Access Control Vulnerability in Qualcomm Snapdragon Products
CVE-2021-30279

7.8HIGH

Key Information:

Vendor
Qualcomm
Status
Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Wired Infrastructure And Networking
Vendor
CVE Published:
3 January 2022

Summary

The vulnerability stems from improper permission masking when setting current permissions for VMIDs in various Snapdragon products. This oversight could allow unauthorized access or manipulation of system resources, posing a security risk to devices utilizing Snapdragon technology for compute, connectivity, and IoT functions. Users and developers are advised to implement available patches and monitor access controls to mitigate potential threats.

Affected Version(s)

Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA8337, QCA9984, QCM2290, QCM4290, QCM6490, QCS2290, QCS405, QCS4290, QCS6490, QCX315, QRB5165, QRB5165N, QSM8250, SD460, SD480, SD660, SD662, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD865 5G, SD870, SD888 5G, SDX55, SDX55M, SDX57M, SDXR2 5G, SM6225, SM6375, SM7250P, SM7325P, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

References

https://www.qualcomm.com/company/product-security/bulleti...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.