A Qualcomm graphics kernel vulnerability (CVE-2026-21385) is being exploited in "limited, targeted" attacks against Android devices. Google's March security bulletin flagged this high-severity flaw, which affects multiple chipsets and earned a 7.8 CVSS score.
Security experts believe the "limited, targeted" language suggests nation-state actors or commercial spyware vendors are behind the attacks, similar to previous Qualcomm zero-days linked to surveillance tools. The vulnerability requires local access and causes memory corruption during allocation.
Another critical flaw (CVE-2026-0047) allows privilege escalation without user interaction, though it needs existing device access. Patches are available through Qualcomm and Android's open source project, but users must wait for device manufacturers to deploy updates—a delay that matters when exploits spread rapidly.
Source: Dark Reading