Use After Free Vulnerability in Qualcomm Snapdragon Products
CVE-2021-30264

6.7MEDIUM

Key Information:

Vendor

Qualcomm
Status
Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure And Networking
Vendor
CVE Published:
12 November 2021

What is CVE-2021-30264?

An improper validation issue linked to callbacks in various Snapdragon platforms may result in a use after free scenario. This flaw could potentially allow attackers to exploit the internal store table, impacting the security of devices utilizing Snapdragon technology across numerous sectors including automotive, IoT, mobile, and networking. It is crucial for users and developers to be aware of the risks associated with this vulnerability and to ensure their systems are updated to the latest security patches.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking APQ8009, APQ8053, APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, FSM10055, FSM10056, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9150, MDM9206, MSM8953, MSM8996AU, PMP8074, QCA4024, QCA6390, QCA6391, QCA6420, QCA6426, QCA6428, QCA6430, QCA6438, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA7500, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9896, QCA9898, QCA9980, QCA9982, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5500, QCN5502, QCN5550, QCN6023, QCN6024, QCN612 ...[truncated*]

References

https://www.qualcomm.com/company/product-security/bulleti...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.