Denial of Service Vulnerability in Qualcomm Snapdragon Products
CVE-2021-30348

6.5MEDIUM

Key Information:

Vendor
Qualcomm
Status
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Voice & Music
Vendor
CVE Published:
3 January 2022

Summary

An improper validation of LLM utility timers in various Qualcomm Snapdragon products can allow attackers to exploit this vulnerability, potentially leading to a denial of service condition. If triggers are exploited, they could disrupt the normal operation of affected devices, which range from automotive systems to consumer electronics. It is crucial for users of Snapdragon-based systems to stay informed about updates and apply necessary patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music APQ8009, APQ8017, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8996AU, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA6174A, QCA6175A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCA9379, QCA9886, QCM2290, QCM4290, QCM6490, QCN7605, QCN7606, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9326, WCD9335, WCD9340, WCD9341, W ...[truncated*]

References

https://www.qualcomm.com/company/product-security/bulleti...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.