CVE-2021-35091 - OpenCVE

Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qualcomm	Sd 8 Gen1 5g Firmware Sm8475 Wcd9380 Wcd9380 Firmware Wcn6855 Wcn6855 Firmware Wcn6856 Wcn6856 Firmware Wsa8830 Wsa8830 Firmware Wsa8835 Wsa8835 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm8475:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn6855:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn6856:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin

History

No history.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2022-06-14T10:11:17

Updated: 2024-08-04T00:33:50.676Z

Reserved: 2021-06-21T00:00:00

Link: CVE-2021-35091

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-06-14T10:15:16.503

Modified: 2023-04-19T17:10:55.030

Link: CVE-2021-35091

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Snapdragon Connectivity, Snapdragon Mobile", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "SD 8 Gen1 5G, WCD9380, WCN6855, WCN6856, WSA8830, WSA8835"}]}], "descriptions": [{"lang": "en", "value": "Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Incorrect Type Conversion or Cast in Linux Graphics", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-14T10:11:17", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@qualcomm.com", "ID": "CVE-2021-35091", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Snapdragon Connectivity, Snapdragon Mobile", "version": {"version_data": [{"version_value": "SD 8 Gen1 5G, WCD9380, WCN6855, WCN6856, WSA8830, WSA8835"}]}}]}, "vendor_name": "Qualcomm, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile"}]}, "impact": {"cvss": {"baseScore": 8.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incorrect Type Conversion or Cast in Linux Graphics"}]}]}, "references": {"reference_data": [{"name": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:33:50.676Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"}]}]}, "cveMetadata": {"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2021-35091", "datePublished": "2022-06-14T10:11:17", "dateReserved": "2021-06-21T00:00:00", "dateUpdated": "2024-08-04T00:33:50.676Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "76910884-45D9-4EA2-BA30-44A8C7CC1339", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sm8475:-:*:*:*:*:*:*:*", "matchCriteriaId": "E626A19A-DBE3-4DE9-90DA-FA3F883FF3CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "70292B01-617F-44AD-AF77-1AFC1450523D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA94C6D6-85DB-4031-AAF4-C399019AE16D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "180EB150-C114-429D-941F-9B99CDA4F810", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wcn6855:-:*:*:*:*:*:*:*", "matchCriteriaId": "93BA62AF-3555-463A-8B51-76F07BF0B87E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "54C616C5-6480-4FE0-9A1C-08026CCB08D8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wcn6856:-:*:*:*:*:*:*:*", "matchCriteriaId": "7D8E02BA-3A7E-4B13-A8D7-20FD0FAE3187", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "11B69595-E488-4590-A150-CE5BE08B5E13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF680174-5FA6-47D9-8EAB-CC2A37A7BD42", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F80BC68E-7476-4A40-9F48-53722FE9A5BF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*", "matchCriteriaId": "6B36F4B2-BAA3-45AD-9967-0EB482C99708", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile"}, {"lang": "es", "value": "Una posible lectura fuera de l\u00edmites debido a una asignaci\u00f3n de tipos inapropiada mientras se maneja un fallo de p\u00e1gina para la memoria global en Snapdragon Connectivity, Snapdragon Mobile"}], "id": "CVE-2021-35091", "lastModified": "2023-04-19T17:10:55.030", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "product-security@qualcomm.com", "type": "Secondary"}]}, "published": "2022-06-14T10:15:16.503", "references": [{"source": "product-security@qualcomm.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"}], "sourceIdentifier": "product-security@qualcomm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-704"}], "source": "nvd@nist.gov", "type": "Primary"}]}