Navigator

Close
2022 Security Bulletins
DecemberNovemberOctoberSeptemberAugustJulyJuneMayAprilMarchFebruaryJanuary

Legal notice

March 2022 Security Bulletin

Updated On: 04/27/2022

This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security issues that have been addressed in QTI’s proprietary code and (ii) links to publicly available code where security issues have been addressed.

Please reach out to [email protected] for any questions related to this bulletin.

Table of Contents

Announcements
Acknowledgements
Proprietary Software Issues
Open Source Software Issues
Industry Coordination

Announcements

None

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2021-30333,CVE-2021-30331 Peter Park (peterpark)
CVE-2021-35088 Gengjia Chen ( @chengjia4574 )
CVE-2021-35103,CVE-2021-35106,CVE-2021-35117 Gengjia Chen ( @chengjia4574 ) from IceSword Lab
CVE-2021-35105 Man Yue Mo of GitHub Security Lab
CVE-2021-30299 Hang Zhang,Zhiyun Qian from UC Riverside

Proprietary Software Issues

The tables below summarize security vulnerabilities that were addressed through proprietary software

This table lists high impact security vulnerabilities. Patches have been released for affected products.OEMs have been notified and strongly recommended to release patches on end devices.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2021-1942 Critical Critical Core Internal
CVE-2021-35089 Critical High Multimedia Internal
CVE-2021-35110 Critical High Boot Internal
CVE-2021-1950 High High Content Protection Internal
CVE-2021-30328 High High Modem Internal
CVE-2021-30329 High High Modem Internal
CVE-2021-30332 High High Modem Internal
CVE-2021-30333 High High Multi-Mode Call Processor 05/28/2021
CVE-2021-35115 High High Multimedia Internal

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2021-30331 Medium Medium Data Modem 05/09/2021

CVE-2021-1942

CVE ID CVE-2021-1942
Title Permissions, Privileges and Access Controls in Core
Description Improper handling of permissions of a shared memory region can lead to memory corruption
Technology Area Core
Vulnerability Type CWE-264 Permissions, Privileges, and Access Controls
Access Vector Local
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.3
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 2021/09/06
Affected Chipsets* AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, FSM10055, FSM10056, MDM9150, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8337, QCA9984, QCM2290, QCM4290, QCM6490, QCN9011, QCN9012, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, QSM8250, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8cx Gen2, SD 8cx Gen3, SD460, SD480, SD662, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD7c, SD855, SD865 5G, SD870, SD888 5G, SDX55, SDX55M, SDX57M, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7325P, SW5100, SW5100P, SXR2150P, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-35089

CVE ID CVE-2021-35089
Title Buffer Copy Without Checking Size of Input in Automotive Multimedia
Description Possible buffer overflow due to lack of input IB amount validation while processing the user command
Technology Area Multimedia
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating Critical
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 2021/12/06
Affected Chipsets* QCA6574AU, QCA6696, SA8155P

CVE-2021-35110

CVE ID CVE-2021-35110
Title Incorrect Type Conversion or Cast in Boot
Description Possible buffer overflow to improper validation of hash segment of file while allocating memory
Technology Area Boot
Vulnerability Type CWE-704 Incorrect Type Conversion or Cast
Access Vector Local
Security Rating Critical
CVSS Rating High
CVSS Score 8.1
CVSS String CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 2021/12/06
Affected Chipsets* SD 8 Gen1 5G, WCD9380, WCN6855, WCN6856, WSA8830, WSA8835

CVE-2021-1950

CVE ID CVE-2021-1950
Title Improper Access Control in Content Protection
Description Improper cleaning of secure memory between authenticated users can lead to face authentication bypass
Technology Area Content Protection
Vulnerability Type CWE-284 Improper Access Control
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 2021/09/06
Affected Chipsets* AR8035, CSR8811, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, QCA4024, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA9984, QCM2290, QCM4290, QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024, QCN9000, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCS2290, QCS405, QCS4290, QCS610, QCS6490, QSM8250, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8540P, SA9000P, SD460, SD480, SD662, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD865 5G, SD870, SD888 5G, SDX55, SDX55M, SDX57M, SDXR2 5G, SM6225, SM6375, SM7250P, SM7325P, SXR2150P, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-30328

CVE ID CVE-2021-30328
Title Reachable Assertion in Modem
Description Possible assertion due to improper validation of invalid NR CSI-IM resource configuration
Technology Area Modem
Vulnerability Type CWE-617 Reachable Assertion
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 2021/09/06
Affected Chipsets* AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCX315, SA515M, SD 8 Gen1 5G, SD480, SD690 5G, SD750G, SD765, SD765G, SD768G, SD865 5G, SD870, SD888, SDX55, SDX55M, SDX65, SDXR2 5G, SM6375, SM7250P, SM7315, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3988, WCN3991, WCN3998, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-30329

CVE ID CVE-2021-30329
Title Reachable Assertion in Modem
Description Possible assertion due to improper validation of TCI configuration
Technology Area Modem
Vulnerability Type CWE-617 Reachable Assertion
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 2021/09/06
Affected Chipsets* AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM6490, QCS6490, QCX315, SA515M, SD 8 Gen1 5G, SD480, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM6375, SM7250P, SM7315, SM7325P, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3988, WCN3991, WCN3998, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-30332

CVE ID CVE-2021-30332
Title Reachable Assertion in Modem
Description Possible assertion due to improper validation of OTA configuration
Technology Area Modem
Vulnerability Type CWE-617 Reachable Assertion
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 2021/09/06
Affected Chipsets* AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM6490, QCS6490, QCX315, SA515M, SD 8 Gen1 5G, SD480, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM6375, SM7250P, SM7315, SM7325P, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-30333

CVE ID CVE-2021-30333
Title Buffer Copy Without Checking Size of Input in Modem
Description Improper validation of buffer size input to the EFS file can lead to memory corruption
Technology Area Multi-Mode Call Processor
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported 2021/05/28
Customer Notified Date 2021/09/06
Affected Chipsets* APQ8009W, APQ8017, APQ8053, APQ8096AU, AQT1000, AR8035, CSRB31024, MDM8207, MDM9207, MDM9607, MDM9628, MDM9640, MSM8909W, MSM8953, MSM8996AU, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QCX315, QET4101, QSW8573, Qualcomm215, SA415M, SA515M, SD 675, SD 8 Gen1 5G, SD 8cx Gen2, SD205, SD210, SD429, SD439, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD7c, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2021-35115

CVE ID CVE-2021-35115
Title Use After Free in Automotive Multimedia
Description Improper handling of multiple session supported by PVM backend can lead to use after free
Technology Area Multimedia
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 2021/12/06
Affected Chipsets* APQ8096AU, AR6003, MDM8215, MDM8215M, MDM8615M, MDM9215, MDM9310, MDM9615, MDM9615M, MSM8996AU, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584AU, QCA6696, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SA8540P, SA9000P, SDX55, SDX55M, WCD9341

CVE-2021-30331

CVE ID CVE-2021-30331
Title Information Exposure in Data Modem
Description Possible buffer overflow due to improper data validation of external commands sent via DIAG interface
Technology Area Data Modem
Vulnerability Type CWE-200 Information Exposure
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 5.5
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Date Reported 2021/05/09
Customer Notified Date 2021/09/06
Affected Chipsets* AR8035, FSM10055, FSM10056, MDM9150, MDM9650, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA8081, QCA8337, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS410, QCS4290, QCS610, QCS6125, QCS6490, QCX315, SD 675, SD 8 Gen1 5G, SD460, SD480, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD865 5G, SD870, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7325P, SW5100, SW5100P, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835

*The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.

Open Source Software Issues

The tables below summarize security vulnerabilities that were addressed through open source software

This table lists high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2021-35088 High High WLAN Host Communication 07/29/2021
CVE-2021-35103 High High WLAN Host Communication 09/06/2021
CVE-2021-35105 High High Graphics 09/09/2021
CVE-2021-35106 High High WLAN HOST 09/07/2021
CVE-2021-35117 High High WLAN HOST 07/30/2021

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2021-30299 Medium Medium Audio 02/17/2021

CVE-2021-35088

CVE ID CVE-2021-35088
Title Buffer Over-read in WLAN
Description Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS
Technology Area WLAN Host Communication
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 8.2
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported 2021/07/29
Customer Notified Date 2021/11/01
Affected Chipsets* AQT1000, AR8035, AR9380, CSR8811, CSRB31024, FSM10055, FSM10056, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, PMP8074, QCA4024, QCA6175A, QCA6390, QCA6391, QCA6426, QCA6428, QCA6436, QCA6438, QCA6554A, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA7500, QCA8072, QCA8075, QCA8081, QCA8337, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS4290, QCS6125, QCS6490, QCX315, QRB5165, QRB5165M, QRB5165N, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8 Gen1 5G, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9326, WCD9335, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**

CVE-2021-35103

CVE ID CVE-2021-35103
Title Buffer Copy Without Checking Size of Input in WLAN
Description Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers
Technology Area WLAN Host Communication
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported 2021/09/06
Customer Notified Date 2021/12/06
Affected Chipsets* AR8035, AR9380, CSR8811, CSRB31024, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, PMP8074, QCA4024, QCA6390, QCA6391, QCA6426, QCA6436, QCA6554A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA7500, QCA8072, QCA8075, QCA8081, QCA8337, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN6023, QCN6024, QCN6100, QCN6102, QCN6112, QCN6122, QCN6132, QCN9000, QCN9011, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS6125, QCS6490, QRB5165, QRB5165M, QRB5165N, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 8 Gen1 5G, SD460, SD480, SD662, SD765, SD765G, SD768G, SD778G, SD780G, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR2 5G, SM6225, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**

CVE-2021-35105

CVE ID CVE-2021-35105
Title Incorrect Type Conversion or Cast in Graphics
Description Possible out of bounds access due to improper input validation during graphics profiling
Technology Area Graphics
Vulnerability Type CWE-704 Incorrect Type Conversion or Cast
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 2021/09/09
Customer Notified Date 2021/12/06
Affected Chipsets* APQ8009W, APQ8017, APQ8053, APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9150, MDM9206, MDM9250, MDM9607, MDM9628, MDM9650, MSM8909W, MSM8953, MSM8996AU, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCM2290, QCM4290, QCM6125, QCM6490, QCN9011, QCN9012, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QCS8155, QCX315, QET4101, QRB5165, QRB5165M, QRB5165N, QSM8250, QSW8573, Qualcomm215, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8 Gen1 5G, SD205, SD210, SD429, SD439, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**

CVE-2021-35106

CVE ID CVE-2021-35106
Title Buffer Over-read in WLAN Host
Description Possible out of bound read due to improper length calculation of WMI message.
Technology Area WLAN HOST
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported 2021/09/07
Customer Notified Date 2021/12/06
Affected Chipsets* AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, QCA6175A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6554A, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS405, QCS4290, QCS610, QCS6125, QCS6490, QRB5165, QRB5165M, QRB5165N, SA4150P, SA4155P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8 Gen1 5G, SD460, SD480, SD660, SD662, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6375, SM7250P, SM7315, SM7325P, SW5100, SW5100P, WCD9326, WCD9335, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**

CVE-2021-35117

CVE ID CVE-2021-35117
Title Buffer Over-read in WLAN Host
Description An Out of Bounds read may potentially occur while processing an IBSS beacon,
Technology Area WLAN HOST
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 8.2
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported 2021/07/30
Customer Notified Date 2021/12/06
Affected Chipsets* APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MSM8996AU, QCA6175A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6554A, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8081, QCA8337, QCM2290, QCM4290, QCM6125, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCS6125, QCX315, QRB5165, QRB5165M, QRB5165N, SA415M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD660, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM7250P, SM7315, SM7325P, WCD9326, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**

CVE-2021-30299

CVE ID CVE-2021-30299
Title Improper Input Validation in Audio
Description Possible out of bound access in audio module due to lack of validation of user provided input
Technology Area Audio
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.7
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported 2021/02/17
Customer Notified Date 2021/06/07
Affected Chipsets* APQ8096AU, AR8031, AR8035, CSRA6620, CSRA6640, MDM9150, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6696, QCA8337, QCM2290, QCM4290, QCM6125, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QCS6490, QRB5165, QRB5165M, QRB5165N, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD205, SD210, SD480, SD765, SD765G, SD768G, SD780G, SD865 5G, SD870, SD888 5G, SDA429W, SDX55, SDX55M, SDXR2 5G, SM6225, SM6375, SM7250P, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3660B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
Patch**

* The list of affected chipsets may not be complete. For latest information, device OEMs can contact QTI directly at www.qualcomm.com/support.

** Data is generated only at the time of bulletin creation

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

  • Consideration of security protections such as SELinux not enforced on some platforms
  • Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.

This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.

Qualcomm Technologies, Inc.

San Diego, CA 92121

U.S.A.

© 2022 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.