Qualcomm Static IV in AES-GCM Key Wrap Causes Crypto Flaw
CVE-2026-21383 Published on July 6, 2026
Reusing a Nonce, Key Pair in Encryption in HLOS
Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security.
Vulnerability Analysis
CVE-2026-21383 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality and integrity, and no impact on availability.
Weakness Type
Reusing a Nonce, Key Pair in Encryption
Nonces should be used for the present occasion and only once.
Products Associated with CVE-2026-21383
Want to know whenever a new CVE is published for Qualcomm Snapdragon? stack.watch will email you.
Affected Versions
Qualcomm, Inc. Snapdragon:- Version FastConnect 6900 is affected.
- Version FastConnect 7800 is affected.
- Version LeMans_AU_LGIT is affected.
- Version LeMansAU is affected.
- Version Pandeiro is affected.
- Version QAM8255P is affected.
- Version QAM8397P is affected.
- Version QAM8797P is affected.
- Version QAMSRV1H is affected.
- Version QAMSRV1M is affected.
- Version QCA6595AU is affected.
- Version QCA6696 is affected.
- Version QCA6698AQ is affected.
- Version QCA6797AQ is affected.
- Version QCA8695AU is affected.
- Version QDU1000 is affected.
- Version QDU1110 is affected.
- Version QDU1210 is affected.
- Version QDX1010 is affected.
- Version QDX1011 is affected.
- Version QLN1083BD is affected.
- Version QLN1086BD is affected.
- Version QPA1083BD is affected.
- Version QPA1086BD is affected.
- Version Qualcomm Dragonwing X100 Accelerator Card is affected.
- Version QXM1093 is affected.
- Version QXM1094 is affected.
- Version QXM1095 is affected.
- Version QXM1096 is affected.
- Version SA7255P is affected.
- Version SA7775P is affected.
- Version SA8255P is affected.
- Version SA8620P is affected.
- Version SA8770P is affected.
- Version SA9000P is affected.
- Version SAR1165P is affected.
- Version SAR2130P is affected.
- Version Snapdragon AR1 Gen 1 Platform is affected.
- Version Snapdragon AR1+ Gen 1 Platform is affected.
- Version SRV1H is affected.
- Version SRV1M is affected.
- Version SXR2230P is affected.
- Version SXR2250P is affected.
- Version WCD9380 is affected.
- Version WCD9385 is affected.
- Version WCN3950 is affected.
- Version WCN7860 is affected.
- Version WCN7861 is affected.
- Version WSA8830 is affected.
- Version WSA8832 is affected.
- Version WSA8835 is affected.
- Version XRV7209 is affected.
- Version XRV9209 is affected.