Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2022-AVI-308
Vulnerability from certfr_avis - Published: 2022-04-05 - Updated: 2022-04-05
De multiples vulnérabilités ont été découvertes dans Google Android. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android versions 10, 11 et 12 sans le correctif de s\u00e9curit\u00e9 du 05 avril 2022",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-30342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30342"
},
{
"name": "CVE-2021-30350",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30350"
},
{
"name": "CVE-2021-0707",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0707"
},
{
"name": "CVE-2021-35130",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35130"
},
{
"name": "CVE-2021-30345",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30345"
},
{
"name": "CVE-2021-39808",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39808"
},
{
"name": "CVE-2021-30340",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30340"
},
{
"name": "CVE-2021-39805",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39805"
},
{
"name": "CVE-2021-39800",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39800"
},
{
"name": "CVE-2021-39795",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39795"
},
{
"name": "CVE-2021-30281",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30281"
},
{
"name": "CVE-2021-39799",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39799"
},
{
"name": "CVE-2021-0694",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0694"
},
{
"name": "CVE-2021-39797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39797"
},
{
"name": "CVE-2021-39796",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39796"
},
{
"name": "CVE-2021-30341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30341"
},
{
"name": "CVE-2021-39794",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39794"
},
{
"name": "CVE-2021-35095",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35095"
},
{
"name": "CVE-2021-35081",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35081"
},
{
"name": "CVE-2021-30343",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30343"
},
{
"name": "CVE-2021-35112",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35112"
},
{
"name": "CVE-2021-39814",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39814"
},
{
"name": "CVE-2021-39803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39803"
},
{
"name": "CVE-2021-39809",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39809"
},
{
"name": "CVE-2021-30347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30347"
},
{
"name": "CVE-2021-35104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35104"
},
{
"name": "CVE-2021-30349",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30349"
},
{
"name": "CVE-2021-30344",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30344"
},
{
"name": "CVE-2021-25477",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25477"
},
{
"name": "CVE-2020-13844",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13844"
},
{
"name": "CVE-2021-35091",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35091"
},
{
"name": "CVE-2021-30339",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30339"
},
{
"name": "CVE-2022-20081",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20081"
},
{
"name": "CVE-2021-35123",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35123"
},
{
"name": "CVE-2021-39812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39812"
},
{
"name": "CVE-2021-39804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39804"
},
{
"name": "CVE-2021-30338",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30338"
},
{
"name": "CVE-2021-35071",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35071"
},
{
"name": "CVE-2021-30334",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30334"
},
{
"name": "CVE-2021-39801",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39801"
},
{
"name": "CVE-2021-34866",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34866"
},
{
"name": "CVE-2021-39798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39798"
},
{
"name": "CVE-2021-35100",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35100"
},
{
"name": "CVE-2021-30346",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30346"
},
{
"name": "CVE-2021-39802",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39802"
},
{
"name": "CVE-2021-35070",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35070"
},
{
"name": "CVE-2021-39807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39807"
}
],
"initial_release_date": "2022-04-05T00:00:00",
"last_revision_date": "2022-04-05T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-308",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google Android du 04 avril 2022",
"url": "https://source.android.com/security/bulletin/2022-04-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google Pixel du 04 avril 2022",
"url": "https://source.android.com/security/bulletin/pixel/2022-04-01"
}
]
}
CVE-2021-30342 (GCVE-0-2021-30342)
Vulnerability from cvelistv5 – Published: 2022-06-14 10:11 – Updated: 2024-08-03 22:32
VLAI
EPSS
Summary
Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
Severity
9.1 (Critical)
CWE
- Time-of-check Time-of-use Race Condition in Modem
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables |
Affected:
APQ8009W, APQ8017, APQ8096AU, AQT1000, CSRB31024, FSM10055, FSM10056, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA4004, QCA6174A, QCA6420, QCA6430, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA9367, QCA9377, QCM2290, QCM4290, QCM6125, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QSW8573, SA415M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD 675, SD 8cx Gen2, SD205, SD210, SD429, SD439, SD460, SD660, SD662, SD665, SD675, SD678, SD680, SD720G, SD730, SD7c, SD850, SD855, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDXR1, SM6250, SM6250P, SW5100, SW5100P, WCD9306, WCD9330, WCD9370, WCD9375, WCD9380, WCN3610, WCN3620, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WSA8830, WSA8835
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009W, APQ8017, APQ8096AU, AQT1000, CSRB31024, FSM10055, FSM10056, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA4004, QCA6174A, QCA6420, QCA6430, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA9367, QCA9377, QCM2290, QCM4290, QCM6125, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QSW8573, SA415M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD 675, SD 8cx Gen2, SD205, SD210, SD429, SD439, SD460, SD660, SD662, SD665, SD675, SD678, SD680, SD720G, SD730, SD7c, SD850, SD855, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDXR1, SM6250, SM6250P, SW5100, SW5100P, WCD9306, WCD9330, WCD9370, WCD9375, WCD9380, WCN3610, WCN3620, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WSA8830, WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Time-of-check Time-of-use Race Condition in Modem",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T10:10:59.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-30342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "APQ8009W, APQ8017, APQ8096AU, AQT1000, CSRB31024, FSM10055, FSM10056, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA4004, QCA6174A, QCA6420, QCA6430, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA9367, QCA9377, QCM2290, QCM4290, QCM6125, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QSW8573, SA415M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD 675, SD 8cx Gen2, SD205, SD210, SD429, SD439, SD460, SD660, SD662, SD665, SD675, SD678, SD680, SD720G, SD730, SD7c, SD850, SD855, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDXR1, SM6250, SM6250P, SW5100, SW5100P, WCD9306, WCD9330, WCD9370, WCD9375, WCD9380, WCN3610, WCN3620, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Time-of-check Time-of-use Race Condition in Modem"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2021-30342",
"datePublished": "2022-06-14T10:11:00.000Z",
"dateReserved": "2021-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:32:41.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30343 (GCVE-0-2021-30343)
Vulnerability from cvelistv5 – Published: 2022-06-14 10:11 – Updated: 2024-08-03 22:32
VLAI
EPSS
Summary
Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Severity
9.1 (Critical)
CWE
- Time-of-check Time-of-use Race Condition in Modem
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
Affected:
AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM6490, QCS6490, QCX315, SA515M, SD 675, SD 8 Gen1 5G, SD480, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM6490, QCS6490, QCX315, SA515M, SD 675, SD 8 Gen1 5G, SD480, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Time-of-check Time-of-use Race Condition in Modem",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T10:11:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-30343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM6490, QCS6490, QCX315, SA515M, SD 675, SD 8 Gen1 5G, SD480, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile"
}
]
},
"impact": {
"cvss": {
"baseScore": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Time-of-check Time-of-use Race Condition in Modem"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2021-30343",
"datePublished": "2022-06-14T10:11:01.000Z",
"dateReserved": "2021-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:32:41.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30344 (GCVE-0-2021-30344)
Vulnerability from cvelistv5 – Published: 2022-06-14 10:11 – Updated: 2024-08-03 22:32
VLAI
EPSS
Summary
Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Severity
7.5 (High)
CWE
- Improper Authorization in Modem
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
Affected:
APQ8009W, APQ8017, APQ8053, APQ8096AU, AQT1000, AR6003, AR8035, CSRB31024, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9215, MDM9250, MDM9607, MDM9615, MDM9625, MDM9628, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8953, MSM8996AU, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QCX315, QET4101, QSW8573, Qualcomm215, SA415M, SA515M, SD 675, SD 8 Gen1 5G, SD 8cx Gen2, SD205, SD210, SD429, SD439, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9306, WCD932 ...[truncated*]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:40.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009W, APQ8017, APQ8053, APQ8096AU, AQT1000, AR6003, AR8035, CSRB31024, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9215, MDM9250, MDM9607, MDM9615, MDM9625, MDM9628, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8953, MSM8996AU, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QCX315, QET4101, QSW8573, Qualcomm215, SA415M, SA515M, SD 675, SD 8 Gen1 5G, SD 8cx Gen2, SD205, SD210, SD429, SD439, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9306, WCD932 ...[truncated*]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization in Modem",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T10:11:03.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"x_ConverterErrors": {
"version_name": {
"error": "version_name too long. Use array of versions to record more than one version.",
"message": "Truncated!"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-30344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "APQ8009W, APQ8017, APQ8053, APQ8096AU, AQT1000, AR6003, AR8035, CSRB31024, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9215, MDM9250, MDM9607, MDM9615, MDM9625, MDM9628, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8953, MSM8996AU, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QCX315, QET4101, QSW8573, Qualcomm215, SA415M, SA515M, SD 675, SD 8 Gen1 5G, SD 8cx Gen2, SD205, SD210, SD429, SD439, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization in Modem"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2021-30344",
"datePublished": "2022-06-14T10:11:03.000Z",
"dateReserved": "2021-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:32:40.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30345 (GCVE-0-2021-30345)
Vulnerability from cvelistv5 – Published: 2022-06-14 10:11 – Updated: 2024-08-03 22:32
VLAI
EPSS
Summary
RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Severity
6.5 (Medium)
CWE
- Configuration issue in Kernel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
Affected:
AR8035, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS4290, SD460, SD480, SD662, SD680, SM6375, SW5100, SW5100P, WCD9370, WCD9375, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815, WSA8830, WSA8835
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS4290, SD460, SD480, SD662, SD680, SM6375, SW5100, SW5100P, WCD9370, WCD9375, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Configuration issue in Kernel",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T10:11:04.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-30345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "AR8035, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS4290, SD460, SD480, SD662, SD680, SM6375, SW5100, SW5100P, WCD9370, WCD9375, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking"
}
]
},
"impact": {
"cvss": {
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Configuration issue in Kernel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2021-30345",
"datePublished": "2022-06-14T10:11:04.000Z",
"dateReserved": "2021-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:32:41.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30346 (GCVE-0-2021-30346)
Vulnerability from cvelistv5 – Published: 2022-06-14 10:11 – Updated: 2024-08-03 22:32
VLAI
EPSS
Summary
RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Severity
6.5 (Medium)
CWE
- Configuration issue in Kernel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
Affected:
AR8035, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS4290, SD460, SD480, SD662, SD680, SM6375, SW5100, SW5100P, WCD9370, WCD9375, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815, WSA8830, WSA8835
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS4290, SD460, SD480, SD662, SD680, SM6375, SW5100, SW5100P, WCD9370, WCD9375, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Configuration issue in Kernel",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T10:11:06.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-30346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "AR8035, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS4290, SD460, SD480, SD662, SD680, SM6375, SW5100, SW5100P, WCD9370, WCD9375, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking"
}
]
},
"impact": {
"cvss": {
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Configuration issue in Kernel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2021-30346",
"datePublished": "2022-06-14T10:11:06.000Z",
"dateReserved": "2021-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:32:41.001Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30347 (GCVE-0-2021-30347)
Vulnerability from cvelistv5 – Published: 2022-06-14 10:11 – Updated: 2024-08-03 22:32
VLAI
EPSS
Summary
Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
Severity
9.1 (Critical)
CWE
- Time-of-check Time-of-use Race Condition in Modem
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
Affected:
AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM6490, QCS6490, QCX315, SA515M, SD 675, SD 8 Gen1 5G, SD480, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:40.845Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM6490, QCS6490, QCX315, SA515M, SD 675, SD 8 Gen1 5G, SD480, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Time-of-check Time-of-use Race Condition in Modem",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T10:11:07.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-30347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM6490, QCS6490, QCX315, SA515M, SD 675, SD 8 Gen1 5G, SD480, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile"
}
]
},
"impact": {
"cvss": {
"baseScore": 9.1,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Time-of-check Time-of-use Race Condition in Modem"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2021-30347",
"datePublished": "2022-06-14T10:11:07.000Z",
"dateReserved": "2021-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:32:40.845Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30349 (GCVE-0-2021-30349)
Vulnerability from cvelistv5 – Published: 2022-06-14 10:11 – Updated: 2024-08-03 22:32
VLAI
EPSS
Summary
Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Severity
8.2 (High)
CWE
- Improper Access Control in Core
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
Affected:
AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, MDM9150, MDM9205, QCA4004, QCA4024, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024, QCN9000, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 8cx Gen2, SD 8cx Gen3, SD429, SD460, SD480, SD662, SD665, SD680, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM429W, SDX24, SDX55, SDX55M, SDX57M, SDXR1, SDXR2 5G, SM6375, SM725 ...[truncated*]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:41.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, MDM9150, MDM9205, QCA4004, QCA4024, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024, QCN9000, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 8cx Gen2, SD 8cx Gen3, SD429, SD460, SD480, SD662, SD665, SD680, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM429W, SDX24, SDX55, SDX55M, SDX57M, SDXR1, SDXR2 5G, SM6375, SM725 ...[truncated*]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control in Core",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T10:11:09.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"x_ConverterErrors": {
"version_name": {
"error": "version_name too long. Use array of versions to record more than one version.",
"message": "Truncated!"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-30349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, MDM9150, MDM9205, QCA4004, QCA4024, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024, QCN9000, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 8cx Gen2, SD 8cx Gen3, SD429, SD460, SD480, SD662, SD665, SD680, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM429W, SDX24, SDX55, SDX55M, SDX57M, SDXR1, SDXR2 5G, SM6375, SM7250P, SM7325P, SW5100, SW5100P, SXR2150P, WCD9306, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking"
}
]
},
"impact": {
"cvss": {
"baseScore": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control in Core"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2021-30349",
"datePublished": "2022-06-14T10:11:09.000Z",
"dateReserved": "2021-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:32:41.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-30350 (GCVE-0-2021-30350)
Vulnerability from cvelistv5 – Published: 2022-06-14 10:11 – Updated: 2024-08-03 22:32
VLAI
EPSS
Summary
Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
Severity
8.4 (High)
CWE
- Improper Authentication in Core
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables |
Affected:
AQT1000, AR8035, CSRB31024, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564AU, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, SA415M, SA515M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD 675, SD 8 Gen1 5G, SD 8cx Gen2, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:32:40.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000, AR8035, CSRB31024, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564AU, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, SA415M, SA515M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD 675, SD 8 Gen1 5G, SD 8cx Gen2, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authentication in Core",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T10:11:10.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-30350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "AQT1000, AR8035, CSRB31024, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564AU, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, SA415M, SA515M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD 675, SD 8 Gen1 5G, SD 8cx Gen2, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": 8.4,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authentication in Core"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2021-30350",
"datePublished": "2022-06-14T10:11:11.000Z",
"dateReserved": "2021-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:32:40.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34866 (GCVE-0-2021-34866)
Vulnerability from cvelistv5 – Published: 2022-01-25 15:30 – Updated: 2024-08-04 00:26
VLAI
EPSS
Summary
This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689.
Severity
8.8 (High)
CWE
- CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2022021… | x_refsource_CONFIRM |
Credits
Ryota Shiga(@Ga_ryo_) of Flatt Security
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:26:54.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1148/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220217-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kernel",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14-rc3"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ryota Shiga(@Ga_ryo_) of Flatt Security"
}
],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-843",
"description": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-17T17:06:22.000Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1148/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220217-0008/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2021-34866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kernel",
"version": {
"version_data": [
{
"version_value": "5.14-rc3"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
},
"credit": "Ryota Shiga(@Ga_ryo_) of Flatt Security",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689."
}
]
},
"impact": {
"cvss": {
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1148/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1148/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220217-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220217-0008/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2021-34866",
"datePublished": "2022-01-25T15:30:36.000Z",
"dateReserved": "2021-06-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:26:54.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-35070 (GCVE-0-2021-35070)
Vulnerability from cvelistv5 – Published: 2022-06-14 10:11 – Updated: 2024-08-04 00:33
VLAI
EPSS
Summary
RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile
Severity
6.5 (Medium)
CWE
- Information Exposure in Kernel
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Industrial IOT, Snapdragon Mobile |
Affected:
QCM6125, QCS6125, SD665, WCD9370, WCD9375, WCN3950, WCN3980, WSA8810, WSA8815
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.154Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Industrial IOT, Snapdragon Mobile",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "QCM6125, QCS6125, SD665, WCD9370, WCD9375, WCN3950, WCN3980, WSA8810, WSA8815"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure in Kernel",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T10:11:12.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-35070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "QCM6125, QCS6125, SD665, WCD9370, WCD9375, WCN3950, WCN3980, WSA8810, WSA8815"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile"
}
]
},
"impact": {
"cvss": {
"baseScore": 6.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure in Kernel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2021-35070",
"datePublished": "2022-06-14T10:11:12.000Z",
"dateReserved": "2021-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:33:51.154Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…