CVE-2021-30279

7.8HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Wired Infrastructure And Networking
Vendor: CVE Published:; 3 January 2022

Summary

Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Affected Version(s)

Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA8337, QCA9984, QCM2290, QCM4290, QCM6490, QCS2290, QCS405, QCS4290, QCS6490, QCX315, QRB5165, QRB5165N, QSM8250, SD460, SD480, SD660, SD662, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD865 5G, SD870, SD888 5G, SDX55, SDX55M, SDX57M, SDXR2 5G, SM6225, SM6375, SM7250P, SM7325P, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

References

https://www.qualcomm.com/company/product-security/bulleti...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 3, 2022
Vulnerability Reserved
Apr 7, 2021