reusing a Nonce, Key Pair in Encryption in HLOS
Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security.
Affected products
Snapdragon
- ==QAMSRV1H
- ==QDU1210
- ==QDX1011
- ==FastConnect 7800
- ==QCA6595AU
- ==QCA6698AQ
- ==WSA8835
- ==SA8255P
- ==FastConnect 6900
- ==Pandeiro
- ==WSA8830
- ==QAM8397P
- ==QCA8695AU
- ==LeMans_AU_LGIT
- ==QDU1000
- ==Snapdragon AR1+ Gen 1 Platform
- ==SAR1165P
- ==WSA8832
- ==QAMSRV1M
- ==SRV1H
- ==Qualcomm Dragonwing X100 Accelerator Card
- ==QDU1110
- ==QXM1093
- ==SXR2230P
- ==SAR2130P
- ==XRV7209
- ==SA9000P
- ==WCN3950
- ==WCN7861
- ==QCA6797AQ
- ==QXM1094
- ==QPA1083BD
- ==QDX1010
- ==QAM8255P
- ==QLN1086BD
- ==QXM1095
- ==WCN7860
- ==SA8770P
- ==Snapdragon AR1 Gen 1 Platform
- ==WCD9385
- ==SXR2250P
- ==QCA6696
- ==QXM1096
- ==SA8620P
- ==SRV1M
- ==SA7775P
- ==WCD9380
- ==LeMansAU
- ==QAM8797P
- ==XRV9209
- ==QPA1086BD
- ==QLN1083BD
- ==SA7255P