Buffer Overflow in Qualcomm Snapdragon Products
CVE-2021-1909

7.3HIGH

Key Information:

Vendor
Qualcomm
Status
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Iot, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure And Networking
Vendor
CVE Published:
9 September 2021

Summary

A buffer overflow vulnerability exists in Qualcomm's Snapdragon products due to insufficient length checks of parameters. This flaw can lead to unpredictable behavior and potential exploitation by malicious entities. It affects a range of products including Snapdragon Automotive, Compute, and IoT devices, highlighting the importance of stringent parameter validation to ensure device security. Users of affected Snapdragon products are urged to apply relevant patches and updates to mitigate risks associated with this vulnerability.

Affected Version(s)

Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking APQ8009, APQ8009W, APQ8016, APQ8017, APQ8037, APQ8052, APQ8053, APQ8056, APQ8062, APQ8064, APQ8064AU, APQ8076, APQ8084, APQ8096AU, AQT1000, AR3012, AR7420, AR8031, AR8035, AR9380, AR9580, CSR6030, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, FSM9900, FSM9905, FSM9910, FSM9915, FSM9916, FSM9950, FSM9955, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8062, IPQ8064, IPQ8065, IPQ8066, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8207, MDM8635M, MDM9150, MDM9205, MDM9206, MDM9207, MDM9225, MDM9225M, MDM9230, MDM9235M, MDM9250, MDM9330, MDM9607, MDM9625, MDM9625M, MDM9626, MDM9628, MDM9630, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8916, MSM8917, MSM8920, MSM8937, MSM8940, MSM8952, MSM8953, MSM8956, MSM8962, MSM8976, MSM8976SG, MSM8996AU, PM8937, PMD9635, PMP8074 ...[truncated*]

References

https://www.qualcomm.com/company/product-security/bulleti...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.