{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74550?format=json","vulnerability_id":"VCID-41fw-pbq3-7fcv","summary":"Memory corruption while using alignments for memory allocation.","aliases":[{"alias":"CVE-2026-21385"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21385","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45631","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-21385"},{"reference_url":"https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html","reference_id":"march-2026-bulletin.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2026-03-03T18:51:49Z/"}],"url":"https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2026-bulletin.html"}],"weaknesses":[{"cwe_id":190,"name":"Integer Overflow or Wraparound","description":"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control."}],"exploits":[{"date_added":"2026-03-03","description":"Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation. ","required_action":"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.","due_date":"2026-03-24","notes":"Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385","known_ransomware_campaign_use":false,"source_date_published":null,"exploit_type":null,"platform":null,"source_date_updated":null,"data_source":"KEV","source_url":null}],"severity_range_score":"7.8 - 7.8","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-41fw-pbq3-7fcv"}