April 2022 Security Bulletin
Updated On: 06/27/2022
This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security issues that have been addressed in QTI’s proprietary code and (ii) links to publicly available code where security issues have been addressed.
Please reach out to [email protected] for any questions related to this bulletin.
Table of Contents
| Announcements |
| Acknowledgements |
| Proprietary Software Issues |
| Open Source Software Issues |
| Industry Coordination |
Announcements
None
Acknowledgements
We would like to thank these researchers for their contributions in reporting these issues to us.
| CVE-2021-30327 | Christopher Wade |
| CVE-2021-35081,CVE-2021-35071 | Gengjia Chen ( @chengjia4574 ) from IceSword Lab |
| CVE-2021-35112 | Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/ for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin. |
| CVE-2021-30344 | Syed Rafiul Hussain, Abdullah Al Ishtiaq, Penn State; Imtiaz Karim, Elisa Bertino, Purdue; Omar Chowdhury, University of Iowa |
| CVE-2021-35100 | Le Wu of Baidu Security |
Proprietary Software Issues
The tables below summarize security vulnerabilities that were addressed through proprietary software
This table lists high impact security vulnerabilities. Patches have been released for affected products.OEMs have been notified and strongly recommended to release patches on end devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2021-30327 | Critical | High | BOOT | 10/19/2021 |
| CVE-2021-30339 | Critical | Critical | Key Provisioning | Internal |
| CVE-2021-30341 | Critical | Critical | Data Modem | Internal |
| CVE-2021-30342 | Critical | Critical | LTE | Internal |
| CVE-2021-30343 | Critical | Critical | Modem | Internal |
| CVE-2021-30347 | Critical | Critical | Modem | Internal |
| CVE-2021-35104 | Critical | Critical | Audio | Internal |
| CVE-2021-35126 | Critical | High | DSP Service | Internal |
| CVE-2021-30281 | High | High | Core | Internal |
| CVE-2021-30338 | High | High | Core | Internal |
| CVE-2021-30340 | High | High | Modem | Internal |
| CVE-2021-30344 | High | High | Multi-Mode Call Processor | 06/14/2021 |
| CVE-2021-30345 | High | Medium | KERNEL | Internal |
| CVE-2021-30346 | High | Medium | KERNEL | Internal |
| CVE-2021-30349 | High | High | Core | Internal |
| CVE-2021-30350 | High | High | Core | Internal |
| CVE-2021-35070 | High | Medium | KERNEL | Internal |
| CVE-2021-35100 | High | High | Video | 07/15/2021 |
| CVE-2021-35129 | High | High | BT Controller | Internal |
CVE-2021-30327
| CVE ID | CVE-2021-30327 |
| Title | Buffer overflow in EDL Sahara protocol |
| Description | Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data |
| Technology Area | BOOT |
| Vulnerability Type | CWE-400 |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L |
| Date Reported | 2021/10/19 |
| Customer Notified Date | 2021/12/13 |
| Affected Chipsets* | APQ8097, APQ8098, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, MDM9205, MSM8997, MSM8998, QCA6595, QCA6595AU, QCN7605, QCN7605W, QCN7606, QCN7606W, QCS401, QCS402, QCS403, QCS404, QCS405, QCS407, SA2145P, SA2150P, SA4150P, SA4155P, SA415M, SA4250P, SA515M, SA6115, SA6115P, SA6125, SA6125P, SA6145, SA6145P, SA615x, SA615xP, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC7180P, SC8180X, SC8180XP, SDA658, SDA660, SDA670, SDA830, SDA845, SDM640, SDM658, SDM660, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDPX55M, SDX24, SDX24M, SDX55, SM4250, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P |
CVE-2021-30339
| CVE ID | CVE-2021-30339 |
| Title | Key Management Errors in Key Provisioning |
| Description | Reading PRNG output may lead to improper key generation due to lack of buffer validation |
| Technology Area | Key Provisioning |
| Vulnerability Type | CWE-320 Key Management Errors |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.0 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N |
| Date Reported | Internal |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | AR8035, QCA6391, QCA8081, QCA8337, QCA9984, QCM2290, QCM4290, QCM6490, QCS2290, QCS405, QCS4290, QCS6490, SD 8 Gen1 5G, SD460, SD480, SD662, SD680, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD888, SD888 5G, SDX57M, SDX65, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2021-30341
| CVE ID | CVE-2021-30341 |
| Title | Stack-based Buffer Overflow in Data Modem |
| Description | Improper buffer size validation of DSM packet received can lead to memory corruption |
| Technology Area | Data Modem |
| Vulnerability Type | CWE-121 Stack-based Buffer Overflow |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.8 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | APQ8009W, APQ8096AU, AQT1000, AR8035, CSRB31024, MDM8207, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MSM8909W, MSM8996AU, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QCX315, QSW8573, SA415M, SA515M, SD 675, SD 8 Gen1 5G, SD 8cx Gen2, SD205, SD210, SD429, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9306, WCD9330, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835 |
CVE-2021-30342
| CVE ID | CVE-2021-30342 |
| Title | Time-of-check Time-of-use Race Condition in Modem |
| Description | Improper integrity check can lead to race condition between tasks after a valid RRC Command packet has been received |
| Technology Area | LTE |
| Vulnerability Type | CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.1 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| Date Reported | Internal |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | APQ8009W, APQ8017, APQ8096AU, AQT1000, CSRB31024, FSM10055, FSM10056, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA4004, QCA6174A, QCA6420, QCA6430, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA9367, QCA9377, QCM2290, QCM4290, QCM6125, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QSW8573, SA415M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD 675, SD 8cx Gen2, SD205, SD210, SD429, SD439, SD460, SD660, SD662, SD665, SD675, SD678, SD680, SD720G, SD730, SD7c, SD850, SD855, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDXR1, SM6250, SM6250P, SW5100, SW5100P, WCD9306, WCD9330, WCD9370, WCD9375, WCD9380, WCN3610, WCN3620, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WSA8830, WSA8835 |
CVE-2021-30343
| CVE ID | CVE-2021-30343 |
| Title | Time-of-check Time-of-use Race Condition in Modem |
| Description | Improper integrity check can lead to race condition between tasks after a valid RRC Command packet has been received |
| Technology Area | Modem |
| Vulnerability Type | CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.1 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| Date Reported | Internal |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM6490, QCS6490, QCX315, SA515M, SD 675, SD 8 Gen1 5G, SD480, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2021-30347
| CVE ID | CVE-2021-30347 |
| Title | Time-of-check Time-of-use Race Condition in Modem |
| Description | Improper integrity check can lead to race condition between tasks right after a valid RRC Command packet has been received |
| Technology Area | Modem |
| Vulnerability Type | CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.1 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| Date Reported | Internal |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM6490, QCS6490, QCX315, SA515M, SD 675, SD 8 Gen1 5G, SD480, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2021-35104
| CVE ID | CVE-2021-35104 |
| Title | Buffer Copy Without Checking Size of Input in Audio |
| Description | Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip |
| Technology Area | Audio |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.8 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/01/03 |
| Affected Chipsets* | APQ8009W, APQ8017, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078A, IPQ8173, IPQ8174, MDM9150, MDM9206, MDM9250, MDM9607, MDM9628, MSM8909W, MSM8996AU, QAM8295P, QCA4024, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6428, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9889, QCM2290, QCM4290, QCM6125, QCM6490, QCN5022, QCN5024, QCN5052, QCN5064, QCN5122, QCN5124, QCN5152, QCN5164, QCN5550, QCN9000, QCN9011, QCN9012, QCN9074, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, QSW8573, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 675, SD 8 Gen1 5G, SD205, SD210, SD429, SD439, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9330, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835 |
CVE-2021-35126
| CVE ID | CVE-2021-35126 |
| Title | Improper Validation of Array Index in DSP Service |
| Description | Memory corruption in DSP service due to improper validation of input parameters |
| Technology Area | DSP Service |
| Vulnerability Type | CWE-129 Improper Validation of Array Index |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/01/03 |
| Affected Chipsets* | QAM8295P, QCA6391, QCA6696, QCM6490, QCS6490, SA8295P, SD 8 Gen1 5G, SD 8cx Gen3, SD778G, SD780G, SD888, SD888 5G, SM7315, SM7325P, WCD9370, WCD9375, WCD9380, WCD9385, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835 |
CVE-2021-30281
| CVE ID | CVE-2021-30281 |
| Title | Improper Access Control in Core |
| Description | Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device configuration |
| Technology Area | Core |
| Vulnerability Type | CWE-284 Improper Access Control |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, MDM9150, MDM9205, QCA4004, QCA4024, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024, QCN9000, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCS8155, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8cx Gen2, SD460, SD480, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD7c, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX24, SDX55, SDX55M, SDX57M, SDXR1, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9306, WCD9335, WCD9340, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2021-30338
| CVE ID | CVE-2021-30338 |
| Title | Improper Input Validation in Core |
| Description | Improper input validation in TrustZone memory transfer interface can lead to information disclosure |
| Technology Area | Core |
| Vulnerability Type | CWE-20 Improper Input Validation |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.1 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N |
| Date Reported | Internal |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | SD850, SDXR1 |
CVE-2021-30340
| CVE ID | CVE-2021-30340 |
| Title | Reachable Assertion in Modem |
| Description | Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode |
| Technology Area | Modem |
| Vulnerability Type | CWE-617 Reachable Assertion |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM6490, QCS6490, QCX315, SA515M, SD 8 Gen1 5G, SD480, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD865 5G, SD870, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM6375, SM7250P, SM7325P, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2021-30344
| CVE ID | CVE-2021-30344 |
| Title | Improper Authorization in Modem |
| Description | Improper authorization of a replayed LTE security mode command can lead to a denial of service |
| Technology Area | Multi-Mode Call Processor |
| Vulnerability Type | CWE-285 Improper Authorization |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | 2021/06/14 |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | APQ8009W, APQ8017, APQ8053, APQ8096AU, AQT1000, AR6003, AR8035, CSRB31024, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9215, MDM9250, MDM9607, MDM9615, MDM9625, MDM9628, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8953, MSM8996AU, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QCX315, QET4101, QSW8573, Qualcomm215, SA415M, SA515M, SD 675, SD 8 Gen1 5G, SD 8cx Gen2, SD205, SD210, SD429, SD439, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2021-30345
| CVE ID | CVE-2021-30345 |
| Title | Configuration issue in Kernel |
| Description | RPM secure Stream can access any secure resource due to improper SMMU configuration |
| Technology Area | KERNEL |
| Vulnerability Type | CWE-16 Configuration |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | Medium |
| CVSS Score | 6.5 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| Date Reported | Internal |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | AR8035, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS4290, SD460, SD480, SD662, SD680, SM6375, SW5100, SW5100P, WCD9370, WCD9375, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2021-30346
| CVE ID | CVE-2021-30346 |
| Title | Configuration issue in Kernel |
| Description | RPM secure Stream can access any secure resource due to improper SMMU configuration |
| Technology Area | KERNEL |
| Vulnerability Type | CWE-16 Configuration |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | Medium |
| CVSS Score | 6.5 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| Date Reported | Internal |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | AR8035, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS4290, SD460, SD480, SD662, SD680, SM6375, SW5100, SW5100P, WCD9370, WCD9375, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2021-30349
| CVE ID | CVE-2021-30349 |
| Title | Improper Access Control in Core |
| Description | Improper access control sequence for AC database after memory allocation can lead to possible memory corruption |
| Technology Area | Core |
| Vulnerability Type | CWE-284 Improper Access Control |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.2 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, MDM9150, MDM9205, QCA4004, QCA4024, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024, QCN9000, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 8cx Gen2, SD 8cx Gen3, SD429, SD460, SD480, SD662, SD665, SD680, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM429W, SDX24, SDX55, SDX55M, SDX57M, SDXR1, SDXR2 5G, SM6375, SM7250P, SM7325P, SW5100, SW5100P, SXR2150P, WCD9306, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835 |
CVE-2021-30350
| CVE ID | CVE-2021-30350 |
| Title | Improper Authentication in Core |
| Description | Lack of MBN header size verification against input buffer can lead to memory corruption |
| Technology Area | Core |
| Vulnerability Type | CWE-287 Improper Authentication |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | AQT1000, AR8035, CSRB31024, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564AU, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCX315, SA415M, SA515M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD 675, SD 8 Gen1 5G, SD 8cx Gen2, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835 |
CVE-2021-35070
| CVE ID | CVE-2021-35070 |
| Title | Information Exposure in Kernel |
| Description | RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure |
| Technology Area | KERNEL |
| Vulnerability Type | CWE-200 Information Exposure |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | Medium |
| CVSS Score | 6.5 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| Date Reported | Internal |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | QCM6125, QCS6125, SD665, WCD9370, WCD9375, WCN3950, WCN3980, WSA8810, WSA8815 |
CVE-2021-35100
| CVE ID | CVE-2021-35100 |
| Title | Buffer Over-read in Video |
| Description | Possible buffer over read due to improper calculation of string length while parsing Id3 tag |
| Technology Area | Video |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Remote |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.5 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | 2021/07/15 |
| Customer Notified Date | 2022/01/03 |
| Affected Chipsets* | APQ8009W, APQ8017, APQ8064AU, APQ8096AU, AQT1000, AR8031, CSRA6620, CSRA6640, FSM10055, FSM10056, MDM9206, MDM9250, MDM9607, MDM9628, MSM8909W, MSM8996AU, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA9367, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, Qualcomm215, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8 Gen1 5G, SD205, SD210, SD429, SD460, SD480, SD662, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX20, SDX55M, SDXR2 5G, SM6250, SM6375, SM7250P, SM7315, SM7325P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 |
CVE-2021-35129
| CVE ID | CVE-2021-35129 |
| Title | Buffer Copy Without Checking Size of Input in BT Controller |
| Description | Memory corruption in BT controller due to improper length check while processing vendor specific commands |
| Technology Area | BT Controller |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 7.8 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/01/03 |
| Affected Chipsets* | AR8035, IPQ5010, IPQ5018, IPQ5028, QCA2062, QCA2064, QCA2065, QCA2066, QCA6391, QCA8081, QCA8337, QCC710, QCM6490, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS6490, SD 8 Gen1 5G, SD 8cx Gen3, SD888, SD888 5G, SDX65, WCD9370, WCD9375, WCD9380, WCD9385, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835 |
*The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
Open Source Software Issues
The tables below summarize security vulnerabilities that were addressed through open source software
This table lists high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2021-35081 | Critical | Critical | WLAN HOST | 07/30/2021 |
| CVE-2021-35112 | Critical | High | Graphics | 09/29/2021 |
| CVE-2021-35123 | Critical | High | Bluetooth HOST | Internal |
| CVE-2021-30334 | High | High | Display | Internal |
| CVE-2021-35091 | High | High | Graphics | Internal |
| CVE-2021-35095 | High | High | Kernel | Internal |
| CVE-2021-35130 | High | High | Graphics | Internal |
This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.
| Public ID | Security Rating | CVSS Rating | Technology Area | Date Reported |
|---|---|---|---|---|
| CVE-2021-35071 | Medium | Medium | Automotive Connectivity | 07/15/2021 |
CVE-2021-35081
| CVE ID | CVE-2021-35081 |
| Title | Buffer Copy Without Checking Size of Input in WLAN |
| Description | Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session |
| Technology Area | WLAN HOST |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | Critical |
| CVSS Score | 9.8 |
| CVSS String | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2021/07/30 |
| Customer Notified Date | 2022/01/03 |
| Affected Chipsets* | AQT1000, AR8035, QCA6390, QCA6391, QCA6564, QCA6564AU, QCA6574A, QCA8081, QCA8337, QCM2290, QCM4290, QCM6125, QCM6490, QCN7605, QCN7606, QCS2290, QCS4290, QCS610, QCS6125, QCS6490, QRB5165, QRB5165M, QRB5165N, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD460, SD480, SD662, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888 5G, SDX55, SDX55M, SDX65, SDXR1, SM6375, SM7250P, SM7325P, WCD9326, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 |
| Patch** |
CVE-2021-35112
| CVE ID | CVE-2021-35112 |
| Title | Improper Access Control in Graphics |
| Description | A user with user level permission can access graphics protected region due to improper access control in register configuration |
| Technology Area | Graphics |
| Vulnerability Type | CWE-284 Improper Access Control |
| Access Vector | Local |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | 2021/09/29 |
| Customer Notified Date | 2021/12/06 |
| Affected Chipsets* | APQ8009W, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, MDM9150, MSM8909W, QAM8295P, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8337, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QET4101, QRB5165, QRB5165M, QRB5165N, QSW8573, Qualcomm215, SA515M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SD 8 Gen1 5G, SD205, SD210, SD429, SD460, SD480, SD662, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDX12, SDX24, SDX55, SDX55M, SDXR2 5G, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3660B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 |
| Patch** |
CVE-2021-35123
| CVE ID | CVE-2021-35123 |
| Title | Buffer Copy Without Checking Size of Input in Bluetooth HOST |
| Description | Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air |
| Technology Area | Bluetooth HOST |
| Vulnerability Type | CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow') |
| Access Vector | Remote |
| Security Rating | Critical |
| CVSS Rating | High |
| CVSS Score | 8.8 |
| CVSS String | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/01/03 |
| Affected Chipsets* | AQT1000, QCA6390, QCA6391, SD 8 Gen1 5G, SD480, SD660, SD778G, SD780G, SD855, SD865 5G, SD870, SD888 5G, SDX55M, SM6375, SM7325P, WCD9335, WCD9370, WCD9375, WCD9380, WCD9385, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835 |
| Patch** |
CVE-2021-30334
| CVE ID | CVE-2021-30334 |
| Title | Use After Free in Display |
| Description | Possible use after free due to lack of null check of DRM file status after file structure is freed |
| Technology Area | Display |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/01/03 |
| Affected Chipsets* | APQ8009W, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9150, MSM8909W, QAM8295P, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCN9011, QCN9012, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCS8155, QCX315, QET4101, QRB5165, QRB5165M, QRB5165N, QSM8250, QSW8573, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 675, SD 8 Gen1 5G, SD205, SD210, SD429, SD439, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, SXR2150P, WCD9335, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835 |
| Patch** |
|
CVE-2021-35091
| CVE ID | CVE-2021-35091 |
| Title | Incorrect Type Conversion or Cast in Linux Graphics |
| Description | Possible out of bounds read due to improper typecasting while handling page fault for global memory |
| Technology Area | Graphics |
| Vulnerability Type | CWE-704 Incorrect Type Conversion or Cast |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2021/11/01 |
| Affected Chipsets* | SD 8 Gen1 5G, WCD9380, WCN6855, WCN6856, WSA8830, WSA8835 |
| Patch** |
CVE-2021-35095
| CVE ID | CVE-2021-35095 |
| Title | Time-of-check Time-of-use Race Condition in Kernel |
| Description | Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label |
| Technology Area | Kernel |
| Vulnerability Type | CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2021/11/01 |
| Affected Chipsets* | AR8035, QCA8081, QCA8337, SD 8 Gen1 5G, SDX65, SM7450, SM8475, SM8475P, WCD9370, WCD9375, WCD9380, WCD9385, WCN6750, WCN6855, WCN6856, WCN7851, WSA8830, WSA8832, WSA8835 |
| Patch** |
CVE-2021-35130
| CVE ID | CVE-2021-35130 |
| Title | Use After Free in Graphics |
| Description | Memory corruption in graphics support layer due to use after free condition |
| Technology Area | Graphics |
| Vulnerability Type | CWE-416 Use After Free |
| Access Vector | Local |
| Security Rating | High |
| CVSS Rating | High |
| CVSS Score | 8.4 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| Date Reported | Internal |
| Customer Notified Date | 2022/01/03 |
| Affected Chipsets* | AR8035, QAM8295P, QCA6174A, QCA6391, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCM6490, QCS410, QCS610, QCS6490, SA4150P, SA4155P, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8295P, SD480, SD778G, SD780G, SD888, SD888 5G, SDX12, SDX65, SM6375, SM7315, SM7325P, SW5100, SW5100P, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 |
| Patch** |
CVE-2021-35071
| CVE ID | CVE-2021-35071 |
| Title | Buffer Over-read in WLAN |
| Description | Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service |
| Technology Area | Automotive Connectivity |
| Vulnerability Type | CWE-126 Buffer Over-read |
| Access Vector | Local |
| Security Rating | Medium |
| CVSS Rating | Medium |
| CVSS Score | 5.5 |
| CVSS String | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Date Reported | 2021/07/15 |
| Customer Notified Date | 2021/10/04 |
| Affected Chipsets* | AQT1000, AR8035, AR9380, CSR8811, CSRB31024, FSM10055, FSM10056, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, PMP8074, QAM8295P, QCA4024, QCA6175A, QCA6390, QCA6391, QCA6426, QCA6428, QCA6436, QCA6438, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA7500, QCA8072, QCA8075, QCA8081, QCA8337, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS4290, QCS610, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8295P, SD 8 Gen1 5G, SD460, SD480, SD662, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888 5G, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6375, SM7250P, SM7325P, SW5100, SW5100P, WCD9326, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 |
| Patch** |
* The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.
** Data is generated only at the time of bulletin creation
Industry Coordination
Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:
- Consideration of security protections such as SELinux not enforced on some platforms
- Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel
All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.
Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.
This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.
Qualcomm Technologies, Inc.
San Diego, CA 92121
U.S.A.
© 2022 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.
- Table of Contents
- Announcements
- Acknowledgements
- Proprietary Software Issues
- CVE-2021-30327
- CVE-2021-30339
- CVE-2021-30341
- CVE-2021-30342
- CVE-2021-30343
- CVE-2021-30347
- CVE-2021-35104
- CVE-2021-35126
- CVE-2021-30281
- CVE-2021-30338
- CVE-2021-30340
- CVE-2021-30344
- CVE-2021-30345
- CVE-2021-30346
- CVE-2021-30349
- CVE-2021-30350
- CVE-2021-35070
- CVE-2021-35100
- CVE-2021-35129
- Open Source Software Issues
- CVE-2021-35081
- CVE-2021-35112
- CVE-2021-35123
- CVE-2021-30334
- CVE-2021-35091
- CVE-2021-35095
- CVE-2021-35130
- CVE-2021-35071
- Industry Coordination
