December 2021 Security Bulletin

Version 1.0

Published: 12/06/2021

This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security vulnerabilities that have been addressed in QTI’s proprietary code and (ii) links to related code that has been contributed to Code Aurora Forum (CAF), a Linux Foundation Collaborative Project, to address security vulnerabilities for customers who incorporate Linux-based software from CAF into their devices..

Please reach out to [email protected] for any questions related to this bulletin.

Table of Contents

Announcements
Acknowledgements
Proprietary Software Issues
Open Source Software Issues
Industry Coordination
Version History

Announcements

None.

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2021-30351 Netanel Ben Simon and Slava Makkaveev of Check Point Software Technologies Ltd.
CVE-2021-30267, CVE-2021-30268, CVE-2021-30289 Peter Park (peterpark)
CVE-2021-30335, CVE-2021-30337 360 Alpha Lab
CVE-2021-30298 Bodong Zhao from Tsinghua University
CVE-2021-30348, CVE-2021-35093 Matheus Eduardo Garbelini

Proprietary Software Issues

The tables below summarize security vulnerabilities that were addressed through proprietary software

This table lists high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2021-30275 Critical Critical Core Internal
CVE-2021-30276 Critical Critical Core Internal
CVE-2021-30351 Critical Critical Audio 09/05/2021
CVE-2020-11263 High High Core Internal
CVE-2021-1894 High High QWES Internal
CVE-2021-1918 High Medium KERNEL Internal
CVE-2021-30267 High High RFA 01/13/2021
CVE-2021-30268 High High RFA 01/18/2021
CVE-2021-30269 High High KERNEL Internal
CVE-2021-30270 High High KERNEL Internal
CVE-2021-30271 High High KERNEL Internal
CVE-2021-30272 High High KERNEL Internal
CVE-2021-30273 High High Data Modem Internal
CVE-2021-30274 High High Core Internal
CVE-2021-30278 High High Core Internal
CVE-2021-30279 High High Core Internal
CVE-2021-30282 High High Core Internal
CVE-2021-30283 High High KERNEL Internal
CVE-2021-30289 High High MCS 03/01/2021
CVE-2021-30293 High High Modem Internal
CVE-2021-30303 High High WLAN HAL 02/13/2021
CVE-2021-30336 High High DSP Service Internal

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.  

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2021-30348 Medium Medium BT Controller 05/24/2021
CVE-2021-35093 Medium Medium Bluetooth 05/24/2021

CVE-2021-30275

CVE ID CVE-2021-30275
Title Integer Overflow or Wraparound in Core
Description Possible integer overflow in page alignment interface due to lack of address and size validation before alignment
Technology Area Core
Vulnerability Type CWE-190 Integer Overflow or Wraparound
Access Vector Local
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.3
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, MDM9150, MDM9205, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290, QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024, QCN9000, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD7c, SD850, SD865 5G, SD870, SD888 5G, SDX24, SDX55, SDX55M, SDX57M, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7325P, WCD9306, WCD9335, WCD9340, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835

CVE-2021-30276

CVE ID CVE-2021-30276
Title Improper Access Control in Core
Description Improper access control while doing XPU re-configuration dynamically can lead to unauthorized access to a secure resource
Technology Area Core
Vulnerability Type CWE-284 Improper Access Control
Access Vector Local
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.3
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA8337, QCA9984, QCM2290, QCM4290, QCM6490, QCS2290, QCS405, QCS4290, QCS6490, QCX315, QRB5165, QRB5165N, QSM8250, SD460, SD480, SD660, SD662, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD865 5G, SD870, SD888 5G, SDX55, SDX55M, SDX57M, SDXR2 5G, SM6225, SM6375, SM7250P, SM7325P, WCD9335, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835

CVE-2021-30351

CVE ID CVE-2021-30351
Title Buffer Copy Without Checking Size of Input in Audio
Description An out of bound memory access can occur due to improper validation of number of frames being passed during music playback
Technology Area Audio
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Remote
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.8
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 09/05/2021
Customer Notified Date 10/04/2021
Affected Chipsets* APQ8009, APQ8009W, APQ8017, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ4018, IPQ4028, IPQ4029, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078A, IPQ8173, IPQ8174, MDM9150, MDM9206, MDM9250, MDM9607, MDM9628, MSM8909W, MSM8996AU, QCA4024, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6428, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA7500, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6490, QCN5022, QCN5024, QCN5052, QCN5064, QCN5122, QCN5124, QCN5152, QCN5164, QCN5550, QCN9000, QCN9074, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QET4101, QRB5165, QRB5165N, QSM8250, QSW8573, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD205, SD210, SD429, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD845, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2020-11263

CVE ID CVE-2020-11263
Title Integer Overflow or Wraparound in Core
Description An integer overflow due to improper check performed after the address and size passed are aligned
Technology Area Core
Vulnerability Type CWE-190 Integer Overflow or Wraparound
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.3
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA8337, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCX315, QRB5165, QRB5165N, QSM8250, SD 675, SD460, SD480, SD662, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD865 5G, SD870, SDX55, SDX55M, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6850, WCN6851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-1894

CVE ID CVE-2021-1894
Title Permissions, Privileges and Access Controls in TrustZone
Description Improper access control in TrustZone due to improper error handling while handling the signing key
Technology Area QWES
Vulnerability Type CWE-264 Permissions, Privileges, and Access Controls
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.1
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9150, MDM9205, MDM9628, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCA9984, QCM2290, QCM4290, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCS6490, QCS8155, QCX315, QRB5165, QRB5165N, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8540P, SA9000P, SC8280XP, SD 675, SD 8CX, SD460, SD480, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD865 5G, SD870, SD888, SD888 5G, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9306, WCD9330, WCD9335, WCD9340, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3988, WCN3991, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835

CVE-2021-1918

CVE ID CVE-2021-1918
Title Information Exposure in Kernel
Description Improper handling of resource allocation in virtual machines can lead to information exposure
Technology Area KERNEL
Vulnerability Type CWE-200 Information Exposure
Access Vector Local
Security Rating High
CVSS Rating Medium
CVSS Score 6.5
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* QCA6391, QCM6490, QCS6490, QRB5165, QRB5165N, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD888 5G, SM7250P, SM7325P, WCD9370, WCD9375, WCD9380, WCD9385, WCN3988, WCN3991, WCN3998, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-30267

CVE ID CVE-2021-30267
Title Integer Overflow to Buffer Overflow in Modem
Description Possible integer overflow to buffer overflow due to improper input validation in FTM ARA commands
Technology Area RFA
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported 01/13/2021
Customer Notified Date 06/07/2021
Affected Chipsets* AQT1000, AR8035, CSRB31024, FSM10055, FSM10056, MDM9150, MDM9250, MDM9650, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCS410, QCS603, QCS605, QCS610, QCX315, SA415M, SA515M, SD 675, SD 8CX, SD480, SD660, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6250, SM6250P, SM6375, SM7250P, SM8450, SM8450P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-30268

CVE ID CVE-2021-30268
Title Buffer Copy Without Checking Size of Input in Modem
Description Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command
Technology Area RFA
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported 01/18/2021
Customer Notified Date 06/07/2021
Affected Chipsets* APQ8009W, APQ8017, APQ8096AU, AQT1000, AR6003, AR8035, CSRB31024, FSM10055, FSM10056, MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9205, MDM9206, MDM9207, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9615M, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCM2290, QCM4290, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QCX315, QET4101, QSW8573, Qualcomm215, SA415M, SA515M, SD 675, SD 8CX, SD205, SD210, SD429, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM8450, SM8450P, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-30269

CVE ID CVE-2021-30269
Title NULL Pointer Dereference in Kernel
Description Possible null pointer dereference due to lack of TLB validation for user provided address
Technology Area KERNEL
Vulnerability Type CWE-476 NULL Pointer Dereference
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.3
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9150, MDM9205, QCA2066, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290, QCM6490, QCN7605, QCN7606, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCS8155, QCX315, QRB5165, QRB5165N, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8540P, SA9000P, SC8280XP, SD 675, SD 8CX, SD460, SD480, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD865 5G, SD870, SD888, SD888 5G, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9306, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3988, WCN3991, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835

CVE-2021-30270

CVE ID CVE-2021-30270
Title NULL Pointer Dereference in Kernel
Description Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it
Technology Area KERNEL
Vulnerability Type CWE-476 NULL Pointer Dereference
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.3
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* APQ8009W, APQ8017, APQ8064AU, APQ8096AU, AR6003, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ8070, IPQ8070A, IPQ8071, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076A, IPQ8078, IPQ8078A, MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9205, MDM9206, MDM9207, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9615M, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA2066, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6428, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA8081, QCA9367, QCA9377, QCA9889, QCA9984, QCM2290, QCM4290, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, QSM8250, QSW8573, SA415M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8CX, SD205, SD210, SD429, SD460, SD480, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, WCD9306, WCD9330, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3910, WCN3950, WCN3988, WCN3991, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835

CVE-2021-30271

CVE ID CVE-2021-30271
Title NULL Pointer Dereference in Kernel
Description Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it
Technology Area KERNEL
Vulnerability Type CWE-476 NULL Pointer Dereference
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.3
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* APQ8009W, APQ8017, APQ8096AU, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ5010, IPQ5018, IPQ5028, IPQ6010, IPQ6018, IPQ6028, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA2062, QCA2064, QCA2065, QCA2066, QCA4004, QCA4024, QCA6174A, QCA6390, QCA6391, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9888, QCA9889, QCA9984, QCN5022, QCN5024, QCN5052, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6122, QCN6132, QCN7605, QCN7606, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCS405, QCS410, QCS603, QCS605, QCS610, QCX315, QSW8573, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 675, SD 8CX, SD205, SD210, SD429, SD460, SD480, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD850, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM8450, SM8450P, WCD9306, WCD9330, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3950, WCN3988, WCN3991, WCN3999, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835

CVE-2021-30272

CVE ID CVE-2021-30272
Title NULL Pointer Dereference in Kernel
Description Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input
Technology Area KERNEL
Vulnerability Type CWE-476 NULL Pointer Dereference
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.3
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* APQ8009W, APQ8017, APQ8096AU, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9607, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8996AU, PMP8074, QCA1062, QCA1064, QCA4004, QCA4024, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6428, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9888, QCA9889, QCA9984, QCM2290, QCM4290, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN6122, QCN6132, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, QSW8573, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 675, SD 8CX, SD205, SD210, SD429, SD460, SD480, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9306, WCD9330, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3910, WCN3950, WCN3988, WCN3991, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835

CVE-2021-30273

CVE ID CVE-2021-30273
Title Reachable Assertion in Data Modem
Description Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header
Technology Area Data Modem
Vulnerability Type CWE-617 Reachable Assertion
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* APQ8009W, APQ8096AU, AR6003, CSRB31024, MDM8207, MDM9205, MDM9206, MDM9207, MDM9215, MDM9250, MDM9607, MDM9615, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA4004, QCA6174A, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA9367, QCA9377, QCS410, QCS610, QET4101, QSW8573, SA415M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD 675, SD 8CX, SD205, SD210, SD429, SD665, SD675, SD678, SD720G, SD730, SDA429W, SDM429W, SDW2500, SDX20, SDX24, SM6250, SM6250P, WCD9306, WCD9330, WCD9335, WCD9340, WCD9370, WCD9375, WCD9380, WCN3610, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991

CVE-2021-30274

CVE ID CVE-2021-30274
Title Integer Overflow or Wraparound in Core
Description Possible integer overflow in access control initialization interface due to lack and size and address validation
Technology Area Core
Vulnerability Type CWE-190 Integer Overflow or Wraparound
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, MDM9150, MDM9205, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290, QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024, QCN9000, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD7c, SD865 5G, SD870, SD888 5G, SDX24, SDX55, SDX55M, SDX57M, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7325P, WCD9306, WCD9335, WCD9340, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835

CVE-2021-30278

CVE ID CVE-2021-30278
Title Improper Input Validation in Core
Description Improper input validation in TrustZone memory transfer interface can lead to information disclosure
Technology Area Core
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.1
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, MDM9150, MDM9205, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290, QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024, QCN9000, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD7c, SD850, SD865 5G, SD870, SD888 5G, SDX24, SDX55, SDX55M, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7325P, WCD9306, WCD9335, WCD9340, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835

CVE-2021-30279

CVE ID CVE-2021-30279
Title Improper Access Control in Core
Description Possible access control violation while setting current permission for VMIDs due to improper permission masking
Technology Area Core
Vulnerability Type CWE-284 Improper Access Control
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA8337, QCA9984, QCM2290, QCM4290, QCM6490, QCS2290, QCS405, QCS4290, QCS6490, QCX315, QRB5165, QRB5165N, QSM8250, SD460, SD480, SD660, SD662, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD865 5G, SD870, SD888 5G, SDX55, SDX55M, SDX57M, SDXR2 5G, SM6225, SM6375, SM7250P, SM7325P, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-30282

CVE ID CVE-2021-30282
Title Improper Validation of Array Index in Core
Description Possible out of bound write in RAM partition table due to improper validation on number of partitions provided
Technology Area Core
Vulnerability Type CWE-129 Improper Validation of Array Index
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, MDM9150, MDM9205, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290, QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024, QCN9000, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8CX, SD460, SD480, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD7c, SD865 5G, SD870, SD888 5G, SDX24, SDX55, SDX55M, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7325P, WCD9306, WCD9335, WCD9340, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3988, WCN3991, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835

CVE-2021-30283

CVE ID CVE-2021-30283
Title Detection of Error Condition Without Action in Kernel
Description Possible denial of service due to improper handling of debug register trap from user applications
Technology Area KERNEL
Vulnerability Type CWE-390 Detection of Error Condition Without Action
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.1
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* QCA6391, QCM6490, QCS6490, QRB5165, QRB5165N, SD778G, SD888 5G, SM7325P, WCD9370, WCD9375, WCD9380, WCD9385, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835

CVE-2021-30289

CVE ID CVE-2021-30289
Title Detection of Error Condition Without Action in Modem
Description Possible buffer overflow due to lack of range check while processing a DIAG command for COEX management
Technology Area MCS
Vulnerability Type CWE-390 Detection of Error Condition Without Action
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported 03/01/2021
Customer Notified Date 06/07/2021
Affected Chipsets* APQ8009W, APQ8017, APQ8096AU, AQT1000, CSRB31024, FSM10055, FSM10056, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA4004, QCA6174A, QCA6420, QCA6430, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA9367, QCA9377, QCM2290, QCM4290, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QET4101, QSW8573, Qualcomm215, SA415M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD 675, SD 8CX, SD205, SD210, SD429, SD460, SD660, SD662, SD665, SD675, SD678, SD720G, SD730, SD7c, SD845, SD850, SD855, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDXR1, SM6225, SM6250, SM6250P, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WSA8810, WSA8815

CVE-2021-30293

CVE ID CVE-2021-30293
Title Reachable Assertion in Modem
Description Possible assertion due to lack of input validation in PUSCH configuration
Technology Area Modem
Vulnerability Type CWE-617 Reachable Assertion
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 06/07/2021
Affected Chipsets* AR6003, AR8035, CSRB31024, FSM10055, MDM9215, MDM9607, MDM9615, MDM9628, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCS410, QCS603, QCS605, QCS610, QCX315, QRB5165, QRB5165N, QSM8250, SA415M, SD 675, SD205, SD210, SD480, SD675, SD678, SD690 5G, SD730, SD750G, SD765, SD765G, SD768G, SD865 5G, SD870, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6375, SM7250P, SM8450, SM8450P, WCD9340, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3950, WCN3988, WCN3991, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-30303

CVE ID CVE-2021-30303
Title Stack-based Buffer Overflow in WLAN
Description Possible buffer overflow due to lack of buffer length check when segmented WMI command is received
Technology Area WLAN HAL
Vulnerability Type CWE-121 Stack-based Buffer Overflow
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported 02/13/2021
Customer Notified Date 09/06/2021
Affected Chipsets* APQ8009, APQ8017, APQ8064AU, APQ8096AU, AQT1000, AR7420, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9206, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8996AU, PMP8074, QCA1023, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA4531, QCA6174A, QCA6175A, QCA6320, QCA6390, QCA6391, QCA6420, QCA6426, QCA6428, QCA6430, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA7500, QCA7520, QCA7550, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9896, QCA9898, QCA9980, QCA9984, QCA9985, QCA9986, QCA9987, QCA9988, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5501, QCN5502, QCN5550, QCN6023, QCN6024, QCN6122, QCN6132, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3660B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-30336

CVE ID CVE-2021-30336
Title Buffer Over-read in DSP Services
Description Possible out of bound read due to lack of domain input validation while processing APK close session request
Technology Area DSP Service
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 09/06/2021
Affected Chipsets* QCA6390, QCA6391, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCM2290, QCM4290, QCM6490, QCS2290, QCS4290, QCS6490, Qualcomm215, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD460, SD480, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDX55M, SDXR1, SM6225, SM6250, SM6375, SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3660B, WCN3910, WCN3950, WCN3988, WCN3991, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835

CVE-2021-30348

CVE ID CVE-2021-30348
Title Uncontrolled Resource Consumption in Bluetooth
Description Improper validation of LLM utility timers availability can lead to denial of service
Technology Area BT Controller
Vulnerability Type CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
Access Vector Remote
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.5
CVSS String CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported 05/24/2021
Customer Notified Date 10/04/2021
Affected Chipsets* APQ8009, APQ8017, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8996AU, QCA1062, QCA1064, QCA2062, QCA2064, QCA2065, QCA2066, QCA6174A, QCA6175A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCA9379, QCA9886, QCM2290, QCM4290, QCM6490, QCN7605, QCN7606, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3660B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-35093

CVE ID CVE-2021-35093
Title Memory Corruption in Bluetooth Controller Firmware
Description Possible memory corruption in BT controller when it receives an oversized LMP packet over 2-DH1 link and leads to denial of service
Technology Area Bluetooth
Vulnerability Type CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Remote
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.5
CVSS String CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported 05/24/2021
Customer Notified Date 12/06/2021
Affected Chipsets* CSR8510 A10, CSR8811 A12

*The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.  

Open Source Software Issues

The tables below summarize security vulnerabilities that were addressed through open source software

This table lists high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2021-30262 High High Data Network Stack & Connectivity 01/28/2021
CVE-2021-30335 High High DSP Service 05/27/2021
CVE-2021-30337 High High DSP Service 06/08/2021

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.  

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2021-30298 Medium Medium Core Services 01/07/2021

CVE-2021-30262

CVE ID CVE-2021-30262
Title Use After Free in Modem
Description Improper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory
Technology Area Data Network Stack & Connectivity
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 01/28/2021
Customer Notified Date 06/07/2021
Affected Chipsets* APQ8009W, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9150, MDM9640, MSM8909W, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8337, QCA9377, QCS405, QCS410, QCS603, QCS605, QCS610, QET4101, QRB5165, QRB5165N, QSM8250, QSW8573, Qualcomm215, SA415M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD205, SD210, SD429, SD460, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD845, SD855, SD865 5G, SD870, SDA429W, SDM429W, SDX24, SDX55, SDX55M, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM7250P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3660B, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6850, WCN6851, WSA8810, WSA8815, WSA8830, WSA8835
Patch**

CVE-2021-30335

CVE ID CVE-2021-30335
Title Reachable Assertion in DSP Services
Description Possible assertion in QOS request due to improper validation when multiple add or update request are received simultaneously
Technology Area DSP Service
Vulnerability Type CWE-617 Reachable Assertion
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 05/27/2021
Customer Notified Date 09/06/2021
Affected Chipsets* APQ8009W, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9150, MSM8909W, PMP8074, QCA4024, QCA6174A, QCA6390, QCA6391, QCA6428, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA7500, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN6122, QCN6132, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCX315, QET4101, QRB5165, QRB5165N, QSM8250, QSW8573, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD205, SD210, SD429, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD845, SD855, SD865 5G, SD870, SDA429W, SDM429W, SDX24, SDX55, SDXR1, SM6250, SM6250P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815, WSA8830, WSA8835
Patch**

CVE-2021-30337

CVE ID CVE-2021-30337
Title Use After Free in DSP Services
Description Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress
Technology Area DSP Service
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 06/08/2021
Customer Notified Date 09/06/2021
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9150, MDM9206, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8996AU, PMP8074, QCA4024, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6428, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA7500, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN6122, QCN6132, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QET4101, QRB5165, QRB5165N, QSM8250, QSW8573, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD205, SD210, SD429, SD460, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD845, SD855, SD865 5G, SD870, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM7250P, SM8450, SM8450P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**

CVE-2021-30298

CVE ID CVE-2021-30298
Title Buffer Copy Without Checking Size of Input in DIAG Services
Description Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface
Technology Area Core Services
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.7
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported 01/07/2021
Customer Notified Date 06/07/2021
Affected Chipsets* AR8031, AR8035, CSRA6620, CSRA6640, FSM10055, FSM10056, IPQ8072A, IPQ8074A, IPQ8076A, MDM9150, QCA6390, QCA6391, QCA6574AU, QCA6595AU, QCA6696, QCA8337, QCN9000, QCN9074, QCS405, QCS410, QCS610, QRB5165, QRB5165N, Qualcomm215, SA8155P, SD205, SD210, SD460, SD662, SD665, SD765, SD765G, SD768G, SD865 5G, SD870, SDA429W, SDX55, SDX55M, SM7250P, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WCN6850, WCN6851, WSA8810, WSA8815, WSA8830, WSA8835
Patch**

* The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.

** Data is generated only at the time of bulletin creation  

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

  • Consideration of security protections such as SELinux not enforced on some platforms
  • Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

Version History

Version Date Comments
1.0 December 6, 2021 Bulletin Published

All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.

This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.

Qualcomm Technologies, Inc.
5775 Morehouse Drive
San Diego, CA 92121
U.S.A.
© 2019 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.