Android March Security Update Patches Actively Exploited Qualcomm Display Zero-Day
Google’s March Android security update addressed 129 vulnerabilities, including one actively exploited high-severity memory-corruption flaw in an open-source Qualcomm display component tracked as CVE-2026-21385. Google warned the issue “may be under limited, targeted exploitation,” and reporting indicated Qualcomm marked the vulnerability as exploited; Qualcomm stated it provided fixes to customers in January 2026 and urged end users to apply OEM-delivered device updates as they become available.
Separately, the Canadian Centre for Cyber Security issued multiple vendor rollups and advisories on March 2, 2026, including an Android monthly rollup (AV26-187) pointing organizations to the Android Security Bulletin for patching guidance. Additional Canadian advisories covered unrelated vulnerability sets in Veeam Kasten for Kubernetes (AV26-188), VMware Tanzu products (AV26-186), Red Hat (including Linux kernel updates) (AV26-184), CISA ICS advisories for multiple OT/IoT products (AV26-183), Dell infrastructure products (AV26-181), and IBM enterprise software (AV26-180); these are general patch-notification items and do not provide details tied to the Android/Qualcomm zero-day beyond directing readers to apply vendor updates.
Timeline
Mar 2, 2026
Canadian Centre for Cyber Security urges Android users to apply updates
On March 2, 2026, the Canadian Centre for Cyber Security issued an advisory directing users and administrators to review Google’s Android bulletin and apply the necessary updates. The advisory highlighted the need to remediate the disclosed Android vulnerabilities.
Mar 2, 2026
Google publishes March 2026 Android security bulletin
On March 2, 2026, Google released its March 2026 Android security bulletin addressing 129 vulnerabilities across two patch levels. The bulletin included CVE-2026-21385, which Google said may be under limited, targeted exploitation.
Feb 2, 2026
Qualcomm notifies customers about CVE-2026-21385
Qualcomm said it notified customers about CVE-2026-21385 on February 2, 2026. The flaw is a high-severity Android-related memory-corruption issue in a Qualcomm display component.
Jan 1, 2026
Qualcomm makes fixes for CVE-2026-21385 available to customers
Qualcomm said patches for CVE-2026-21385 were made available to its customers in January 2026, ahead of broader customer notification. The vulnerability was later described as being under limited, targeted exploitation.
Dec 18, 2025
Google reports Qualcomm display flaw CVE-2026-21385 to Qualcomm
Google’s Android security team reported CVE-2026-21385, a high-severity memory-corruption flaw in an open-source Qualcomm display component, to Qualcomm. The flaw was later described as affecting 234 Qualcomm chipsets.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Google March Android Security Bulletin Patches 129 Flaws Including Actively Exploited Qualcomm Display Zero-Day
Google released the March 2026 *Android Security Bulletin*, issuing fixes for **129 vulnerabilities** across the Android ecosystem and shipping two patch levels (`2026-03-01` and `2026-03-05`) to help OEMs stage platform and hardware-specific updates. The most urgent issue is **CVE-2026-21385**, a **high-severity, actively exploited** zero-day in an open-source **Qualcomm display** component used in Android devices with affected Qualcomm/Snapdragon chipsets. Reporting indicates CVE-2026-21385 is a **memory-corruption** flaw caused by an **integer overflow/wraparound** condition that can lead to memory corruption during allocation/alignment in display drivers; successful exploitation could enable device compromise (e.g., arbitrary code execution and/or privilege escalation) and bypass security boundaries. Google and Qualcomm both acknowledged **limited, targeted exploitation in the wild**, and one account attributes discovery/confirmation of exploitation to Google’s **Threat Analysis Group (TAG)**; devices not updated to at least patch level `2026-03-05` remain exposed, making rapid patch deployment and user update compliance the primary risk-reduction actions.
1 months ago
Early March 2026 Vendor Security Advisories and Patch Releases Across Enterprise, Mobile, and ICS Products
Multiple vendors issued security advisories and patch releases in late February and early March 2026, prompting coordinated update guidance from national and regional CERTs. The Canadian Centre for Cyber Security highlighted updates for **Django** (fixed in `4.2.29`, `5.2.12`, `6.0.3`), **Samsung mobile devices** (March 2026 security update), **Qualcomm** (March 2026 monthly bulletin), **Veeam Kasten for Kubernetes / Kasten K10**, **VMware Tanzu** components (including *Greenplum* and *RabbitMQ on Kubernetes*), and **Red Hat** advisories including **Linux kernel** updates across multiple RHEL-related platforms. Industrial and infrastructure-facing products were also covered via **CISA ICS** advisories spanning a broad set of vendors and solutions (including EV charging ecosystems, building management, cameras, and DCS/SCADA platforms such as **Schneider Electric EcoStruxure Building Operation Workstation** and **Yokogawa CENTUM VP**), with guidance to apply mitigations and updates where available. Additional enterprise patch guidance included **Dell** advisories affecting *PowerStore T* and *PowerEdge* server lines (including AMD-based models and NVIDIA networking/DOCA-related components), and **IBM** advisories across a wide portfolio (including *App Connect Enterprise*, *CICS TX*, *License Metric Tool*, *Maximo*, *Sterling Secure Proxy*, *Terracotta*, *QRadar*, and others). HKCERT separately summarized **Samsung** vulnerabilities impacting Android devices and Exynos chipsets, listing multiple CVEs (e.g., `CVE-2024-31328` and numerous 2025-series CVEs) with potential impacts including **RCE**, **EoP**, **information disclosure**, and **DoS**.
1 months ago
Android December 2025 Security Update Addresses Critical DoS and Two Exploited Zero-Days
Google released the December 2025 Android Security Bulletin, patching 107 vulnerabilities, including a critical remote Denial of Service (DoS) flaw (CVE-2025-48631) in the Android Framework and two zero-day vulnerabilities (CVE-2025-48633 and CVE-2025-48572) that are reportedly under active exploitation. The zero-days allow for information disclosure and elevation of privilege, affecting Android versions 13 through 16, and are believed to be targeted in limited attacks. The DoS vulnerability enables remote attackers to crash or disable devices without requiring user interaction or additional execution privileges. The update is distributed in two patch levels (2025-12-01 and 2025-12-05), covering both core Android components and vendor-specific issues. Google’s disclosure highlights the ongoing threat posed by actively exploited vulnerabilities in the Android ecosystem and underscores the importance of timely patching by device manufacturers and users. The December update represents one of the largest patch releases of the year, following a period of irregular vulnerability reporting from Google.
1 months ago