August 2021 Security Bulletin

Version 1.0

Published: 08/02/2021

This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security vulnerabilities that have been addressed in QTI’s proprietary code and (ii) links to related code that has been contributed to Code Aurora Forum (CAF), a Linux Foundation Collaborative Project, to address security vulnerabilities for customers who incorporate Linux-based software from CAF into their devices..

Please reach out to [email protected] for any questions related to this bulletin.

Announcements

None.

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2020-11264, CVE-2020-11301, CVE-2020-24587, CVE-2020-24588, CVE-2020-26139, CVE-2020-26140, CVE-2020-26141, CVE-2020-26143, CVE-2020-26144, CVE-2020-26145, CVE-2020-26146, CVE-2020-26147	Mathy Vanhoef, New York University Abu Dhabi
CVE-2021-1972	Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/ for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin.
CVE-2021-1947	Jann Horn from Google Project Zero
CVE-2021-30260	Peter Park (peterpark)
CVE-2021-1904	Ben Hawkes and Jann Horn of Google Project Zero
CVE-2021-1928	Gengjia Chen ( @chengjia4574 ) from IceSword Lab
CVE-2021-1929	KryptoWire
CVE-2021-1930	Externally reported to Xiaomi who reported it to us

Proprietary Software Issues

The tables below summarize security vulnerabilities that were addressed through proprietary software

This table lists high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.

Public ID	Security Rating	CVSS Rating	Technology Area	Date Reported
CVE-2021-1916	Critical	Critical	Data Modem	Internal
CVE-2021-1919	Critical	Critical	Data Modem	Internal
CVE-2021-1920	Critical	Critical	Data Modem	Internal
CVE-2020-26140	High	High	WLAN Firmware	12/13/2020
CVE-2020-26143	High	High	WiFi Host	12/13/2020
CVE-2020-26144	High	High	WiFi Host	12/13/2020
CVE-2020-26147	High	High	WiFi Host	12/13/2020
CVE-2021-1914	High	High	Data Modem	Internal
CVE-2021-1923	High	High	HLOS	Internal
CVE-2021-30260	High	High	WLAN Firmware	02/14/2021
CVE-2021-30261	High	High	WLAN Firmware	12/07/2017

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

Public ID	Security Rating	CVSS Rating	Technology Area	Date Reported
CVE-2021-1929	Medium	Medium	Android_Core	10/19/2020
CVE-2021-1930	Medium	Medium	Boot	10/22/2020

CVE-2021-1916

CVE ID	CVE-2021-1916
Title	Integer Overflow to Buffer Overflow in Data Modem
Description	Possible buffer underflow due to lack of check for negative indices values when processing user provided input
Technology Area	Data Modem
Vulnerability Type	CWE-680 Integer Overflow to Buffer Overflow
Access Vector	Remote
Security Rating	Critical
CVSS Rating	Critical
CVSS Score	9.8
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	Internal
Customer Notified Date	02/01/2021
Affected Chipsets*	APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8084, APQ8096AU, AQT1000, AR6003, CSR6030, CSRB31024, MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9205, MDM9206, MDM9207, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9615M, MDM9625, MDM9628, MDM9630, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8976SG, MSM8996AU, QCA1990, QCA4004, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6694, QCA6694AU, QCA6696, QCA9367, QCA9377, QCA9379, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCX315, QSW8573, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD480, SD632, SD665, SD670, SD675, SD678, SD690 5G, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM429W, SDM630, SDW2500, SDX12, SDX20, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM6250, SM6250P, SM7250, WCD9306, WCD9330, WCD9340, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-1919

CVE ID	CVE-2021-1919
Title	Integer Underflow in Data Modem
Description	Integer underflow can occur when the RTCP length is lesser than than the actual blocks present
Technology Area	Data Modem
Vulnerability Type	CWE-191 Integer Underflow (Wrap or Wraparound)
Access Vector	Remote
Security Rating	Critical
CVSS Rating	Critical
CVSS Score	9.8
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	Internal
Customer Notified Date	02/01/2021
Affected Chipsets*	APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8084, APQ8096AU, AQT1000, CSR6030, CSRB31024, MDM8207, MDM9150, MDM9206, MDM9207, MDM9250, MDM9607, MDM9625, MDM9628, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8976SG, MSM8996AU, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6694, QCA6694AU, QCA6696, QCA9367, QCA9377, QCA9379, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCX315, QSW8573, Qualcomm215, SA415M, SA515M, SA8155, SA8155P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD480, SD632, SD665, SD670, SD675, SD678, SD690 5G, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888 5G, SDM630, SDW2500, SDX12, SDX20, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM6250, SM6250P, SM7250, WCD9306, WCD9330, WCD9340, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-1920

CVE ID	CVE-2021-1920
Title	Integer Underflow in Data Modem
Description	Integer underflow can occur due to improper handling of incoming RTCP packets
Technology Area	Data Modem
Vulnerability Type	CWE-191 Integer Underflow (Wrap or Wraparound)
Access Vector	Remote
Security Rating	Critical
CVSS Rating	Critical
CVSS Score	9.8
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	Internal
Customer Notified Date	02/01/2021
Affected Chipsets*	APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8084, APQ8096AU, AQT1000, AR6003, CSR6030, CSRB31024, MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9205, MDM9206, MDM9207, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9615M, MDM9625, MDM9628, MDM9630, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8976SG, MSM8996AU, QCA1990, QCA4004, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6694, QCA6694AU, QCA6696, QCA9367, QCA9377, QCA9379, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCX315, QSW8573, Qualcomm215, SA415M, SA515M, SA8155, SA8155P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD480, SD632, SD665, SD670, SD675, SD678, SD690 5G, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888 5G, SDM630, SDW2500, SDX12, SDX20, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM6250, SM6250P, SM7250, WCD9306, WCD9330, WCD9340, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2020-26140

CVE ID	CVE-2020-26140
Title	Accepting plaintext data frames in a protected network
Description	Allowing plain text data frames in a protected network can lead to information disclosure
Technology Area	WLAN Firmware
Vulnerability Type	CWE-287 Improper Authentication
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	7.5
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Date Reported	12/13/2020
Customer Notified Date	07/05/2021
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064AU, APQ8076, APQ8096AU, AR8031, CSR6030, CSRA6620, CSRA6640, CSRB31024, MDM8215, MDM9206, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9626, MDM9628, MDM9640, MDM9645, MDM9650, MDM9655, MSM8976, MSM8996AU, QCA0000, QCA1023, QCA4020, QCA6174, QCA6174A, QCA6175A, QCA6234, QCA6310, QCA6320, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA9367, QCA9377, QCA9378A, QCA9379, QCA9886, QCS405, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD210, SD820, SD821, SD845, SDX12, SDX20, SDX20M, SDX24, SDX55, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3980, WCN3990, WCN3998, WCN3999, WSA8810, WSA8815

CVE-2020-26143

CVE ID	CVE-2020-26143
Title	Accepting fragmented plaintext data frames in a protected network
Description	Improper authentication of fragmented plaintext data frames in an encrypted network can lead to information disclosure
Technology Area	WiFi Host
Vulnerability Type	CWE-287 Improper Authentication
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	7.5
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Date Reported	12/13/2020
Customer Notified Date	07/05/2021
Affected Chipsets*	AR9380, IPQ4019, IPQ8065, QCA6320, QCA9558, QCA9563, QCA9880, QCA9888, QCA9984, QCA9994, QCN5502

CVE-2020-26144

CVE ID	CVE-2020-26144
Title	Accepting plaintext A-MSDU frames that start with an RFC1042 header with EtherType EAPOL in an encrypted network
Description	Improper authentication of plaintext EAPOL A-MSDU frames from unauthenticated user can lead to packet injection in an encrypted network
Technology Area	WiFi Host
Vulnerability Type	CWE-287 Improper Authentication
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	7.5
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Date Reported	12/13/2020
Customer Notified Date	07/05/2021
Affected Chipsets*	AR7420, AR9380, CSR8811, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078A, IPQ8173, IPQ8174, PMP8074, QCA4024, QCA6320, QCA6428, QCA6438, QCA7500, QCA7520, QCA7550, QCA8072, QCA8075, QCA8081, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9896, QCA9898, QCA9980, QCA9982, QCA9984, QCA9985, QCA9986, QCA9987, QCA9988, QCA9990, QCA9992, QCA9994, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5502, QCN5550, QCN9000, QCN9022, QCN9024, QCN9074

CVE-2020-26147

CVE ID	CVE-2020-26147
Title	Reassembling mixed encrypted/plaintext fragments
Description	Allowing the reassembling of fragments encrypted under different keys can lead to information disclosure
Technology Area	WiFi Host
Vulnerability Type	CWE-310 Cryptographic Issues
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	7.5
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Date Reported	12/13/2020
Customer Notified Date	07/05/2021
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5018, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078A, IPQ8173, IPQ8174, MDM9206, MDM9250, MDM9607, MDM9626, MDM9628, MDM9640, MDM9645, MDM9650, MDM9655, MSM8996AU, PMP8074, QCA0000, QCA1023, QCA4020, QCA4024, QCA6164, QCA6174, QCA6174A, QCA6175A, QCA6234, QCA6310, QCA6320, QCA6420, QCA6428, QCA6430, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA7500, QCA8072, QCA8075, QCA8081, QCA9367, QCA9377, QCA9378A, QCA9379, QCA9558, QCA9563, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5502, QCN5550, QCN7605, QCN7606, QCN9000, QCN9022, QCN9024, QCN9074, QCN9100, QCS405, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 8CX, SD210, SD7c, SD820, SD821, SD835, SD845, SDX12, SDX20, SDX20M, SDX24, SDX55, SM6250, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCN3610, WCN3615, WCN3660B, WCN3980, WCN3990, WCN3991, WCN3998, WCN3999, WCN6850, WSA8810, WSA8815

CVE-2021-1914

CVE ID	CVE-2021-1914
Title	Loop with Unreachable Exit Condition in Modem
Description	Loop with unreachable exit condition may occur due to improper handling of unsupported input
Technology Area	Data Modem
Vulnerability Type	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	7.5
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported	Internal
Customer Notified Date	02/01/2021
Affected Chipsets*	APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8096AU, AQT1000, CSR6030, CSRB31024, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8976SG, MSM8996AU, QCA4004, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6694, QCA6694AU, QCA6696, QCA9367, QCA9377, QCA9379, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCX315, QSW8573, Qualcomm215, SA415M, SA515M, SA8155, SA8155P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD480, SD632, SD665, SD670, SD675, SD678, SD690 5G, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM429W, SDM630, SDW2500, SDX12, SDX20, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM6250, SM6250P, SM7250, WCD9306, WCD9330, WCD9340, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-1923

CVE ID	CVE-2021-1923
Title	Incorrect Type Conversion or Cast in Trusted Application
Description	Incorrect pointer argument passed to trusted application TA could result in un-intended memory operations
Technology Area	HLOS
Vulnerability Type	CWE-704 Incorrect Type Conversion or Cast
Access Vector	Local
Security Rating	High
CVSS Rating	High
CVSS Score	7.8
CVSS String	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported	Internal
Customer Notified Date	02/01/2021
Affected Chipsets*	AQT1000, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCM2290, QCM4290, QCS2290, QCS4290, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8C, SD 8CX, SD460, SD480, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888 5G, SDM830, SDX24, SDX50M, SDX55, SDX55M, SDXR2 5G, SM4125, SM6250, SM7250, SM7325, WCD9340, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-30260

CVE ID	CVE-2021-30260
Title	Integer Overflow to Buffer Overflow in WLAN
Description	Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received
Technology Area	WLAN Firmware
Vulnerability Type	CWE-680 Integer Overflow to Buffer Overflow
Access Vector	Local
Security Rating	High
CVSS Rating	High
CVSS Score	8.4
CVSS String	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	02/14/2021
Customer Notified Date	05/03/2021
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064AU, APQ8076, APQ8092, APQ8094, APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR6030, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8215, MDM9206, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9626, MDM9628, MDM9640, MDM9645, MDM9650, MSM8976, MSM8992, MSM8994, MSM8996AU, PMP8074, QCA0000, QCA1023, QCA1062, QCA1064, QCA1990, QCA2062, QCA2064, QCA2065, QCA2066, QCA4020, QCA4024, QCA4531, QCA6174, QCA6174A, QCA6175A, QCA6234, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9378A, QCA9379, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN6122, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QRB5165, QSM8350, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SC8280XP, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD210, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDM830, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250, SM7325, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6745, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-30261

CVE ID	CVE-2021-30261
Title	Buffer Copy Without Checking Size of Input in WLAN
Description	Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS
Technology Area	WLAN Firmware
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Local
Security Rating	High
CVSS Rating	High
CVSS Score	8.4
CVSS String	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	12/07/2017
Customer Notified Date	05/03/2021
Affected Chipsets*	APQ8009, APQ8009W, APQ8016, APQ8017, APQ8037, APQ8052, APQ8053, APQ8056, APQ8076, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8952, MSM8953, MSM8956, MSM8976, MSM8976SG, PM8937, QCA1990, QCA4020, QCA6174A, QCA9379, QET4101, QSW8573, Qualcomm215, SD205, SD210, SD429, SD439, SD450, SD632, SDW2500, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WSA8810, WSA8815

CVE-2021-1929

CVE ID	CVE-2021-1929
Title	Permissions, Privileges and Access Controls in Android
Description	Lack of strict validation of bootmode can lead to information disclosure
Technology Area	Android_Core
Vulnerability Type	CWE-264 Permissions, Privileges, and Access Controls
Access Vector	Local
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	6.2
CVSS String	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Date Reported	10/19/2020
Customer Notified Date	02/01/2021
Affected Chipsets*	APQ8096AU, AQT1000, MSM8996AU, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCM2290, QCM4290, QCM6125, QCS2290, QCS4290, QCS603, QCS605, QCS610, QCS6125, Qualcomm215, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD205, SD210, SD460, SD480, SD662, SD665, SD675, SD678, SD720G, SD730, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM830, SDX50M, SDX55, SDX55M, SDXR2 5G, SM6250, SM7250, SM7325, WCD9326, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-1930

CVE ID	CVE-2021-1930
Title	Improper Restrictions of Operations within the Bounds of a Memory Buffer in Trusted Application
Description	Possible out of bounds read due to incorrect validation of incoming buffer length
Technology Area	Boot
Vulnerability Type	CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Access Vector	Local
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	5.5
CVSS String	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Date Reported	10/22/2020
Customer Notified Date	02/01/2021
Affected Chipsets*	AQT1000, CSRB31024, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA9377, QCM2290, QCM4290, QCM6125, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QRB5165, QSM8250, QSM8350, SA415M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD460, SD480, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD855, SD865 5G, SD870, SD888 5G, SDX24, SDX50M, SDX55, SDX55M, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250, SM7325, WCD9326, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.

Open Source Software Issues

The tables below summarize security vulnerabilities that were addressed through open source software>

This table lists high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.

Public ID	Security Rating	CVSS Rating	Technology Area	Date Reported
CVE-2020-11264	Critical	Critical	WLAN Windows Host	12/13/2020
CVE-2020-11301	Critical	Critical	WIGIG	12/13/2020
CVE-2021-1972	Critical	Critical	WLAN HOST	11/10/2020
CVE-2021-1976	Critical	Critical	WLAN HOST	Internal
CVE-2020-24587	High	High	WLAN HOST	12/13/2020
CVE-2020-24588	High	High	WLAN Firmware	12/13/2020
CVE-2020-26139	High	High	WLAN Host Communication	12/13/2020
CVE-2020-26141	High	High	WLAN HOST	12/13/2020
CVE-2020-26145	High	High	WLAN HOST	12/13/2020
CVE-2020-26146	High	High	WLAN HOST	12/13/2020
CVE-2021-1939	High	High	Graphics	Internal
CVE-2021-1947	High	High	Graphics	12/11/2020
CVE-2021-1978	High	Medium	WLAN HOST	Internal
CVE-2021-1904	High	Medium	Graphics	09/15/2020

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

Public ID	Security Rating	CVSS Rating	Technology Area	Date Reported
CVE-2021-1928	Medium	Medium	Boot	09/08/2020

CVE-2020-11264

CVE ID	CVE-2020-11264
Title	Improper Authentication in WLAN
Description	Improper authentication of Non-EAPOL/WAPI plaintext frames during four-way handshake can lead to arbitrary network packet injection
Technology Area	WLAN Windows Host
Vulnerability Type	CWE-287 Improper Authentication
Access Vector	Remote
Security Rating	Critical
CVSS Rating	Critical
CVSS Score	9.1
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Date Reported	12/13/2020
Customer Notified Date	07/05/2021
Affected Chipsets*	APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9650, MSM8953, MSM8996AU, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA6164, QCA6174, QCA6174A, QCA6175A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9377, QCM2290, QCM4290, QCM6125, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QRB5165, SA415M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 636, SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD835, SD845, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR2 5G, SM6250, SM7250, SM7325, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=31fe5bb94f737ed98c41b5293d7e52485131ce32 https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ed4f5794e5652215dd817577b5064e3ad68c54d1 Note: Few devices may require changes in the propriety WLAN firmware component. For more information, device OEMs can contact QTI directly at htpps://www.qualcomm.com/support.

CVE-2020-11301

CVE ID	CVE-2020-11301
Title	Improper Authentication in WIGIG Host
Description	Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure
Technology Area	WIGIG
Vulnerability Type	CWE-287 Improper Authentication
Access Vector	Remote
Security Rating	Critical
CVSS Rating	Critical
CVSS Score	9.1
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Date Reported	12/13/2020
Customer Notified Date	07/05/2021
Affected Chipsets*	APQ8009, APQ8017, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR7420, AR8031, AR8035, AR9380, CSR6030, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8215, MDM9150, MDM9206, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9626, MDM9628, MDM9640, MDM9645, MDM9650, MDM9655, MSM8953, MSM8996AU, PMP8074, QCA4024, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6330, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA7500, QCA7520, QCA7550, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9896, QCA9898, QCA9980, QCA9982, QCA9984, QCA9985, QCA9986, QCA9987, QCA9988, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCN3018, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5500, QCN5502, QCN5550, QCN6023, QCN6024, QCN6122, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QFE1922, QFE1952, QRB5165, QSM8250, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD439, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM630, SDM830, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250, SM7325, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://source.codeaurora.org/quic/la/kernel/msm-5.4/commit/?id=c993cbae6e07d3e589221347d856b0cd52cb14ad https://source.codeaurora.org/quic/qsdk/oss/system/feeds/wlan-open/commit/?id=2ea9f988b9182a930fdaef1e40d61d49af21d0c8 https://source.codeaurora.org/quic/qsdk/oss/wigig-utils/commit/?id= Note: Few devices may require changes in the propriety WLAN firmware component. For more information, device OEMs can contact QTI directly at www.qualcomm.com/support.

CVE-2021-1972

CVE ID	CVE-2021-1972
Title	Buffer Copy Without Checking Size of Input in WLAN
Description	Possible buffer overflow due to improper validation of device types during P2P search
Technology Area	WLAN HOST
Vulnerability Type	CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector	Remote
Security Rating	Critical
CVSS Rating	Critical
CVSS Score	9.8
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	11/10/2020
Customer Notified Date	05/03/2021
Affected Chipsets*	APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR6003, AR7420, AR8031, AR8035, AR9380, CSR6030, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9206, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9615M, MDM9626, MDM9628, MDM9630, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996AU, PMP8074, QCA4020, QCA4024, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA7500, QCA7520, QCA7550, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9896, QCA9898, QCA9980, QCA9982, QCA9984, QCA9985, QCA9986, QCA9987, QCA9988, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCN3018, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5500, QCN5502, QCN5550, QCN6023, QCN6024, QCN6122, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCX315, QFE1922, QFE1952, QRB5165, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD835, SD845, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDM630, SDM830, SDW2500, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250, SM7325, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://source.codeaurora.org/quic/la/platform/external/wpa_supplicant_8/commit/?id=4f82a47c76b923fd3fd1e780bea9f7fbfd77d150

CVE-2021-1976

CVE ID	CVE-2021-1976
Title	Use After Free in WLAN
Description	A use after free can occur due to improper validation of P2P device address in PD Request frame
Technology Area	WLAN HOST
Vulnerability Type	CWE-416 Use After Free
Access Vector	Remote
Security Rating	Critical
CVSS Rating	Critical
CVSS Score	9.8
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	Internal
Customer Notified Date	05/03/2021
Affected Chipsets*	APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR7420, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9150, MDM9206, MDM9250, MDM9607, MDM9626, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996AU, PMP8074, QCA4024, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6426, QCA6428, QCA6430, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA7500, QCA7520, QCA7550, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9896, QCA9898, QCA9980, QCA9982, QCA9984, QCA9985, QCA9986, QCA9987, QCA9988, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCN3018, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5500, QCN5502, QCN5550, QCN6023, QCN6024, QCN6122, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCX315, QRB5165, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 455, SD 636, SD 675, SD205, SD210, SD429, SD439, SD450, SD460, SD480, SD632, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD835, SD845, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDM630, SDM830, SDW2500, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250, SM7325, WCD9330, WCD9340, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://source.codeaurora.org/quic/la/platform/external/wpa_supplicant_8/commit/?id=a45c1c6d0ea54375c470a5a2d44bc479d0d72e2d

CVE-2020-24587

CVE ID	CVE-2020-24587
Title	Reassembling fragments encrypted under different keys
Description	Allowing the reassembling of fragments encrypted under different keys can lead to information disclosure
Technology Area	WLAN HOST
Vulnerability Type	CWE-310 Cryptographic Issues
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	7.5
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Date Reported	12/13/2020
Customer Notified Date	07/05/2021
Affected Chipsets*	APQ8009, APQ8009W, APQ8016, APQ8017, APQ8037, APQ8052, APQ8053, APQ8056, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR6030, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8215, MDM9150, MDM9206, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9626, MDM9628, MDM9630, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8952, MSM8953, MSM8956, MSM8976, MSM8976SG, MSM8996AU, PM8937, PMP8074, QCA1062, QCA1064, QCA1990, QCA2062, QCA2064, QCA2065, QCA2066, QCA4020, QCA4024, QCA6164, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6390, QCA6391, QCA6420, QCA6426, QCA6428, QCA6430, QCA6436, QCA6438, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA7500, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9896, QCA9898, QCA9980, QCA9982, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5500, QCN5502, QCN5550, QCN6023, QCN6024, QCN6122, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QET4101, QRB5165, QSM8350, QSW8573, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 636, SD 675, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDM630, SDW2500, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250, SM7325, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=1788c57c745d2ea2e7aeecbdda0b218bf175e226 https://source.codeaurora.org/quic/le/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=061934a99aae0f3bbf1597be1476eae8bf13c33d https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=12d9da7670dc124d677bdc53dded7a2c4fa8c24d https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=817481b5e3f1ed7625337eb4ff9b6b9e94dde850 https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=606603fdfaef1337ff2f0332ca67e16c2d7625ec https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3d8313247de532a8ddbb499a4b19ff276bd8fbc7 https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=b9eedc9d3bda343a6fcac7e9eb72edead64d00d5 Note: Few devices may require changes in the propriety WLAN firmware component. For more information, device OEMs can contact QTI directly at www.qualcomm.com/support.

CVE-2020-24588

CVE ID	CVE-2020-24588
Title	Accepting non-SPP A-MSDU frames
Description	Improper validation of non-SPP A-MSDU frame can lead to arbitrary network packet injection
Technology Area	WLAN Firmware
Vulnerability Type	CWE-287 Improper Authentication
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	7.5
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Date Reported	12/13/2020
Customer Notified Date	07/05/2021
Affected Chipsets*	APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8076, APQ8092, APQ8094, APQ8096AU, AQT1000, AR7420, AR8031, AR8035, AR9380, AR9580, CSR6030, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8215, MDM9150, MDM9206, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9626, MDM9628, MDM9630, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8917, MSM8953, MSM8976, MSM8992, MSM8994, MSM8996AU, PMP8074, QCA0000, QCA1023, QCA1062, QCA1064, QCA1990, QCA2062, QCA2064, QCA2065, QCA2066, QCA4020, QCA4024, QCA4531, QCA6174, QCA6174A, QCA6175A, QCA6234, QCA6310, QCA6320, QCA6330, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA7500, QCA7520, QCA7550, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9378, QCA9378A, QCA9379, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9890, QCA9896, QCA9898, QCA9980, QCA9982, QCA9984, QCA9985, QCA9986, QCA9987, QCA9988, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCN3018, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5500, QCN5501, QCN5502, QCN5550, QCN6023, QCN6024, QCN6122, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCX315, QFE1922, QFE1952, QRB5165, QSM8250, QSM8350, QSW8573, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SC8280XP, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD480, SD632, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDM630, SDM830, SDW2500, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250, SM7325, WCD9306, WCD9330, WCD9340, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN3999, WCN6740, WCN6745, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://source.codeaurora.org/quic/la/kernel/msm-5.4/commit/?id=b2c81339a9c4041c03a9b3f023fbd50627d7b69a https://source.codeaurora.org/quic/qsdk/oss/wigig-utils/commit/?id=28ee8b8cd94976d19b27b1f7f62283ac190de47d https://source.codeaurora.org/quic/qsdk/oss/wigig-utils/commit/?id=47740835afcea2c564589dd708d69271f482cfb5 https://source.codeaurora.org/quic/le/kernel/msm-4.19/commit/?id=669896525ec2f1c0e0f7f644c65f4997cbc2398b https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=aed8f80bd041daa066d66e91ad34dc053227bf57 https://source.codeaurora.org/quic/le/platform/vendor/qcom-opensource/wlan/prima/commit/?id=92d43ef6f275d90c352cc73e6cc1eb1db9eda9c3 Note: Few devices may require changes in the propriety WLAN firmware component. For more information, device OEMs can contact QTI directly at www.qualcomm.com/support.

CVE-2020-26139

CVE ID	CVE-2020-26139
Title	Forwarding EAPOL frames even though the sender is not yet authenticated
Description	Improper authentication of STA client of EAPOL frames can lead to information disclosure.
Technology Area	WLAN Host Communication
Vulnerability Type	CWE-287 Improper Authentication
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	7.5
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Date Reported	12/13/2020
Customer Notified Date	07/05/2021
Affected Chipsets*	APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR7420, AR8031, AR8035, AR9380, AR9580, CSR6030, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8215, MDM9150, MDM9206, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9626, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996AU, PMP8074, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4020, QCA4024, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6330, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA7500, QCA7520, QCA7550, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9890, QCA9896, QCA9898, QCA9980, QCA9982, QCA9984, QCA9985, QCA9986, QCA9987, QCA9988, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCN3018, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5500, QCN5501, QCN5502, QCN5550, QCN6023, QCN6024, QCN6122, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCX315, QET4101, QFE1922, QFE1952, QRB5165, QSM8250, QSW8573, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 636, SD 675, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDM630, SDM830, SDW2500, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250, SM7325, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=8c4c0044cb8d511efe55d4401f487b50e0de04f4 https://source.codeaurora.org/quic/la/kernel/msm-5.4/commit/?id=c55f25ffb33f8f610ff7c94d9cd616806464211f https://source.codeaurora.org/quic/qsdk/oss/system/feeds/wlan-open/commit/?id=5e52f86eea3c4ce544a32325bbb4d318ea30e1a0 https://source.codeaurora.org/quic/qsdk/oss/wigig-utils/commit/?id=83469e967d8225a6b1903611145a767f77363d71 https://source.codeaurora.org/quic/le/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=4bafb0ab75e224b96dfc97d021a21ba4b0425b6f https://source.codeaurora.org/quic/le/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=09d426ddfd015b2fe02000bc55abb1f6c6952980 https://source.codeaurora.org/quic/le/platform/vendor/qcom-opensource/wlan/prima/commit/?id=61ae9720dc8a84bdc5466811369b67c17a20c92f https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=24a8352dd0b31d638ff4e254c31c395a0f339fd6 https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f0da752c4b30edb43f73002242c311fe7e2e6743 https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f21a2e0aa527badd36fa29d4967ae2eae23209f3 https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=71ca8fb995f1aebe07439a9805423fdd5c30584c https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=2e0c0010ed14d08018e002f62f62742311f76040 https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=6c720adf287350c6a14ff7ca085d72d9370bd4f7 https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=fb8e58901cffa4f1ad5c9f6d1064041760813f8f https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=4d9d43c405db53c715985259ea0ab2b401b1684b https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=b0d37772c733d6bbba389fde3990a394815d508d Note: Few devices may require changes in the propriety WLAN firmware component. For more information, device OEMs can contact QTI directly at www.qualcomm.com/support.

CVE-2020-26141

CVE ID	CVE-2020-26141
Title	Not verifying the TKIP MIC of fragmented frames
Description	Improper handling of host when device receives fragmented packets with MIC failure can lead to information disclosure
Technology Area	WLAN HOST
Vulnerability Type	CWE-310 Cryptographic Issues
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	7.5
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Date Reported	12/13/2020
Customer Notified Date	07/05/2021
Affected Chipsets*	APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9650, MSM8953, MSM8996AU, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCA9377, QCM2290, QCM4290, QCM6125, QCN7605, QCN7606, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCX315, QRB5165, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 636, SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDM830, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250, SM7325, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=7620843c0b2adb8222e09cd85699a88b68f32893 Note: Few devices may require changes in the propriety WLAN firmware component. For more information, device OEMs can contact QTI directly at www.qualcomm.com/support.

CVE-2020-26145

CVE ID	CVE-2020-26145
Title	Accepting plaintext broadcast fragments as full frames in an encrypted network
Description	Improper authentication of un-encrypted broadcast and multicast frame can lead to arbitrary network packet injection
Technology Area	WLAN HOST
Vulnerability Type	CWE-287 Improper Authentication
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	7.5
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Date Reported	12/13/2020
Customer Notified Date	07/05/2021
Affected Chipsets*	APQ8009, APQ8009W, APQ8016, APQ8017, APQ8037, APQ8052, APQ8053, APQ8056, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR7420, AR8031, AR8035, AR9380, CSR6030, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8215, MDM9150, MDM9206, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9626, MDM9628, MDM9630, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8952, MSM8953, MSM8956, MSM8976, MSM8976SG, MSM8996AU, PM8937, PMP8074, QCA1062, QCA1064, QCA1990, QCA2062, QCA2064, QCA2065, QCA2066, QCA4020, QCA4024, QCA6164, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6426, QCA6428, QCA6430, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA7500, QCA7520, QCA7550, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9896, QCA9898, QCA9980, QCA9982, QCA9984, QCA9985, QCA9986, QCA9987, QCA9988, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCN3018, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5500, QCN5502, QCN5550, QCN6023, QCN6024, QCN6122, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QET4101, QFE1922, QFE1952, QRB5165, QSW8573, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 636, SD 675, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDM630, SDM830, SDW2500, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250, SM7325, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f2f94c79478dbdc16c81432d59ae299493ee76a9 https://source.codeaurora.org/quic/le/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=7e81af5d22f4e5afbe9504d47d518621d13e121d https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=99d4698bc9bd177e4c4dd5ce45715d7ff8e91b09 Note: Few devices may require changes in the propriety WLAN firmware component. For more information, device OEMs can contact QTI directly at www.qualcomm.com/support.

CVE-2020-26146

CVE ID	CVE-2020-26146
Title	Reassembling encrypted fragments with non-consecutive packet numbers
Description	Lack of consecutive packet numbers check in fragments can lead to arbitrary network packet injection
Technology Area	WLAN HOST
Vulnerability Type	CWE-310 Cryptographic Issues
Access Vector	Remote
Security Rating	High
CVSS Rating	High
CVSS Score	7.5
CVSS String	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Date Reported	12/13/2020
Customer Notified Date	07/05/2021
Affected Chipsets*	APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR6003, AR7420, AR8031, AR8035, AR9380, CSR6030, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8215, MDM9150, MDM9206, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9626, MDM9628, MDM9630, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996AU, PMP8074, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA4020, QCA4024, QCA6164, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6426, QCA6428, QCA6430, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA7500, QCA7520, QCA7550, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9896, QCA9898, QCA9980, QCA9982, QCA9984, QCA9985, QCA9986, QCA9987, QCA9988, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCN3018, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5500, QCN5502, QCN5550, QCN6023, QCN6024, QCN6122, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QET4101, QFE1922, QFE1952, QRB5165, QSM8250, QSW8573, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 636, SD 675, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDM630, SDM830, SDW2500, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250, SM7325, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f12e0232736851e661f1d8da7a5f23defabe93ef https://source.codeaurora.org/quic/le/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=e442807f2465d5708c0e44c9435461c3a932acd0 https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=ef22bcb7a1b08de1a048dae1919795183943d6e0 Note: Few devices may require changes in the propriety WLAN firmware component. For more information, device OEMs can contact QTI directly at www.qualcomm.com/support.

CVE-2021-1939

CVE ID	CVE-2021-1939
Title	NULL Pointer Dereference in Graphics
Description	Null pointer dereference occurs due to improper validation when the preemption feature enablement is toggled
Technology Area	Graphics
Vulnerability Type	CWE-476 NULL Pointer Dereference
Access Vector	Local
Security Rating	High
CVSS Rating	High
CVSS Score	8.4
CVSS String	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	Internal
Customer Notified Date	05/03/2021
Affected Chipsets*	APQ8009, APQ8009W, APQ8017, APQ8053, AQT1000, MSM8909W, MSM8917, MSM8953, QCA4020, QCA6174A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA9377, QCA9379, QCS603, QCS605, QET4101, QSM8250, QSW8573, Qualcomm215, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD205, SD210, SD429, SD439, SD450, SD480, SD632, SD665, SD670, SD675, SD678, SD690 5G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD845, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDM830, SDX24, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM7250, SM7325, WCD9335, WCD9340, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=8f7797dcdc8457fb0fae528efd72bacf2090f380

CVE-2021-1947

CVE ID	CVE-2021-1947
Title	Use After Free in Graphics
Description	Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer
Technology Area	Graphics
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
CVSS Rating	High
CVSS Score	8.4
CVSS String	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	12/11/2020
Customer Notified Date	05/03/2021
Affected Chipsets*	APQ8009W, APQ8053, AR9380, IPQ8064, IPQ8065, IPQ8068, IPQ8069, MSM8909W, MSM8953, QCA6320, QCA6390, QCA6391, QCA6426, QCA8337, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9896, QCA9898, QCA9980, QCA9982, QCA9984, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCS2290, QCS4290, QCS6125, QET4101, QRB5165, QSW8573, SD429, SD460, SD660, SD662, SD665, SD690 5G, SD750G, SD765, SD765G, SD768G, SD855, SD865 5G, SD870, SDA429W, SDM429W, SDM830, SDX55, SDX55M, SM4125, SM7250, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6850, WCN6851, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://source.codeaurora.org/quic/le/kernel/msm-4.19/commit/?id=cb82ed90520b6801e6b0ec6bac6821cd347e3de7 https://source.codeaurora.org/quic/le/kernel/msm-4.19/commit/?id=70c13b73f1ea7a30a730ced48a59d366898677bc https://source.codeaurora.org/quic/le/kernel/msm-4.19/commit/?id=a637a43b7995cf905f1d0d059b418ee57e60aa67 https://source.codeaurora.org/quic/le/kernel/msm-4.19/commit/?id=851a03f61d90566e37408240b2f71ed34f8cc73a

CVE-2021-1978

CVE ID	CVE-2021-1978
Title	Use After Free in WLAN
Description	Possible use after free due to improper handling of scheduled QMI callbacks at the time of deinitialization
Technology Area	WLAN HOST
Vulnerability Type	CWE-416 Use After Free
Access Vector	Local
Security Rating	High
CVSS Rating	Medium
CVSS Score	6.8
CVSS String	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported	Internal
Customer Notified Date	05/03/2021
Affected Chipsets*	APQ8017, APQ8053, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, MSM8917, MSM8953, QCA6310, QCA6320, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA8337, QCM2290, QCM4290, QCM6125, QCS2290, QCS405, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCX315, Qualcomm215, SD 455, SD 636, SD 675, SD429, SD439, SD460, SD480, SD632, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD835, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM630, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250, SM7325, WCD9340, WCD9370, WCD9375, WCD9380, WCD9385, WCN3615, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3988, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://source.codeaurora.org/quic/la/platform/external/wpa_supplicant_8/commit?id=ddffe981e88146adf777ce64c1c2dac2e1dad05e

CVE-2021-1904

CVE ID	CVE-2021-1904
Title	Information Exposure in Kernel
Description	Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused
Technology Area	Graphics
Vulnerability Type	CWE-200 Information Exposure
Access Vector	Local
Security Rating	High
CVSS Rating	Medium
CVSS Score	6.2
CVSS String	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Date Reported	09/15/2020
Customer Notified Date	02/01/2021
Affected Chipsets*	APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR8031, AR8035, CSR6030, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9150, MDM9206, MDM9250, MDM9607, MDM9626, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996AU, QCA4020, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCA9367, QCA9377, QCA9379, QCM2290, QCM4290, QCM6125, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCX315, QET4101, QRB5165, QSM8250, QSW8573, Qualcomm215, SA415M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD835, SD845, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDM630, SDM830, SDW2500, SDX12, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250, SM7325, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**	https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=dc1189fa07e91885a5261435ad1f2fa60abde398 https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=842c19d464a9bd0f6f1a4bb353e95d1dc067abc7

CVE-2021-1928

CVE ID	CVE-2021-1928
Title	Buffer Over-read in Boot
Description	Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices
Technology Area	Boot
Vulnerability Type	CWE-126 Buffer Over-read
Access Vector	Local
Security Rating	Medium
CVSS Rating	Medium
CVSS Score	4.6
CVSS String	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported	09/08/2020
Customer Notified Date	02/01/2021
Affected Chipsets*	APQ8009, APQ8053, AR9380, CSR8811, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9206, PMP8074, QCA4024, QCA6310, QCA6320, QCA6335, QCA6428, QCA6438, QCA6694, QCA7500, QCA8072, QCA8075, QCA8081, QCA9367, QCA9377, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9896, QCA9898, QCA9980, QCA9982, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5500, QCN5502, QCN5550, QCN6023, QCN6024, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QFE1922, QFE1952, Qualcomm215, SD205, SD210, SDA429W, WCD9326, WCD9330, WCD9340, WCN3610, WCN3620, WCN3660B, WCN3680B, WCN3980, WSA8810, WSA8815
Patch**	https://source.codeaurora.org/quic/le/kernel/lk/commit/?id=183e867d1b648772b6e8cddcd140968f1f8d5ecd

* The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.

** Data is generated only at the time of bulletin creation

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

Consideration of security protections such as SELinux not enforced on some platforms
Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

Version History

Version	Date	Comments
1.0	August 2, 2021	Bulletin Published

All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.

This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.