Nixpkgs security tracker

Untriaged

Permalink CVE-2025-47391

7.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Stack-based Buffer Overflow in Camera Driver

Memory corruption while processing a frame request from user.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-b…

Affected products

Snapdragon

==SA8255P
==Pandeiro
==WCD9385
==SM8550P
==SM7550
==SA7775P
==SD 8 Gen1 5G
==WCD9390
==WSA8840
==FastConnect 6900
==FastConnect 6200
==SM7635P
==SM8635P
==WCN7861
==WCD9370
==Snapdragon 8+ Gen 1 Mobile Platform
==SM8635
==QCN9011
==Snapdragon 4 Gen 2 Mobile Platform
==Snapdragon 8 Elite Gen 5
==Snapdragon 8 Gen 3 Mobile Platform
==SM6650P
==QCN9012
==SA9000P
==Snapdragon 6 Gen 4 Mobile Platform
==WCN3988
==QMP1000
==QCM5430
==WCD9380
==SM7435
==QAM8255P
==WSA8845H
==WSA8830
==QCA6678AQ
==QCA6698AU
==Snapdragon 6 Gen 1 Mobile Platform
==QCA6595
==QCM6490
==FastConnect 6700
==SA7255P
==Palawan25
==SM7550P
==Snapdragon 7s Gen 3 Mobile Platform
==Snapdragon 8+ Gen 2 Mobile Platform
==QAM8397P
==LeMansAU
==SM7675P
==Snapdragon AR1 Gen 1 Platform
==QCA8695AU
==QCM4490
==SA8620P
==Snapdragon 8 Gen 2 Mobile Platform
==WCN3950
==Netrani
==WCD9375
==WCN6755
==WCN6650
==LeMans_AU_LGIT
==Qualcomm Video Collaboration VC3 Platform
==Snapdragon 7 Gen 1 Mobile Platform
==Snapdragon 7+ Gen 2 Mobile Platform
==QCA6698AQ
==WCN7860
==WCD9371
==SRV1H
==WSA8815
==IQ9 Series Platform
==IQ8 Series Platform
==Snapdragon 6 Gen 3 Mobile Platform
==QCS8550
==WSA8832
==WSA8845
==SM8750P
==QCA6797AQ
==SM8650Q
==QCA6595AU
==FastConnect 7800
==Monaco_IOT
==WCD9378
==Milos
==SRV1M
==G2 Gen 1
==WCN7880
==SA8770P
==Orne
==WCD9395
==Snapdragon 8 Elite
==WCN7881
==WSA8835
==QCS4490
==SM7675
==QCA6391
==IQ6 Series Platform
==WSA8810
==QAMSRV1H
==Snapdragon 8 Gen 1 Mobile Platform
==SM8475P
==WCN6450
==QAMSRV1M

Matching in nixpkgs

pkgs.snapdragon-profiler

An profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Untriaged

Permalink CVE-2025-47389

7.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Buffer Copy Without Checking Size of Input in Automotive Platform

Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-b…

Affected products

Snapdragon

==QCA6584AU
==SC8380XP
==SXR2350P
==XG101039
==Snapdragon 865 5G Mobile Platform
==SA8255P
==Pandeiro
==SRV1L
==WCD9385
==X2000090
==SM7325P
==SA7775P
==WCD9390
==WSA8840
==FastConnect 6900
==QLN1086BD
==QCC710
==Qualcomm Video Collaboration VC1 Platform
==FastConnect 6200
==SM7635P
==SM8635P
==WCN7861
==QXM1086
==WCD9370
==QCA6174A
==SA8145P
==SM8635
==QAM8295P
==SA6145P
==Snapdragon 4 Gen 2 Mobile Platform
==Snapdragon 480 5G Mobile Platform
==Snapdragon 8 Elite Gen 5
==Snapdragon X72 5G Modem-RF System
==Snapdragon 8 Gen 3 Mobile Platform
==SM6650P
==WCN3910
==Snapdragon X75 5G Modem-RF System
==Snapdragon 778G 5G Mobile Platform
==XRV9209
==SA9000P
==SAR1165P
==Snapdragon 6 Gen 4 Mobile Platform
==WCN3988
==QMP1000
==QCM5430
==Robotics RB2 Platform
==WCD9380
==SM7435
==QAM8255P
==Snapdragon XR2+ Gen 1 Platform
==SA8150P
==QXM1095
==QXM1096
==WSA8830
==QCA6678AQ
==WSA8845H
==SW6100P
==QCA6696
==Snapdragon 6 Gen 1 Mobile Platform
==QCA6595
==Snapdragon 888 5G Mobile Platform
==SXR2330P
==QCM6490
==QFW7124
==WCD9378C
==QCA6574
==QCA8337
==FWA Gen 3 Ultra Platform
==FastConnect 6700
==QEP8111
==QLN1083BD
==SA7255P
==Snapdragon X53 5G Modem-RF System
==Palawan25
==SA8540P
==Snapdragon 7s Gen 3 Mobile Platform
==Snapdragon XR2 5G Platform
==CSRA6640
==QAM8397P
==Snapdragon 695 5G Mobile Platform
==Snapdragon AR1+ Gen 1 Platform
==Snapdragon 460 Mobile Platform
==QXM1083
==X2000086
==Cologne
==LeMansAU
==SM7675P
==Snapdragon AR1 Gen 1 Platform
==Snapdragon X35 5G Modem-RF System
==WCD9335
==QCA8695AU
==SA8620P
==WCN3980
==Snapdragon Auto 5G Modem-RF Gen 2
==Snapdragon 870 5G Mobile Platform
==Snapdragon 7c+ Gen 3 Compute
==WCN3950
==X2000077
==Netrani
==WCD9375
==WCN6755
==WCN6650
==LeMans_AU_LGIT
==Qualcomm Video Collaboration VC3 Platform
==QCA6698AQ
==Snapdragon 782G Mobile Platform
==WCN7860
==WSA8815
==SRV1H
==WCD9340
==IQ9 Series Platform
==IQ8 Series Platform
==SD865 5G
==SA8155P
==QAM8620P
==Snapdragon 6 Gen 3 Mobile Platform
==QFW7114
==Snapdragon 480+ 5G Mobile Platform
==QCA6574AU
==QXM1093
==WSA8832
==WSA8845
==Snapdragon 690 5G Mobile Platform
==SM8750P
==QCA6797AQ
==QCA8081
==SM8650Q
==QCA6595AU
==X2000092
==XG101002
==QCN6224
==QCA6688AQ
==FastConnect 7800
==Monaco_IOT
==WCD9378
==Milos
==SA8195P
==CSRA6620
==SRV1M
==XRV7209
==QCM2290
==QCN6274
==G2 Gen 1
==WCN7880
==Snapdragon 662 Mobile Platform
==QPA1083BD
==FastConnect 6800
==SA8770P
==Snapdragon X55 5G Modem-RF System
==Orne
==WCD9395
==QPA1086BD
==QXM1094
==Snapdragon 888+ 5G Mobile Platform
==Snapdragon 4 Gen 1 Mobile Platform
==Snapdragon 8 Elite
==QCM6125
==SA8295P
==WCN7881
==WSA8835
==SW6100
==Snapdragon 865+ 5G Mobile Platform
==X2000094
==SA6155P
==SA6150P
==AR8035
==SM7675
==XG101032
==Snapdragon 778G+ 5G Mobile Platform
==Themisto
==QCA6574A
==QCA6391
==IQ6 Series Platform
==QCS2290
==WSA8810
==Snapdragon X32 5G Modem-RF System
==QAMSRV1H
==WCN6450
==QAMSRV1M

Matching in nixpkgs

pkgs.snapdragon-profiler

An profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Untriaged

Permalink CVE-2025-47392

8.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Adjacent (A)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Adjacent (A)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Integer Overflow or Wraparound in GPS

Memory corruption when decoding corrupted satellite data files with invalid signature offsets.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-b…

Affected products

Snapdragon

==QCA6584AU
==Snapdragon 865 5G Mobile Platform
==WCD9385
==SM8550P
==SM7325P
==SM7550
==FSM20055
==SD 8 Gen1 5G
==WCD9390
==WSA8840
==FastConnect 6900
==G1 Gen 1
==QCC710
==FastConnect 6200
==SM7635P
==SM8635P
==WCN7861
==WCD9370
==Snapdragon 8+ Gen 1 Mobile Platform
==QCA6174A
==FSM200 Platform
==QCN9011
==SM8635
==Snapdragon 4 Gen 2 Mobile Platform
==Snapdragon 480 5G Mobile Platform
==Snapdragon X72 5G Modem-RF System
==Snapdragon 8 Gen 3 Mobile Platform
==SM6650P
==WCN3910
==Snapdragon X75 5G Modem-RF System
==Snapdragon 778G 5G Mobile Platform
==QCN9012
==Snapdragon 6 Gen 4 Mobile Platform
==WCN3988
==QMP1000
==QCM5430
==Robotics RB2 Platform
==SM6225P
==WCD9360
==WCD9380
==SM7435
==Snapdragon X65 5G Modem-RF System
==WCD9341
==SDX61
==QCS4290
==WSA8830
==WSA8845H
==QCA6678AQ
==SW6100P
==QCA6698AU
==QCA6696
==Snapdragon 6 Gen 1 Mobile Platform
==Snapdragon 888 5G Mobile Platform
==SDX57M
==QCM6490
==QFW7124
==Snapdragon W5+ Gen 1 Wearable Platform
==QCA8337
==FWA Gen 3 Ultra Platform
==FastConnect 6700
==QEP8111
==Snapdragon X53 5G Modem-RF System
==Palawan25
==SM7550P
==Snapdragon 7s Gen 3 Mobile Platform
==Snapdragon 8+ Gen 2 Mobile Platform
==CSRA6640
==Snapdragon 695 5G Mobile Platform
==Snapdragon 460 Mobile Platform
==SM7675P
==Snapdragon X35 5G Modem-RF System
==WCD9335
==QCM4490
==Snapdragon 7c Compute Platform
==SM6250
==WCN3980
==Snapdragon Auto 5G Modem-RF Gen 2
==Snapdragon 870 5G Mobile Platform
==Snapdragon 7c+ Gen 3 Compute
==QCM4325
==Snapdragon 8 Gen 2 Mobile Platform
==WCN3950
==Netrani
==WCD9375
==WCN6755
==WCN6650
==5G Fixed Wireless Access Platform
==Qualcomm Video Collaboration VC3 Platform
==Snapdragon 7 Gen 1 Mobile Platform
==Snapdragon 7+ Gen 2 Mobile Platform
==QCA6698AQ
==Snapdragon 782G Mobile Platform
==WCN7860
==WCD9371
==WSA8815
==WCD9340
==SDX71M
==Snapdragon X70 Modem-RF System
==Snapdragon 6 Gen 3 Mobile Platform
==QFW7114
==Snapdragon 480+ 5G Mobile Platform
==QCA6574AU
==QCS8550
==WSA8832
==WSA8845
==Snapdragon 690 5G Mobile Platform
==SM8750P
==QCA6797AQ
==QCA8081
==SM8650Q
==QCA6595AU
==SW5100
==QCN6224
==QCA6688AQ
==FastConnect 7800
==QCN6024
==QCN9024
==WCD9378
==Milos
==Snapdragon Auto 5G Modem-RF
==CSRA6620
==QCM2290
==SW5100P
==QCN6274
==WCN7880
==SD662
==Snapdragon 662 Mobile Platform
==Snapdragon 680 4G Mobile Platform
==FastConnect 6800
==Snapdragon X55 5G Modem-RF System
==Orne
==WCD9395
==Snapdragon 888+ 5G Mobile Platform
==Snapdragon 4 Gen 1 Mobile Platform
==Snapdragon 8 Elite
==WCN7881
==WSA8835
==QCS4490
==Snapdragon 865+ 5G Mobile Platform
==Snapdragon X80 5G Modem-RF System
==SW6100
==AR8035
==SM7675
==Snapdragon 778G+ 5G Mobile Platform
==Themisto
==Snapdragon 685 4G Mobile Platform
==QCA6574A
==QCA6391
==QCS2290
==WSA8810
==Snapdragon X32 5G Modem-RF System
==Snapdragon 8 Gen 1 Mobile Platform
==SM8475P
==Snapdragon 7c Gen 2 Compute Platform "Rennell Pro"

Matching in nixpkgs

pkgs.snapdragon-profiler

An profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Untriaged

Permalink CVE-2026-21373

7.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-b…

Affected products

Snapdragon

==SC8380XP
==QCA0000
==Snapdragon 7c+ Gen 3 Compute
==WCN3950
==XG101039
==X2000077
==WCD9375
==WSA8830
==WSA8845H
==WCD9385
==X2000090
==Qualcomm Video Collaboration VC3 Platform
==Snapdragon 662 Mobile Platform
==FastConnect 6800
==WSA8840
==FastConnect 6900
==QCM6490
==WSA8815
==WCD9378C
==FastConnect 6200
==Snapdragon 8cx Gen 2 5G Compute Platform
==WCD9340
==Snapdragon 8cx Compute Platform
==WCD9370
==Snapdragon 8c Compute Platform (SC8180XP-AD) "Poipu Lite"
==FastConnect 6700
==Snapdragon 8cx Gen 2 5G Compute Platform "Poipu Pro"
==AQT1000
==WSA8835
==QCA6430
==X2000094
==WSA8832
==WSA8845
==XG101032
==Snapdragon 8c Compute Platform "Poipu Lite"
==X2000092
==Snapdragon 460 Mobile Platform
==QCA6391
==XG101002
==QCA6420
==X2000086
==Cologne
==Snapdragon AR1 Gen 1 Platform
==FastConnect 7800
==WSA8810
==WCN3988
==Snapdragon 7c Compute Platform
==Snapdragon 8cx Compute Platform "Poipu Pro"
==QCM5430
==WCD9380
==SM6250
==Snapdragon 8cx Gen 3 Compute Platform
==WCD9341
==Snapdragon 7c Gen 2 Compute Platform "Rennell Pro"

Matching in nixpkgs

pkgs.snapdragon-profiler

An profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Untriaged

Permalink CVE-2026-21372

7.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Heap-Based Buffer Overflow in Power Management IC

Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-b…

Affected products

Snapdragon

==Snapdragon 7c+ Gen 3 Compute
==WCN3950
==XG101039
==X2000077
==WCD9375
==WSA8845H
==WCD9385
==X2000090
==Qualcomm Video Collaboration VC3 Platform
==Snapdragon 662 Mobile Platform
==WSA8840
==FastConnect 6900
==QCM6490
==WCD9378C
==WCD9370
==FastConnect 6700
==X2000094
==WSA8845
==XG101032
==X2000092
==Snapdragon 460 Mobile Platform
==XG101002
==X2000086
==Cologne
==FastConnect 7800
==WCN3988
==QCM5430
==WCD9380

Matching in nixpkgs

pkgs.snapdragon-profiler

An profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Untriaged

Permalink CVE-2026-21375

7.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Buffer Over-read in Camera

Memory Corruption when accessing an output buffer without validating its size during IOCTL processing.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-b…

Affected products

Snapdragon

==SC8380XP
==QCA0000
==Snapdragon 7c+ Gen 3 Compute
==WCN3950
==XG101039
==X2000077
==WCD9375
==WSA8830
==WSA8845H
==WCD9385
==X2000090
==Qualcomm Video Collaboration VC3 Platform
==Snapdragon 662 Mobile Platform
==WSA8840
==FastConnect 6900
==QCM6490
==WCD9378C
==WCD9370
==FastConnect 6700
==WSA8835
==X2000094
==WSA8832
==WSA8845
==XG101032
==X2000092
==Snapdragon 460 Mobile Platform
==XG101002
==X2000086
==Cologne
==Snapdragon AR1 Gen 1 Platform
==FastConnect 7800
==WCN3988
==QCM5430
==WCD9380
==Snapdragon 8cx Gen 3 Compute Platform

Matching in nixpkgs

pkgs.snapdragon-profiler

An profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Untriaged

Permalink CVE-2025-47390

7.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 1 month, 3 weeks ago Activity log

Created suggestion 1 month, 3 weeks ago

Buffer Over-read in Camera

Memory corruption while preprocessing IOCTL request in JPEG driver.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2026-b…

Affected products

Snapdragon

==SC8380XP
==QCA0000
==Snapdragon 7c+ Gen 3 Compute
==XG101039
==X2000077
==WCD9375
==WSA8830
==WSA8845H
==WCD9385
==X2000090
==Qualcomm Video Collaboration VC3 Platform
==WSA8840
==FastConnect 6900
==QCM6490
==WCD9378C
==WCD9370
==FastConnect 6700
==WSA8835
==X2000094
==WSA8845
==XG101032
==X2000092
==XG101002
==X2000086
==Cologne
==FastConnect 7800
==QCM5430
==WCD9380
==Snapdragon 8cx Gen 3 Compute Platform

Matching in nixpkgs

pkgs.snapdragon-profiler

An profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Untriaged

Permalink CVE-2026-3888

7.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): High (H)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 2 months, 1 week ago Activity log

Created suggestion 2 months, 1 week ago

Local Privilege Escalation in snapd

Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.

References

https://ubuntu.com/security/CVE-2026-3888 vdb-entryissue-tracking
https://ubuntu.com/security/notices/USN-8102-1 vendor-advisory
https://discourse.ubuntu.com/t/snapd-local-privilege-escalation-cve-2026-3888 technical-descriptionvendor-advisory
https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-388… media-coveragetechnical-description
https://cdn2.qualys.com/advisory/2026/03/17/snap-confine-systemd-tmpfiles.txt media-coveragetechnical-description

Affected products

snapd

*
<2.75.1

Matching in nixpkgs

pkgs.snapdragon-profiler

An profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Dismissed

Permalink CVE-2025-47379

7.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 2 months, 4 weeks ago by @Erethon Activity log

Created suggestion 2 months, 4 weeks ago
@Erethon dismissed 2 months, 4 weeks ago
@Erethon accepted 2 months, 4 weeks ago
@Erethon dismissed 2 months, 4 weeks ago

Use After Free in Automotive Audio

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources.

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-b…

Affected products

Snapdragon

==QCA6584AU
==QRB5165N
==Snapdragon 865 5G Mobile Platform
==SA8255P
==WCD9385
==Snapdragon 6 Gen 4 Mobile Platform
==SM8550P
==SM7325P
==SM7550
==WCD9390
==SA7775P
==WSA8840
==FastConnect 6900
==G1 Gen 1
==Smart Audio 400 Platform
==SA4150P
==QCC710
==Qualcomm Video Collaboration VC1 Platform
==FastConnect 6200
==SM7635P
==SM8635P
==WCD9370
==QCA6174A
==SA8145P
==SM8635
==QCN9011
==SA2150P
==MDM9628
==QAM8295P
==SA6145P
==Snapdragon 480 5G Mobile Platform
==Robotics RB5 Platform
==Snapdragon X72 5G Modem-RF System
==Snapdragon 8 Gen 3 Mobile Platform
==WCN3910
==SM6650P
==Snapdragon X75 5G Modem-RF System
==Snapdragon 778G 5G Mobile Platform
==QCN9012
==SnapdragonAuto 4GModem
==WCN3988
==QCA9367
==SA9000P
==Robotics RB2 Platform
==WCD9360
==QCM5430
==WCD9380
==SM6225P
==WCN3660B
==WCD9341
==Qualcomm 215 Mobile Platform
==QAM8255P
==SDA660
==Snapdragon XR2+ Gen 1 Platform
==QCS4290
==SA8150P
==WSA8830
==WSA8845H
==QCA6678AQ
==QCA6698AU
==Snapdragon X12 LTE Modem
==QCA6696
==QCA6595
==QRB5165M
==Snapdragon 888 5G Mobile Platform
==WCN3680B
==QCM6490
==Snapdragon W5+ Gen 1 Wearable Platform
==QFW7124
==QCA6574
==QCA8337
==WCN3615
==FWA Gen 3 Ultra Platform
==FastConnect 6700
==Snapdragon X53 5G Modem-RF System
==QEP8111
==SA7255P
==SM7550P
==Snapdragon 8+ Gen 2 Mobile Platform
==Snapdragon 7s Gen 3 Mobile Platform
==AR8031
==Snapdragon XR2 5G Platform
==CSRA6640
==Snapdragon 695 5G Mobile Platform
==Snapdragon 460 Mobile Platform
==WCN3990
==LeMansAU
==Snapdragon X35 5G Modem-RF System
==WCD9335
==SM7675P
==QCA8695AU
==SA8620P
==WCN3980
==Snapdragon Auto 5G Modem-RF Gen 2
==Snapdragon 870 5G Mobile Platform
==WCN3950
==QCM4325
==Snapdragon 7c+ Gen 3 Compute
==Snapdragon 8 Gen 2 Mobile Platform
==WCD9375
==WCN6755
==QCA6564A
==WCN6650
==LeMans_AU_LGIT
==5G Fixed Wireless Access Platform
==Qualcomm Video Collaboration VC3 Platform
==QCA6698AQ
==Snapdragon 782G Mobile Platform
==WCD9371
==SRV1H
==WSA8815
==WCD9340
==SA4155P
==SD865 5G
==SA8155P
==QFW7114
==Snapdragon 480+ 5G Mobile Platform
==QCA6574AU
==WSA8832
==WSA8845
==QCA6564AU
==MDM9250
==QCS8550
==QCA6797AQ
==Snapdragon 690 5G Mobile Platform
==QCA8081
==QCA9377
==SM8650Q
==QCA6595AU
==SW5100
==Snapdragon 660 Mobile Platform
==QCN6224
==QCA6688AQ
==FastConnect 7800
==WCD9378
==Milos
==SA8155
==SA8195P
==Snapdragon Auto 5G Modem-RF
==Flight RB5 5G Platform
==CSRA6620
==SRV1M
==WCD9326
==Qualcomm Video Collaboration VC5 Platform
==SW5100P
==QCM2290
==QCN6274
==QCA2066
==C-V2X 9150
==SD662
==Snapdragon 662 Mobile Platform
==Snapdragon 680 4G Mobile Platform
==FastConnect 6800
==SA8770P
==Snapdragon X55 5G Modem-RF System
==WCD9395
==SA6155
==QCA6564
==Snapdragon 888+ 5G Mobile Platform
==Snapdragon 4 Gen 1 Mobile Platform
==QCM6125
==WSA8835
==SA8295P
==Snapdragon 865+ 5G Mobile Platform
==SA6155P
==SA6150P
==AR8035
==SM7675
==Snapdragon 778G+ 5G Mobile Platform
==Snapdragon 685 4G Mobile Platform
==QCA6574A
==QCA6391
==QCS2290
==WSA8810
==Snapdragon X32 5G Modem-RF System
==QAMSRV1H
==WCN6450
==QAMSRV1M

Matching in nixpkgs

pkgs.snapdragon-profiler

An profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Testing suggestion edit
Testing round #2
Test round #3

Untriaged

Permalink CVE-2026-21385

7.8 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 2 months, 4 weeks ago Activity log

Created suggestion 2 months, 4 weeks ago

Integer Overflow or Wraparound in Graphics

Memory corruption while using alignments for memory allocation.

References

Affected products

Snapdragon

==QCA6584AU
==QRB5165N
==SC8380XP
==SXR2350P
==Vision Intelligence 400 Platform
==Snapdragon 865 5G Mobile Platform
==SA8255P
==Pandeiro
==WCD9385
==SM8550P
==SM7325P
==SM7550
==SA7775P
==SD 8 Gen1 5G
==WCD9390
==WSA8840
==Vision Intelligence 100 Platform
==FastConnect 6900
==QLN1086BD
==G1 Gen 1
==SA4150P
==Snapdragon 626 Mobile Platform
==Qualcomm Video Collaboration VC1 Platform
==FastConnect 6200
==SM7635P
==SM8635P
==WCN7861
==QXM1086
==WCD9370
==Snapdragon 8+ Gen 1 Mobile Platform
==QCA6174A
==SA8145P
==SM8635
==QCN9011
==SAR1250P
==MDM9628
==QAM8295P
==SA6145P
==Vision Intelligence 200 Platform
==Snapdragon 4 Gen 2 Mobile Platform
==Snapdragon 480 5G Mobile Platform
==Snapdragon 8 Elite Gen 5
==Robotics RB5 Platform
==SXR2230P
==Snapdragon 8 Gen 3 Mobile Platform
==SM6650P
==WCN3910
==Snapdragon 778G 5G Mobile Platform
==QCN9012
==SDM429W
==SA9000P
==SAR1165P
==QCA9367
==Smart Audio 400 Platform
==QMP1000
==QCM5430
==Robotics RB2 Platform
==SM6225P
==SAR2230P
==Snapdragon 6 Gen 4 Mobile Platform
==SM7435
==Qualcomm 215 Mobile Platform
==Snapdragon X65 5G Modem-RF System
==SDX61
==WCD9341
==WCD9380
==QAM8255P
==WCN3660B
==FSM100 Platform
==SDA660
==Snapdragon 625 Mobile Platform
==Snapdragon XR2+ Gen 1 Platform
==QCS4290
==SA8150P
==SAR2130P
==QXM1095
==QXM1096
==WSA8830
==QCA6678AQ
==WSA8845H
==SW6100P
==QCA6698AU
==QCA6696
==Snapdragon 6 Gen 1 Mobile Platform
==Snapdragon X12 LTE Modem
==QCA6595
==QRB5165M
==Snapdragon 888 5G Mobile Platform
==WCN3988
==SXR2330P
==WCN3680B
==QCM6490
==Snapdragon W5+ Gen 1 Wearable Platform
==QCA6574
==QCA8337
==WCN3615
==FastConnect 6700
==QLN1083BD
==SA7255P
==Snapdragon X53 5G Modem-RF System
==Palawan25
==SM7550P
==Snapdragon 7s Gen 3 Mobile Platform
==Snapdragon 8+ Gen 2 Mobile Platform
==AR8031
==Snapdragon XR2 5G Platform
==CSRA6640
==Snapdragon 695 5G Mobile Platform
==Snapdragon AR1+ Gen 1 Platform
==Snapdragon 460 Mobile Platform
==QXM1083
==WCD9360
==WCN3990
==LeMansAU
==SM7675P
==Snapdragon AR1 Gen 1 Platform
==WCD9335
==Snapdragon X5 LTE Modem
==QCA8695AU
==QCM4490
==SA8620P
==WCN3980
==Snapdragon 870 5G Mobile Platform
==Snapdragon 7c+ Gen 3 Compute
==QCM4325
==Snapdragon 8 Gen 2 Mobile Platform
==WCN3950
==Netrani
==WCD9375
==QCA6564A
==WCN6755
==SD626
==LeMans_AU_LGIT
==WCN6650
==5G Fixed Wireless Access Platform
==Qualcomm Video Collaboration VC3 Platform
==Snapdragon 7 Gen 1 Mobile Platform
==Snapdragon 7+ Gen 2 Mobile Platform
==QCA6698AQ
==Snapdragon 782G Mobile Platform
==WCN7860
==WCD9371
==SRV1H
==WSA8815
==SXR2250P
==IQ9 Series Platform
==SA4155P
==IQ8 Series Platform
==SD865 5G
==SA8155P
==Snapdragon 6 Gen 3 Mobile Platform
==Snapdragon 480+ 5G Mobile Platform
==APQ8098
==QCS8550
==QCA6574AU
==QCA6564AU
==QXM1093
==MDM9250
==SM8750P
==QCA6797AQ
==Snapdragon 690 5G Mobile Platform
==Snapdragon 429 Mobile Platform
==QCA8081
==QCA9377
==WSA8845
==SM8650Q
==QCA6595AU
==Snapdragon 660 Mobile Platform
==SW5100
==QCA6688AQ
==FastConnect 7800
==QCN6024
==Monaco_IOT
==QCN9024
==Milos
==SA8155
==SA8195P
==Snapdragon Auto 5G Modem-RF
==WCD9378
==WCN3620
==Flight RB5 5G Platform
==CSRA6620
==SRV1M
==Snapdragon 820 Automotive Platform
==Snapdragon 820Am
==WCD9326
==Qualcomm Video Collaboration VC5 Platform
==QCM2290
==SW5100P
==G2 Gen 1
==QCA2066
==WCN7880
==C-V2X 9150
==SD662
==Snapdragon 662 Mobile Platform
==Snapdragon 680 4G Mobile Platform
==QPA1083BD
==FastConnect 6800
==SA8770P
==WCD9330
==Snapdragon X55 5G Modem-RF System
==Orne
==WCD9395
==SA6155
==QPA1086BD
==Smart Display 200 Platform
==QXM1094
==Snapdragon 888+ 5G Mobile Platform
==Snapdragon 4 Gen 1 Mobile Platform
==Snapdragon 8 Elite
==QCM6125
==SA8295P
==WCN7881
==WSA8832
==WSA8835
==QCS4490
==Snapdragon 865+ 5G Mobile Platform
==SW6100
==SA6155P
==SA6150P
==AR8035
==SM7675
==Snapdragon 778G+ 5G Mobile Platform
==Themisto
==Snapdragon 685 4G Mobile Platform
==QCA6574A
==QCA6391
==IQ6 Series Platform
==QCS2290
==WSA8810
==QAMSRV1H
==Snapdragon 8 Gen 1 Mobile Platform
==SM8475P
==WCN6450
==QAMSRV1M

Matching in nixpkgs

pkgs.snapdragon-profiler

An profiler for Android devices running Snapdragon chips

nixos-unstable 2021.2
- nixpkgs-unstable 2021.2
- nixos-unstable-small 2021.2
nixos-25.11 2021.2
- nixos-25.11-small 2021.2
- nixpkgs-25.11-darwin 2021.2

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler

References

Affected products

Matching in nixpkgs

pkgs.snapdragon-profiler