Android gets patches for Qualcomm zero-day exploited in attacks
Source: Bleeping Computer
Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero‑day flaw in a Qualcomm display component.
“There are indications that CVE‑2026‑21385 may be under limited, targeted exploitation,” the company said in its March 2025 Android Security Bulletin.
Source
Qualcomm revealed in a separate security advisory (issued February 3) that the flaw is an integer overflow (wraparound) in the Graphics subcomponent that local attackers can exploit to trigger memory corruption.
Advisory • Commit showing the issue
Qualcomm was alerted to this high‑severity vulnerability on December 18 and notified customers on February 2. The February advisory notes that the flaw affects 235 Qualcomm chipsets, though it has not yet been flagged as exploited in attacks by NVD.
NVD entry for CVE‑2026‑21385
Patch details
- Google fixed 10 critical security vulnerabilities in the System, Framework, and Kernel components. These issues could allow remote code execution, privilege escalation, or denial‑of‑service attacks.
- The most severe is a critical vulnerability in the System component that could lead to remote code execution without any user interaction.
- Two patch sets were released:
Google Pixel devices receive these updates immediately, while other vendors may take longer to test and adapt them for specific hardware configurations.
Additional zero‑day patches
In December, Google also released patches for two other high‑severity zero‑day vulnerabilities (CVE‑2025‑48633 and CVE‑2025‑48572), both marked as “under limited, targeted exploitation.”
Related article