Denial of Service Vulnerability in Qualcomm Snapdragon Products
CVE-2021-1955

7.5HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Iot, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Vendor: CVE Published:; 13 July 2021

What is CVE-2021-1955?

This vulnerability occurs due to improper handling of connections in Qualcomm's Snapdragon products when an association is rejected. It may lead to a denial of service, potentially impacting the functionality of devices using the affected Snapdragon technologies across various applications including automotive, computing, consumer electronics, and IoT.

Affected Version(s)

Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR6003, AR8031, AR8035, CSR6030, CSRA6620, CSRA6640, CSRB31024, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9206, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9615M, MDM9626, MDM9628, MDM9630, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCA4020, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCA9367, QCA9377, QCA9379, QCM2290, QCM4290, QCM6125, QCS2290, QCS405, QCS4290, QCS603, QCS605, QCS6125, QET4101, QSW8573, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD7 ...[truncated*]

References

https://www.qualcomm.com/company/product-security/bulleti...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 13, 2021
Vulnerability Reserved
Dec 8, 2020