Memory Corruption Vulnerability in Snapdragon Products by Qualcomm
CVE-2021-35129

7.8HIGH

Key Information:

Vendor: Qualcomm
Status: Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Wired Infrastructure And Networking
Vendor: CVE Published:; 14 June 2022

Summary

This vulnerability involves memory corruption in Qualcomm's Snapdragon range due to improper length checks when processing vendor-specific commands. This issue can potentially allow an attacker to manipulate device functionality, leading to unexpected behavior in products such as Snapdragon Compute, Snapdragon Connectivity, and others in the Snapdragon ecosystem.

Affected Version(s)

Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking AR8035, IPQ5010, IPQ5018, IPQ5028, QCA2062, QCA2064, QCA2065, QCA2066, QCA6391, QCA8081, QCA8337, QCC710, QCM6490, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS6490, SD 8 Gen1 5G, SD 8cx Gen3, SD888, SD888 5G, SDX65, WCD9370, WCD9375, WCD9380, WCD9385, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835

References

https://www.qualcomm.com/company/product-security/bulleti...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 14, 2022
Vulnerability Reserved
Jun 21, 2021