Lucene search

QualcommCVELIST:CVE-2021-35123

HistoryJun 14, 2022 - 10:11 a.m.

CVE-2021-35123

2022-06-1410:11:25

qualcomm

www.cve.org

cve-2021-35123

gatt multi notification

snapdragon connectivity

snapdragon industrial iot

improper length check

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

26.4%

JSON

Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon Industrial IOT

CNA Affected

[
  {
    "product": "Snapdragon Connectivity, Snapdragon Industrial IOT",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "AQT1000, QCA6390, QCA6391, SD 8 Gen1 5G, SD480, SD660, SD778G, SD780G, SD855, SD865 5G, SD870, SD888 5G, SDX55M, SM6375, SM7325P, WCD9335, WCD9370, WCD9375, WCD9380, WCD9385, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

26.4%

JSON

Related for CVELIST:CVE-2021-35123