Android Security Bulletin—April 2022

2022-04-04T00:00:00

Description

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2022-04-05 or later address all of these issues. To learn how to check a device's security patch level, see [Check and update your Android version](<https://support.google.com/pixelphone/answer/4457705>). Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP. The most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed. The [severity assessment](<https://source.android.com/security/overview/updates-resources.html#severity>) is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed. Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform. **Note**: Information on the latest over-the-air update (OTA) and firmware images for Google devices is available in the April 2022 Pixel Update Bulletin. ## Android and Google service mitigations This is a summary of the mitigations provided by the Android security platform and service protections such as [Google Play Protect](<https://developers.google.com/android/play-protect>). These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android. * Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible. * The Android security team actively monitors for abuse through [Google Play Protect](<https://developers.google.com/android/play-protect>) and warns users about [Potentially Harmful Applications](<https://developers.google.com/android/play-protect/potentially-harmful-applications>). Google Play Protect is enabled by default on devices with [Google Mobile Services](<http://www.android.com/gms>), and is especially important for users who install apps from outside of Google Play. ## 2022-04-01 security patch level vulnerability details In the sections below, we provide details for each of the security vulnerabilities that apply to the 2022-04-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as [Google Play system updates](<https://support.google.com/android/answer/7680439>). ### Framework The most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed. CVE | References | Type | Severity | Updated AOSP versions ---|---|---|---|--- CVE-2021-0694 | [A-183147114](<https://android.googlesource.com/platform/frameworks/base/+/5d30b701587920280c12210af22f3457b802da6e>) | EoP | High | 11 CVE-2021-39794 | [A-205836329](<https://android.googlesource.com/platform/frameworks/base/+/f2387994151fb5c22c9e645647945e1471fe8ac1>) | EoP | High | 11, 12, 12L CVE-2021-39796 | [A-205595291](<https://android.googlesource.com/platform/frameworks/base/+/e74a2a320bf896bc30618ce486203bafe453c469>) | EoP | High | 10, 11, 12, 12L CVE-2021-39797 | [A-209607104](<https://android.googlesource.com/platform/frameworks/base/+/c3ea2d31568121d012a0da7cbe8260f1304ca19f>) | EoP | High | 12, 12L CVE-2021-39798 | [A-213169612](<https://android.googlesource.com/platform/frameworks/base/+/18b5537c74e29f3420882c37f81e95bebdb54029>) | EoP | High | 12, 12L CVE-2021-39799 | [A-200288596](<https://android.googlesource.com/platform/frameworks/base/+/b716ef0497811c40f4908d657d3c9f99fa23595d>) | EoP | High | 12, 12L ### Media Framework The most severe vulnerability in this section could lead to remote information disclosure with no additional execution privileges needed. CVE | References | Type | Severity | Updated AOSP versions ---|---|---|---|--- CVE-2021-39803 | [A-193790350](<https://android.googlesource.com/platform/frameworks/av/+/4b93da988f02c652f3429661f9a9859fa1c1ea0a>) | ID | High | 10, 11, 12, 12L CVE-2021-39804 | [A-215002587](<https://android.googlesource.com/platform/frameworks/av/+/3942f55f1c8e36b0f9d4c5acf99b177476f96457>) | DoS | High | 11, 12, 12L ### System The most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed. CVE | References | Type | Severity | Updated AOSP versions ---|---|---|---|--- CVE-2021-39808 | [A-209966086](<https://android.googlesource.com/platform/frameworks/base/+/45b4a71f5cc366c338c1ceb217a602960fd31401>) | EoP | High | 10, 11, 12 CVE-2021-39805 | [A-212694559](<https://android.googlesource.com/platform/system/bt/+/1e38a411e70f7f9fa6b78e4e75479e818f20e401>) | ID | High | 12, 12L CVE-2021-39809 | [A-205837191](<https://android.googlesource.com/platform/system/bt/+/2ed08261136fe59edd04af2b186bf0413aea108f>) | ID | High | 10, 11, 12, 12L ### Google Play system updates The following issues are included in Project Mainline components. Component | CVE ---|--- MediaProvider | CVE-2021-39795 Media Codecs | CVE-2021-39803 ## 2022-04-05 security patch level vulnerability details In the sections below, we provide details for each of the security vulnerabilities that apply to the 2022-04-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. ### System The most severe vulnerability in this section could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. CVE | References | Type | Severity | Updated AOSP versions ---|---|---|---|--- CVE-2021-39807 | [A-209446496](<https://android.googlesource.com/platform/packages/apps/Settings/+/c59ecb07f5b16d38f3976ce393cc5c29a241963a>) | EoP | High | 10, 11, 12, 12L ### Kernel components The most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed. CVE | References | Type | Severity | Component ---|---|---|---|--- CVE-2021-0707 | A-155756045 [Upstream kernel](<https://android.googlesource.com/kernel/common/+/6e6c15288df8c4c6264f394ece251ef9f64b0e3f>) | EoP | High | dma-buf CVE-2021-39801 | A-209791720 [Upstream kernel](<https://android.googlesource.com/kernel/common/+/504e1d6ee65d5>) [[2](<https://android.googlesource.com/kernel/common/+/a8200613c8c9f>)] [[3](<https://android.googlesource.com/kernel/common/+/c47385c73fced>)] | EoP | High | ION CVE-2021-39802 | A-213339151 [Upstream kernel](<https://android.googlesource.com/kernel/common/+/ac4488815518c>) [[2](<https://android.googlesource.com/kernel/common/+/b44e46bb047d1>)] [[3](<https://android.googlesource.com/kernel/common/+/67d075d23a8bc>)] [[4](<https://android.googlesource.com/kernel/common/+/6f9aba5a20b84>)] | EoP | High | Memory Management CVE-2021-39800 | A-208277166 [Upstream kernel](<https://android.googlesource.com/kernel/common/+/504e1d6ee65d5>) [[2](<https://android.googlesource.com/kernel/common/+/a8200613c8c9f>)] [[3](<https://android.googlesource.com/kernel/common/+/c47385c73fced>)] | ID | High | ION ### MediaTek components These vulnerabilities affect MediaTek components and further details are available directly from MediaTek. The severity assessment of these issues is provided directly by MediaTek. CVE | References | Severity | Component ---|---|---|--- CVE-2022-20081 | A-218242055 M-ALPS06461919 * | High | A-GPS CVE-2021-25477 | A-220262213 M-MOLY00684727 * | High | Modem LTE RRC ### Qualcomm components These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm. CVE | References | Severity | Component ---|---|---|--- CVE-2021-35081 | A-213239834 [QC-CR#3028274](<https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=21597765ae914c49cd81d95c5999784628a71ae2>) | Critical | WLAN CVE-2021-35112 | A-201574693 [QC-CR#3049280](<https://source.codeaurora.org/quic/la/kernel/msm-5.4/commit/?id=0eb8808edcab5927f5fa679f3c729495c16451bd>) | Critical | Display CVE-2021-35123 | A-213239948 [QC-CR#3032290](<https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/system/bt/commit/?id=2ea716990f7978683deb30eb6b791205d1206c59>) | Critical | Bluetooth CVE-2021-30334 | A-213239835 [QC-CR#2963049](<https://source.codeaurora.org/quic/le/platform/vendor/opensource/display-drivers/commit/?id=3d8c6200be552fd63de67261d78e62a6eb8a689b>) [[2](<https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=ee1a1b1fef68b2199eb54a6347ac92fb530d0e88>)] [QC-CR#3052789](<https://source.codeaurora.org/quic/le/platform/vendor/opensource/display-drivers/commit/?id=070934308cd58693ee33f782facf69e5be0e0f02>) | High | Display CVE-2021-35091 | A-204905109 [QC-CR#3008877](<https://source.codeaurora.org/quic/la/kernel/msm-5.10/commit/?id=9ca200b6d0df44ba423a908dbda97cbf4c7bb10a>) | High | Display CVE-2021-35095 | A-204905206 [QC-CR#2996895](<https://source.codeaurora.org/quic/la/kernel/msm-5.10/commit/?id=81d6b86bd96e0b09e7e080b32345d7883dfdd7d0>) | High | Kernel CVE-2021-35130 | A-213240026 [QC-CR#3057133](<https://source.codeaurora.org/quic/la/kernel/msm-5.4/commit/?id=ade36fe56383e46ba8aebd794e7fb624c03c838e>) | High | Display ### Qualcomm closed-source components These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm. CVE | References | Severity | Component ---|---|---|--- CVE-2021-30339 | A-202025975 * | Critical | Closed-source component CVE-2021-30341 | A-202024969 * | Critical | Closed-source component CVE-2021-30342 | A-202025860 * | Critical | Closed-source component CVE-2021-30343 | A-202025978 * | Critical | Closed-source component CVE-2021-30347 | A-202025598 * | Critical | Closed-source component CVE-2021-35104 | A-213240044 * | Critical | Closed-source component CVE-2021-30281 | A-202025858 * | High | Closed-source component CVE-2021-30338 | A-202025859 * | High | Closed-source component CVE-2021-30340 | A-202025736 * | High | Closed-source component CVE-2021-30344 | A-192612963* | High | Closed-source component CVE-2021-30345 | A-202025737* | High | Closed-source component CVE-2021-30346 | A-202025862 * | High | Closed-source component CVE-2021-30349 | A-202025797 * | High | Closed-source component CVE-2021-30350 | A-202025979 * | High | Closed-source component CVE-2021-35070 | A-202025864 * | High | Closed-source component CVE-2021-35100 | A-213240046 * | High | Closed-source component ## Common questions and answers This section answers common questions that may occur after reading this bulletin. **1\. How do I determine if my device is updated to address these issues?** To learn how to check a device's security patch level, see [Check and update your Android version](<https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices>). * Security patch levels of 2022-04-01 or later address all issues associated with the 2022-04-01 security patch level. * Security patch levels of 2022-04-05 or later address all issues associated with the 2022-04-05 security patch level and all previous patch levels. Device manufacturers that include these updates should set the patch string level to: * [ro.build.version.security_patch]:[2022-04-01] * [ro.build.version.security_patch]:[2022-04-05] For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2022-04-01 security patch level. Please see [this article](<https://support.google.com/android/answer/7680439?hl=en>) for more details on how to install security updates. **2\. Why does this bulletin have two security patch levels?** This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level. * Devices that use the 2022-04-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins. * Devices that use the security patch level of 2022-04-05 or newer must include all applicable patches in this (and previous) security bulletins. Partners are encouraged to bundle the fixes for all issues they are addressing in a single update. **3\. What do the entries in the _Type_ column mean?** Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability. Abbreviation | Definition ---|--- RCE | Remote code execution EoP | Elevation of privilege ID | Information disclosure DoS | Denial of service N/A | Classification not available **4\. What do the entries in the _References_ column mean?** Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs. Prefix | Reference ---|--- A- | Android bug ID QC- | Qualcomm reference number M- | MediaTek reference number N- | NVIDIA reference number B- | Broadcom reference number U- | UNISOC reference number **5\. What does an * next to the Android bug ID in the _References_ column mean?** Issues that are not publicly available have an * next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the [Google Developer site](<https://developers.google.com/android/drivers>). **6\. Why are security vulnerabilities split between this bulletin and device/partner security bulletins, such as the Pixel bulletin?** Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device/partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as [Google](<https://source.android.com/security/bulletin/pixel>), [Huawei](<https://consumer.huawei.com/en/support/bulletin/>), [LGE](<https://lgsecurity.lge.com/security_updates_mobile.html>), [Motorola](<https://motorola-global-portal.custhelp.com/app/software-security-page/g_id/6806>), [Nokia](<https://www.nokia.com/phones/en_int/security-updates>), or [Samsung](<https://security.samsungmobile.com/securityUpdate.smsb>). ## Versions Version | Date | Notes ---|---|--- 1.0 | April 4, 2022 | Bulletin Published 1.1 | April 5, 2022 | Bulletin revised to include AOSP links 2.0 | July 18, 2022 | Revised CVE table

{"id": "ANDROID:2022-04-01", "vendorId": null, "type": "androidsecurity", "bulletinFamily": "software", "title": "Android Security Bulletin\u2014April 2022", "description": "The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2022-04-05 or later address all of these issues. To learn how to check a device's security patch level, see [Check and update your Android version](<https://support.google.com/pixelphone/answer/4457705>).\n\nAndroid partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP. \n\nThe most severe of these issues is a high security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed. The [severity assessment](<https://source.android.com/security/overview/updates-resources.html#severity>) is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed. \n\nRefer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.\n\n**Note**: Information on the latest over-the-air update (OTA) and firmware images for Google devices is available in the April 2022 Pixel Update Bulletin. \n\n## Android and Google service mitigations\n\nThis is a summary of the mitigations provided by the Android security platform and service protections such as [Google Play Protect](<https://developers.google.com/android/play-protect>). These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.\n\n * Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.\n * The Android security team actively monitors for abuse through [Google Play Protect](<https://developers.google.com/android/play-protect>) and warns users about [Potentially Harmful Applications](<https://developers.google.com/android/play-protect/potentially-harmful-applications>). Google Play Protect is enabled by default on devices with [Google Mobile Services](<http://www.android.com/gms>), and is especially important for users who install apps from outside of Google Play.\n\n## 2022-04-01 security patch level vulnerability details\n\nIn the sections below, we provide details for each of the security vulnerabilities that apply to the 2022-04-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as [Google Play system updates](<https://support.google.com/android/answer/7680439>). \n\n### Framework\n\nThe most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed. \n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2021-0694 | [A-183147114](<https://android.googlesource.com/platform/frameworks/base/+/5d30b701587920280c12210af22f3457b802da6e>) | EoP | High | 11 \nCVE-2021-39794 | [A-205836329](<https://android.googlesource.com/platform/frameworks/base/+/f2387994151fb5c22c9e645647945e1471fe8ac1>) | EoP | High | 11, 12, 12L \nCVE-2021-39796 | [A-205595291](<https://android.googlesource.com/platform/frameworks/base/+/e74a2a320bf896bc30618ce486203bafe453c469>) | EoP | High | 10, 11, 12, 12L \nCVE-2021-39797 | [A-209607104](<https://android.googlesource.com/platform/frameworks/base/+/c3ea2d31568121d012a0da7cbe8260f1304ca19f>) | EoP | High | 12, 12L \nCVE-2021-39798 | [A-213169612](<https://android.googlesource.com/platform/frameworks/base/+/18b5537c74e29f3420882c37f81e95bebdb54029>) | EoP | High | 12, 12L \nCVE-2021-39799 | [A-200288596](<https://android.googlesource.com/platform/frameworks/base/+/b716ef0497811c40f4908d657d3c9f99fa23595d>) | EoP | High | 12, 12L \n \n### Media Framework\n\nThe most severe vulnerability in this section could lead to remote information disclosure with no additional execution privileges needed. \n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2021-39803 | [A-193790350](<https://android.googlesource.com/platform/frameworks/av/+/4b93da988f02c652f3429661f9a9859fa1c1ea0a>) | ID | High | 10, 11, 12, 12L \nCVE-2021-39804 | [A-215002587](<https://android.googlesource.com/platform/frameworks/av/+/3942f55f1c8e36b0f9d4c5acf99b177476f96457>) | DoS | High | 11, 12, 12L \n \n### System\n\nThe most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed.\n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2021-39808 | [A-209966086](<https://android.googlesource.com/platform/frameworks/base/+/45b4a71f5cc366c338c1ceb217a602960fd31401>) | EoP | High | 10, 11, 12 \nCVE-2021-39805 | [A-212694559](<https://android.googlesource.com/platform/system/bt/+/1e38a411e70f7f9fa6b78e4e75479e818f20e401>) | ID | High | 12, 12L \nCVE-2021-39809 | [A-205837191](<https://android.googlesource.com/platform/system/bt/+/2ed08261136fe59edd04af2b186bf0413aea108f>) | ID | High | 10, 11, 12, 12L \n \n### Google Play system updates\n\nThe following issues are included in Project Mainline components.\n\nComponent | CVE \n---|--- \nMediaProvider | CVE-2021-39795 \nMedia Codecs | CVE-2021-39803 \n \n## 2022-04-05 security patch level vulnerability details\n\nIn the sections below, we provide details for each of the security vulnerabilities that apply to the 2022-04-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. \n\n### System\n\nThe most severe vulnerability in this section could lead to local escalation of privilege from the Guest account with no additional execution privileges needed.\n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2021-39807 | [A-209446496](<https://android.googlesource.com/platform/packages/apps/Settings/+/c59ecb07f5b16d38f3976ce393cc5c29a241963a>) | EoP | High | 10, 11, 12, 12L \n \n### Kernel components\n\nThe most severe vulnerability in this section could lead to local escalation of privilege with no additional execution privileges needed.\n\nCVE | References | Type | Severity | Component \n---|---|---|---|--- \nCVE-2021-0707 | A-155756045 [Upstream kernel](<https://android.googlesource.com/kernel/common/+/6e6c15288df8c4c6264f394ece251ef9f64b0e3f>) | EoP | High | dma-buf \nCVE-2021-39801 | A-209791720 [Upstream kernel](<https://android.googlesource.com/kernel/common/+/504e1d6ee65d5>) [[2](<https://android.googlesource.com/kernel/common/+/a8200613c8c9f>)] [[3](<https://android.googlesource.com/kernel/common/+/c47385c73fced>)] | EoP | High | ION \nCVE-2021-39802 | A-213339151 [Upstream kernel](<https://android.googlesource.com/kernel/common/+/ac4488815518c>) [[2](<https://android.googlesource.com/kernel/common/+/b44e46bb047d1>)] [[3](<https://android.googlesource.com/kernel/common/+/67d075d23a8bc>)] [[4](<https://android.googlesource.com/kernel/common/+/6f9aba5a20b84>)] | EoP | High | Memory Management \nCVE-2021-39800 | A-208277166 [Upstream kernel](<https://android.googlesource.com/kernel/common/+/504e1d6ee65d5>) [[2](<https://android.googlesource.com/kernel/common/+/a8200613c8c9f>)] [[3](<https://android.googlesource.com/kernel/common/+/c47385c73fced>)] | ID | High | ION \n \n### MediaTek components\n\nThese vulnerabilities affect MediaTek components and further details are available directly from MediaTek. The severity assessment of these issues is provided directly by MediaTek. \n\nCVE | References | Severity | Component \n---|---|---|--- \nCVE-2022-20081 | A-218242055 M-ALPS06461919 * | High | A-GPS \nCVE-2021-25477 | A-220262213 M-MOLY00684727 * | High | Modem LTE RRC \n \n### Qualcomm components\n\nThese vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm. \n\nCVE | References | Severity | Component \n---|---|---|--- \nCVE-2021-35081 | A-213239834 [QC-CR#3028274](<https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=21597765ae914c49cd81d95c5999784628a71ae2>) | Critical | WLAN \nCVE-2021-35112 | A-201574693 [QC-CR#3049280](<https://source.codeaurora.org/quic/la/kernel/msm-5.4/commit/?id=0eb8808edcab5927f5fa679f3c729495c16451bd>) | Critical | Display \nCVE-2021-35123 | A-213239948 [QC-CR#3032290](<https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/system/bt/commit/?id=2ea716990f7978683deb30eb6b791205d1206c59>) | Critical | Bluetooth \nCVE-2021-30334 | A-213239835 [QC-CR#2963049](<https://source.codeaurora.org/quic/le/platform/vendor/opensource/display-drivers/commit/?id=3d8c6200be552fd63de67261d78e62a6eb8a689b>) [[2](<https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=ee1a1b1fef68b2199eb54a6347ac92fb530d0e88>)] [QC-CR#3052789](<https://source.codeaurora.org/quic/le/platform/vendor/opensource/display-drivers/commit/?id=070934308cd58693ee33f782facf69e5be0e0f02>) | High | Display \nCVE-2021-35091 | A-204905109 [QC-CR#3008877](<https://source.codeaurora.org/quic/la/kernel/msm-5.10/commit/?id=9ca200b6d0df44ba423a908dbda97cbf4c7bb10a>) | High | Display \nCVE-2021-35095 | A-204905206 [QC-CR#2996895](<https://source.codeaurora.org/quic/la/kernel/msm-5.10/commit/?id=81d6b86bd96e0b09e7e080b32345d7883dfdd7d0>) | High | Kernel \nCVE-2021-35130 | A-213240026 [QC-CR#3057133](<https://source.codeaurora.org/quic/la/kernel/msm-5.4/commit/?id=ade36fe56383e46ba8aebd794e7fb624c03c838e>) | High | Display \n \n### Qualcomm closed-source components\n\nThese vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm. \n\nCVE | References | Severity | Component \n---|---|---|--- \nCVE-2021-30339 | A-202025975 * | Critical | Closed-source component \nCVE-2021-30341 | A-202024969 * | Critical | Closed-source component \nCVE-2021-30342 | A-202025860 * | Critical | Closed-source component \nCVE-2021-30343 | A-202025978 * | Critical | Closed-source component \nCVE-2021-30347 | A-202025598 * | Critical | Closed-source component \nCVE-2021-35104 | A-213240044 * | Critical | Closed-source component \nCVE-2021-30281 | A-202025858 * | High | Closed-source component \nCVE-2021-30338 | A-202025859 * | High | Closed-source component \nCVE-2021-30340 | A-202025736 * | High | Closed-source component \nCVE-2021-30344 | A-192612963* | High | Closed-source component \nCVE-2021-30345 | A-202025737* | High | Closed-source component \nCVE-2021-30346 | A-202025862 * | High | Closed-source component \nCVE-2021-30349 | A-202025797 * | High | Closed-source component \nCVE-2021-30350 | A-202025979 * | High | Closed-source component \nCVE-2021-35070 | A-202025864 * | High | Closed-source component \nCVE-2021-35100 | A-213240046 * | High | Closed-source component \n \n## Common questions and answers\n\nThis section answers common questions that may occur after reading this bulletin.\n\n**1\\. How do I determine if my device is updated to address these issues?**\n\nTo learn how to check a device's security patch level, see [Check and update your Android version](<https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices>).\n\n * Security patch levels of 2022-04-01 or later address all issues associated with the 2022-04-01 security patch level.\n * Security patch levels of 2022-04-05 or later address all issues associated with the 2022-04-05 security patch level and all previous patch levels.\n\nDevice manufacturers that include these updates should set the patch string level to:\n\n * [ro.build.version.security_patch]:[2022-04-01]\n * [ro.build.version.security_patch]:[2022-04-05]\n\nFor some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2022-04-01 security patch level. Please see [this article](<https://support.google.com/android/answer/7680439?hl=en>) for more details on how to install security updates.\n\n**2\\. Why does this bulletin have two security patch levels?**\n\nThis bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.\n\n * Devices that use the 2022-04-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.\n * Devices that use the security patch level of 2022-04-05 or newer must include all applicable patches in this (and previous) security bulletins.\n\nPartners are encouraged to bundle the fixes for all issues they are addressing in a single update.\n\n**3\\. What do the entries in the _Type_ column mean?**\n\nEntries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.\n\nAbbreviation | Definition \n---|--- \nRCE | Remote code execution \nEoP | Elevation of privilege \nID | Information disclosure \nDoS | Denial of service \nN/A | Classification not available \n \n**4\\. What do the entries in the _References_ column mean?**\n\nEntries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.\n\nPrefix | Reference \n---|--- \nA- | Android bug ID \nQC- | Qualcomm reference number \nM- | MediaTek reference number \nN- | NVIDIA reference number \nB- | Broadcom reference number \nU- | UNISOC reference number \n \n**5\\. What does an * next to the Android bug ID in the _References_ column mean?**\n\nIssues that are not publicly available have an * next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the [Google Developer site](<https://developers.google.com/android/drivers>). \n\n**6\\. Why are security vulnerabilities split between this bulletin and device/partner security bulletins, such as the Pixel bulletin?**\n\nSecurity vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device/partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as [Google](<https://source.android.com/security/bulletin/pixel>), [Huawei](<https://consumer.huawei.com/en/support/bulletin/>), [LGE](<https://lgsecurity.lge.com/security_updates_mobile.html>), [Motorola](<https://motorola-global-portal.custhelp.com/app/software-security-page/g_id/6806>), [Nokia](<https://www.nokia.com/phones/en_int/security-updates>), or [Samsung](<https://security.samsungmobile.com/securityUpdate.smsb>).\n\n## Versions\n\nVersion | Date | Notes \n---|---|--- \n1.0 | April 4, 2022 | Bulletin Published \n1.1 | April 5, 2022 | Bulletin revised to include AOSP links \n2.0 | July 18, 2022 | Revised CVE table\n", "published": "2022-04-04T00:00:00", "modified": "2022-04-05T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://source.android.com/security/bulletin/2022-04-01", "reporter": "Android Open Source Project", "references": [], "cvelist": ["CVE-2021-0694", "CVE-2021-0707", "CVE-2021-25477", "CVE-2021-30281", "CVE-2021-30334", "CVE-2021-30338", "CVE-2021-30339", "CVE-2021-30340", "CVE-2021-30341", "CVE-2021-30342", "CVE-2021-30343", "CVE-2021-30344", "CVE-2021-30345", "CVE-2021-30346", "CVE-2021-30347", "CVE-2021-30349", "CVE-2021-30350", "CVE-2021-35070", "CVE-2021-35081", "CVE-2021-35091", "CVE-2021-35095", "CVE-2021-35100", "CVE-2021-35104", "CVE-2021-35112", "CVE-2021-35123", "CVE-2021-35130", "CVE-2021-39794", "CVE-2021-39795", "CVE-2021-39796", "CVE-2021-39797", "CVE-2021-39798", "CVE-2021-39799", "CVE-2021-39800", "CVE-2021-39801", "CVE-2021-39802", "CVE-2021-39803", "CVE-2021-39804", "CVE-2021-39805", "CVE-2021-39807", "CVE-2021-39808", "CVE-2021-39809", "CVE-2022-20081"], "immutableFields": [], "lastseen": "2022-07-22T17:44:17", "viewCount": 62, "enchantments": {"score": {"value": 1.6, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-0694", "CVE-2021-0707", "CVE-2021-25477", "CVE-2021-30281", "CVE-2021-30334", "CVE-2021-30338", "CVE-2021-30339", "CVE-2021-30340", "CVE-2021-30341", "CVE-2021-30342", "CVE-2021-30343", "CVE-2021-30344", "CVE-2021-30345", "CVE-2021-30346", "CVE-2021-30347", "CVE-2021-30349", "CVE-2021-30350", "CVE-2021-35070", "CVE-2021-35081", "CVE-2021-35091", "CVE-2021-35095", "CVE-2021-35100", "CVE-2021-35104", "CVE-2021-35112", "CVE-2021-35123", "CVE-2021-35130", "CVE-2021-39794", "CVE-2021-39795", "CVE-2021-39796", "CVE-2021-39797", "CVE-2021-39798", "CVE-2021-39799", "CVE-2021-39800", "CVE-2021-39801", "CVE-2021-39802", "CVE-2021-39803", "CVE-2021-39804", "CVE-2021-39805", "CVE-2021-39807", "CVE-2021-39808", "CVE-2021-39809", "CVE-2022-20081"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-0707", "DEBIANCVE:CVE-2021-39796", "DEBIANCVE:CVE-2021-39800", "DEBIANCVE:CVE-2021-39801", "DEBIANCVE:CVE-2021-39802"]}, {"type": "nessus", "idList": ["SUSE_SU-2022-1669-1.NASL", "SUSE_SU-2022-1676-1.NASL", "SUSE_SU-2022-1687-1.NASL"]}, {"type": "suse", "idList": ["SUSE-SU-2022:1676-1", "SUSE-SU-2022:1687-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-0707", "UB:CVE-2021-39796", "UB:CVE-2021-39800", "UB:CVE-2021-39801", "UB:CVE-2021-39802"]}]}, "vulnersScore": 1.6}, "_state": {"score": 1659972467, "dependencies": 1660004461}, "_internal": {"score_hash": "5be89d1dfc53269c66253a11c4370be1"}, "affectedSoftware": []}

{"cve": [{"lastseen": "2022-06-07T23:01:47", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: Pulled from Android ASB#2022-04 publication (https://source.android.com/security/bulletin/2022-04-01) due to a functional regression. We will re-release this CVE at a future date, in a future publication that is currently TBD", "cvss3": {}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39795", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-39795"], "modified": "2022-06-07T20:15:00", "cpe": [], "id": "CVE-2021-39795", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39795", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2022-06-24T05:44:52", "description": "Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-30340", "cwe": ["CWE-617"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30340"], "modified": "2022-06-24T00:26:00", "cpe": ["cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:wcd9341_firmware:-", "cpe:/o:qualcomm:sa515m_firmware:-", "cpe:/o:qualcomm:wcd9360_firmware:-", "cpe:/o:qualcomm:wsa8810_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:sd768g_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:sd690_5g_firmware:-", "cpe:/o:qualcomm:sd765g_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:qca6436_firmware:-", "cpe:/o:qualcomm:sd_8_gen1_5g_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:qcx315_firmware:-", "cpe:/o:qualcomm:sdx55_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:sm7250p_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:wsa8815_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:sd750g_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:qca6426_firmware:-", "cpe:/o:qualcomm:sdxr2_5g_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:sd765_firmware:-", "cpe:/o:qualcomm:sdx65_firmware:-"], "id": "CVE-2021-30340", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30340", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-18T20:43:58", "description": "In Bitmap_createFromParcel of Bitmap.cpp, there is a possible arbitrary code execution due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213169612", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39798", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39798"], "modified": "2022-04-18T18:56:00", "cpe": ["cpe:/o:google:android:12.1", "cpe:/o:google:android:12.0"], "id": "CVE-2021-39798", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39798", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-18T20:43:59", "description": "In several functions of of LauncherApps.java, there is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-209607104", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39797", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39797"], "modified": "2022-04-18T18:57:00", "cpe": ["cpe:/o:google:android:12.1", "cpe:/o:google:android:12.0"], "id": "CVE-2021-39797", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39797", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-23T05:43:21", "description": "RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-30345", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30345"], "modified": "2022-06-23T01:31:00", "cpe": ["cpe:/o:qualcomm:qca9984_firmware:-", "cpe:/o:qualcomm:qcs2290_firmware:-", "cpe:/o:qualcomm:wcn3999_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:qcs405_firmware:-", "cpe:/o:qualcomm:sd680_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:qcm2290_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:wcn3980_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:qcs4290_firmware:-", "cpe:/o:qualcomm:wsa8810_firmware:-", "cpe:/o:qualcomm:wsa8815_firmware:-", "cpe:/o:qualcomm:sd460_firmware:-", "cpe:/o:qualcomm:sd662_firmware:-", "cpe:/o:qualcomm:sw5100p_firmware:-", "cpe:/o:qualcomm:sw5100_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:qcm4290_firmware:-"], "id": "CVE-2021-30345", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30345", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9984_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-23T05:43:26", "description": "RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-30346", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30346"], "modified": "2022-06-23T01:28:00", "cpe": ["cpe:/o:qualcomm:qca9984_firmware:-", "cpe:/o:qualcomm:qcs2290_firmware:-", "cpe:/o:qualcomm:wcn3999_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:qcs405_firmware:-", "cpe:/o:qualcomm:sd680_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:qcm2290_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:wcn3980_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:qcs4290_firmware:-", "cpe:/o:qualcomm:wsa8810_firmware:-", "cpe:/o:qualcomm:wsa8815_firmware:-", "cpe:/o:qualcomm:sd460_firmware:-", "cpe:/o:qualcomm:sd662_firmware:-", "cpe:/o:qualcomm:sw5100p_firmware:-", "cpe:/o:qualcomm:sw5100_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:qcm4290_firmware:-"], "id": "CVE-2021-30346", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30346", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9984_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-23T22:52:03", "description": "Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-30343", "cwe": ["CWE-367"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30343"], "modified": "2022-06-23T21:00:00", "cpe": ["cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:sd750g_firmware:-", "cpe:/o:qualcomm:sd768g_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:wsa8815_firmware:-", "cpe:/o:qualcomm:sd720g_firmware:-", "cpe:/o:qualcomm:sm6250_firmware:-", "cpe:/o:qualcomm:sdx65_firmware:-", "cpe:/o:qualcomm:sm7315_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:sd730_firmware:-", "cpe:/o:qualcomm:sd678_firmware:-", "cpe:/o:qualcomm:sd690_5g_firmware:-", "cpe:/o:qualcomm:sd_8_gen1_5g_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-", "cpe:/o:qualcomm:sd765g_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:sd888_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:sdxr2_5g_firmware:-", "cpe:/o:qualcomm:sm6250p_firmware:-", "cpe:/o:qualcomm:qcx315_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:sm7250p_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:wcd9360_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:sdx55_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:sd675_firmware:-", "cpe:/o:qualcomm:sa515m_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:wsa8810_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:wcn3980_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:qca6426_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:wcd9341_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:sd765_firmware:-", "cpe:/o:qualcomm:sd_675_firmware:-", "cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:qca6436_firmware:-"], "id": "CVE-2021-30343", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30343", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-22T22:24:34", "description": "Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-30347", "cwe": ["CWE-367"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30347"], "modified": "2022-06-22T21:46:00", "cpe": ["cpe:/o:qualcomm:sd750g_firmware:-", "cpe:/o:qualcomm:wcn3980_firmware:-", "cpe:/o:qualcomm:sm6250p_firmware:-", "cpe:/o:qualcomm:wcd9341_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:sm7315_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:sa515m_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:qcx315_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:sd_8_gen1_5g_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:qca6436_firmware:-", "cpe:/o:qualcomm:sd888_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:wsa8815_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:sd765_firmware:-", "cpe:/o:qualcomm:sdxr2_5g_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:wcd9360_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:qca6426_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:sdx65_firmware:-", "cpe:/o:qualcomm:sd690_5g_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:sm7250p_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:sdx55_firmware:-", "cpe:/o:qualcomm:sd_675_firmware:-", "cpe:/o:qualcomm:sd678_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:sd768g_firmware:-", "cpe:/o:qualcomm:sd720g_firmware:-", "cpe:/o:qualcomm:wsa8810_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:sd730_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:sd765g_firmware:-", "cpe:/o:qualcomm:sm6250_firmware:-", "cpe:/o:qualcomm:sd675_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-"], "id": "CVE-2021-30347", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30347", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-20T16:21:55", "description": "In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212694559", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39805", "cwe": ["CWE-668"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39805"], "modified": "2022-04-20T14:53:00", "cpe": ["cpe:/o:google:android:12.1", "cpe:/o:google:android:12.0"], "id": "CVE-2021-39805", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39805", "cvss": {"score": 3.3, "vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-07-13T17:15:15", "description": "In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-193790350", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39803", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39803"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:google:android:11.0", "cpe:/o:google:android:12.0", "cpe:/o:google:android:10.0", "cpe:/o:google:android:12.1"], "id": "CVE-2021-39803", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39803", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-23T05:43:29", "description": "Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-30344", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30344"], "modified": "2022-06-23T01:37:00", "cpe": ["cpe:/o:qualcomm:sd_8_gen1_5g_firmware:-", "cpe:/o:qualcomm:sd210_firmware:-", "cpe:/o:qualcomm:qcs2290_firmware:-", "cpe:/o:qualcomm:qca6174a_firmware:-", "cpe:/o:qualcomm:mdm9640_firmware:-", "cpe:/o:qualcomm:mdm9215_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:qcs410_firmware:-", "cpe:/o:qualcomm:sda429w_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:sd690_5g_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:wcd9335_firmware:-", "cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:apq8009w_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:mdm9206_firmware:-", "cpe:/o:qualcomm:sd765_firmware:-", "cpe:/o:qualcomm:mdm9207_firmware:-", "cpe:/o:qualcomm:sd665_firmware:-", "cpe:/o:qualcomm:qca6564au_firmware:-", "cpe:/o:qualcomm:qca9377_firmware:-", "cpe:/o:qualcomm:sdx20_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:mdm9628_firmware:-", "cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:sa515m_firmware:-", "cpe:/o:qualcomm:sdx24_firmware:-", "cpe:/o:qualcomm:wsa8815_firmware:-", "cpe:/o:qualcomm:apq8017_firmware:-", "cpe:/o:qualcomm:csrb31024_firmware:-", "cpe:/o:qualcomm:sd_8cx_gen2_firmware:-", "cpe:/o:qualcomm:msm8909w_firmware:-", "cpe:/o:qualcomm:aqt1000_firmware:-", "cpe:/o:qualcomm:sdxr2_5g_firmware:-", "cpe:/o:qualcomm:sd460_firmware:-", "cpe:/o:qualcomm:sdw2500_firmware:-", "cpe:/o:qualcomm:wcn3680b_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:qcm4290_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:sd768g_firmware:-", "cpe:/o:qualcomm:sd680_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:wcn3990_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:qca6584_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:mdm9615_firmware:-", "cpe:/o:qualcomm:qcm6125_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:sd855_firmware:-", "cpe:/o:qualcomm:sdx65_firmware:-", "cpe:/o:qualcomm:mdm9150_firmware:-", "cpe:/o:qualcomm:ar6003_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:qca6436_firmware:-", "cpe:/o:qualcomm:sa415m_firmware:-", "cpe:/o:qualcomm:qcs610_firmware:-", "cpe:/o:qualcomm:mdm9650_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:mdm9250_firmware:-", "cpe:/o:qualcomm:qcs6125_firmware:-", "cpe:/o:qualcomm:sw5100p_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:wcd9341_firmware:-", "cpe:/o:qualcomm:qca6430_firmware:-", "cpe:/o:qualcomm:wcn3615_firmware:-", "cpe:/o:qualcomm:sd765g_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:wcd9326_firmware:-", "cpe:/o:qualcomm:sd678_firmware:-", "cpe:/o:qualcomm:qcx315_firmware:-", "cpe:/o:qualcomm:sd205_firmware:-", "cpe:/o:qualcomm:apq8053_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:sdm429w_firmware:-", "cpe:/o:qualcomm:sm6250_firmware:-", "cpe:/o:qualcomm:qca6574_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:qcm2290_firmware:-", "cpe:/o:qualcomm:mdm9607_firmware:-", "cpe:/o:qualcomm:msm8953_firmware:-", "cpe:/o:qualcomm:sm6250p_firmware:-", "cpe:/o:qualcomm:mdm9625_firmware:-", "cpe:/o:qualcomm:qet4101_firmware:-", "cpe:/o:qualcomm:sd888_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:wcn3980_firmware:-", "cpe:/o:qualcomm:sd720g_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:qca6426_firmware:-", "cpe:/o:qualcomm:qca9367_firmware:-", "cpe:/o:qualcomm:sd439_firmware:-", "cpe:/o:qualcomm:qcs4290_firmware:-", "cpe:/o:qualcomm:wsa8810_firmware:-", "cpe:/o:qualcomm:qca6420_firmware:-", "cpe:/o:qualcomm:wcd9306_firmware:-", "cpe:/o:qualcomm:sdx55_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-", "cpe:/o:qualcomm:wcn3610_firmware:-", "cpe:/o:qualcomm:mdm9205_firmware:-", "cpe:/o:qualcomm:sw5100_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:sm7315_firmware:-", "cpe:/o:qualcomm:mdm9645_firmware:-", "cpe:/o:qualcomm:sm7250p_firmware:-", "cpe:/o:qualcomm:mdm9635m_firmware:-", "cpe:/o:qualcomm:qca6564a_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:qca4004_firmware:-", "cpe:/o:qualcomm:wcd9360_firmware:-", "cpe:/o:qualcomm:qsw8573_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:wcn3660b_firmware:-", "cpe:/o:qualcomm:sd429_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:sd675_firmware:-", "cpe:/o:qualcomm:apq8096au_firmware:-", "cpe:/o:qualcomm:wcd9340_firmware:-", "cpe:/o:qualcomm:sd_675_firmware:-", "cpe:/o:qualcomm:sd850_firmware:-", "cpe:/o:qualcomm:msm8996au_firmware:-", "cpe:/o:qualcomm:wcn3620_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:qualcomm215_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:mdm8207_firmware:-", "cpe:/o:qualcomm:qca6584au_firmware:-", "cpe:/o:qualcomm:sdx12_firmware:-", "cpe:/o:qualcomm:sdxr1_firmware:-", "cpe:/o:qualcomm:mdm9655_firmware:-", "cpe:/o:qualcomm:sd730_firmware:-", "cpe:/o:qualcomm:sd662_firmware:-", "cpe:/o:qualcomm:sd7c_firmware:-", "cpe:/o:qualcomm:wcd9330_firmware:-", "cpe:/o:qualcomm:sd750g_firmware:-", "cpe:/o:qualcomm:sd660_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-"], "id": "CVE-2021-30344", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30344", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qsw8573_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qet4101_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar6003_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8953_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9207_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9215_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdw2500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6584_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3615_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd7c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qualcomm215_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9367_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd439_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx12_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8cx_gen2_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8009w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-20T16:21:53", "description": "In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205837191", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39809", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39809"], "modified": "2022-04-20T15:01:00", "cpe": ["cpe:/o:google:android:11.0", "cpe:/o:google:android:12.1", "cpe:/o:google:android:12.0", "cpe:/o:google:android:10.0"], "id": "CVE-2021-39809", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39809", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-27T10:39:49", "description": "Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-30281", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30281"], "modified": "2022-06-27T06:15:00", "cpe": ["cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:qcn9022_firmware:-", "cpe:/o:qualcomm:sd720g_firmware:-", "cpe:/o:qualcomm:qca8072_firmware:-", "cpe:/o:qualcomm:qca6564a_firmware:-", "cpe:/o:qualcomm:csr8811_firmware:-", "cpe:/o:qualcomm:sd765_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:qcn9074_firmware:-", "cpe:/o:qualcomm:wsa8815_firmware:-", "cpe:/o:qualcomm:qca4004_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:sd460_firmware:-", "cpe:/o:qualcomm:sd888_firmware:-", "cpe:/o:qualcomm:sm6250p_firmware:-", "cpe:/o:qualcomm:csra6640_firmware:-", "cpe:/o:qualcomm:sa4155p_firmware:-", "cpe:/o:qualcomm:qcn9024_firmware:-", "cpe:/o:qualcomm:qca6436_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:qcs605_firmware:-", "cpe:/o:qualcomm:qcn6024_firmware:-", "cpe:/o:qualcomm:qca6420_firmware:-", "cpe:/o:qualcomm:qca6564au_firmware:-", "cpe:/o:qualcomm:qca8075_firmware:-", "cpe:/o:qualcomm:sa8155_firmware:-", "cpe:/o:qualcomm:sa8145p_firmware:-", "cpe:/o:qualcomm:sa515m_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:wcn3999_firmware:-", "cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:sd730_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:qcs2290_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:sa6145p_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:sa8195p_firmware:-", "cpe:/o:qualcomm:sm7250p_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:qcn9070_firmware:-", "cpe:/o:qualcomm:qcs610_firmware:-", "cpe:/o:qualcomm:aqt1000_firmware:-", "cpe:/o:qualcomm:qcn6023_firmware:-", "cpe:/o:qualcomm:csrb31024_firmware:-", "cpe:/o:qualcomm:qcn5121_firmware:-", "cpe:/o:qualcomm:sd855_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:qcs410_firmware:-", "cpe:/o:qualcomm:qrb5165n_firmware:-", "cpe:/o:qualcomm:sd678_firmware:-", "cpe:/o:qualcomm:sd_675_firmware:-", "cpe:/o:qualcomm:fsm10056_firmware:-", "cpe:/o:qualcomm:sd662_firmware:-", "cpe:/o:qualcomm:qcs603_firmware:-", "cpe:/o:qualcomm:qrb5165_firmware:-", "cpe:/o:qualcomm:sm6250_firmware:-", "cpe:/o:qualcomm:qca6574_firmware:-", "cpe:/o:qualcomm:qca9984_firmware:-", "cpe:/o:qualcomm:qcn5152_firmware:-", "cpe:/o:qualcomm:ar8031_firmware:-", "cpe:/o:qualcomm:qcn9072_firmware:-", "cpe:/o:qualcomm:qcm6125_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:wsa8810_firmware:-", "cpe:/o:qualcomm:ipq6010_firmware:-", "cpe:/o:qualcomm:qca6564_firmware:-", "cpe:/o:qualcomm:sa6155_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:qcs405_firmware:-", "cpe:/o:qualcomm:qsm8250_firmware:-", "cpe:/o:qualcomm:sa6155p_firmware:-", "cpe:/o:qualcomm:sw5100p_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:qcs4290_firmware:-", "cpe:/o:qualcomm:qrb5165m_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:sm7315_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:ipq6018_firmware:-", "cpe:/o:qualcomm:sd675_firmware:-", "cpe:/o:qualcomm:sd665_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:wcd9335_firmware:-", "cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:qcn5122_firmware:-", "cpe:/o:qualcomm:sd750g_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:sd7c_firmware:-", "cpe:/o:qualcomm:sa8155p_firmware:-", "cpe:/o:qualcomm:sxr2150p_firmware:-", "cpe:/o:qualcomm:qca6426_firmware:-", "cpe:/o:qualcomm:qca6430_firmware:-", "cpe:/o:qualcomm:sw5100_firmware:-", "cpe:/o:qualcomm:sd690_5g_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:sa415m_firmware:-", "cpe:/o:qualcomm:wcd9306_firmware:-", "cpe:/o:qualcomm:qca4024_firmware:-", "cpe:/o:qualcomm:qcm4290_firmware:-", "cpe:/o:qualcomm:qcn9012_firmware:-", "cpe:/o:qualcomm:qcs8155_firmware:-", "cpe:/o:qualcomm:sdx57m_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:fsm10055_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:qcn5052_firmware:-", "cpe:/o:qualcomm:qcn9000_firmware:-", "cpe:/o:qualcomm:sa4150p_firmware:-", "cpe:/o:qualcomm:sd_8cx_gen2_firmware:-", "cpe:/o:qualcomm:qca9377_firmware:-", "cpe:/o:qualcomm:mdm9150_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:sdx24_firmware:-", "cpe:/o:qualcomm:sd768g_firmware:-", "cpe:/o:qualcomm:sdxr1_firmware:-", "cpe:/o:qualcomm:qcs6125_firmware:-", "cpe:/o:qualcomm:qcm2290_firmware:-", "cpe:/o:qualcomm:ipq6000_firmware:-", "cpe:/o:qualcomm:qcx315_firmware:-", "cpe:/o:qualcomm:qcn5021_firmware:-", "cpe:/o:qualcomm:mdm9205_firmware:-", "cpe:/o:qualcomm:sd680_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:sa6150p_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:sdx55_firmware:-", "cpe:/o:qualcomm:sa8150p_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:ipq6028_firmware:-", "cpe:/o:qualcomm:qcn9011_firmware:-", "cpe:/o:qualcomm:qcn5022_firmware:-", "cpe:/o:qualcomm:sdxr2_5g_firmware:-", "cpe:/o:qualcomm:wcd9340_firmware:-", "cpe:/o:qualcomm:ipq6005_firmware:-", "cpe:/o:qualcomm:qca6174a_firmware:-", "cpe:/o:qualcomm:sd765g_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:csra6620_firmware:-"], "id": "CVE-2021-30281", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30281", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:qcn5021_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9984_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9022_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csr8811_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd7c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sxr2150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9070_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9011_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:fsm10056_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6010_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:fsm10055_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa4150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx57m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn6023_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5121_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca4024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5052_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165n_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8072_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9072_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5022_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa4155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5152_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6005_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6028_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5122_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8075_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8cx_gen2_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs8155_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-07-13T17:15:16", "description": "In AttributionSource of AttributionSource.java, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-200288596", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39799", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39799"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:google:android:12.0", "cpe:/o:google:android:12.1"], "id": "CVE-2021-39799", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39799", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-22T20:19:00", "description": "Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-35081", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35081"], "modified": "2022-06-22T18:28:00", "cpe": ["cpe:/o:qualcomm:sdx65_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:qcs6125_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:qcs610_firmware:-", "cpe:/o:qualcomm:qcn7606_firmware:-", "cpe:/o:qualcomm:qcs4290_firmware:-", "cpe:/o:qualcomm:sd765_firmware:-", "cpe:/o:qualcomm:sd855_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:sa8145p_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:qcm6125_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:sd765g_firmware:-", "cpe:/o:qualcomm:wcd9326_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:sa8195p_firmware:-", "cpe:/o:qualcomm:sdx55_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:sa6155p_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:sa8150p_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:sa6145p_firmware:-", "cpe:/o:qualcomm:qrb5165_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:qcn7605_firmware:-", "cpe:/o:qualcomm:sd768g_firmware:-", "cpe:/o:qualcomm:qca6564au_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:sd460_firmware:-", "cpe:/o:qualcomm:sdxr1_firmware:-", "cpe:/o:qualcomm:wcd9341_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:sm7250p_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:qca6564_firmware:-", "cpe:/o:qualcomm:sa8155p_firmware:-", "cpe:/o:qualcomm:sd690_5g_firmware:-", "cpe:/o:qualcomm:sd662_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:wcn3980_firmware:-", "cpe:/o:qualcomm:aqt1000_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:sd750g_firmware:-", "cpe:/o:qualcomm:wsa8815_firmware:-", "cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:qrb5165m_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:sa6150p_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:wsa8810_firmware:-", "cpe:/o:qualcomm:qcm4290_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:qcm2290_firmware:-", "cpe:/o:qualcomm:qrb5165n_firmware:-", "cpe:/o:qualcomm:qcs2290_firmware:-"], "id": "CVE-2021-35081", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35081", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:qcn7606_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165n_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-22T20:18:53", "description": "Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-35095", "cwe": ["CWE-362"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35095"], "modified": "2022-06-22T19:30:00", "cpe": ["cpe:/o:qualcomm:sdx65_firmware:-", "cpe:/o:qualcomm:sd_8_gen1_5g_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-"], "id": "CVE-2021-35095", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35095", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-22T22:24:31", "description": "Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-30350", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30350"], "modified": "2022-06-22T20:44:00", "cpe": ["cpe:/o:qualcomm:sm6250p_firmware:-", "cpe:/o:qualcomm:sm7315_firmware:-", "cpe:/o:qualcomm:qcm6125_firmware:-", "cpe:/o:qualcomm:qcs4290_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-", "cpe:/o:qualcomm:sd765_firmware:-", "cpe:/o:qualcomm:qcs603_firmware:-", "cpe:/o:qualcomm:qca6426_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:sd662_firmware:-", "cpe:/o:qualcomm:sdx65_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:sd768g_firmware:-", "cpe:/o:qualcomm:sa8195p_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:sd730_firmware:-", "cpe:/o:qualcomm:qca6430_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:sa6145p_firmware:-", "cpe:/o:qualcomm:sm6250_firmware:-", "cpe:/o:qualcomm:qcm2290_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:qcx315_firmware:-", "cpe:/o:qualcomm:csrb31024_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:sd680_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:sd855_firmware:-", "cpe:/o:qualcomm:sdxr2_5g_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:qcs605_firmware:-", "cpe:/o:qualcomm:qcs6125_firmware:-", "cpe:/o:qualcomm:sa8145p_firmware:-", "cpe:/o:qualcomm:sa6150p_firmware:-", "cpe:/o:qualcomm:qcs610_firmware:-", "cpe:/o:qualcomm:qcm4290_firmware:-", "cpe:/o:qualcomm:sdx55_firmware:-", "cpe:/o:qualcomm:qca6564au_firmware:-", "cpe:/o:qualcomm:sd_675_firmware:-", "cpe:/o:qualcomm:qcs2290_firmware:-", "cpe:/o:qualcomm:sd675_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:sd7c_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:sa515m_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:sw5100p_firmware:-", "cpe:/o:qualcomm:qca6436_firmware:-", "cpe:/o:qualcomm:sd665_firmware:-", "cpe:/o:qualcomm:sd888_firmware:-", "cpe:/o:qualcomm:aqt1000_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:sd_8cx_gen2_firmware:-", "cpe:/o:qualcomm:qca6420_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:sd678_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:sa8155p_firmware:-", "cpe:/o:qualcomm:sd750g_firmware:-", "cpe:/o:qualcomm:sa6155p_firmware:-", "cpe:/o:qualcomm:sd850_firmware:-", "cpe:/o:qualcomm:sd460_firmware:-", "cpe:/o:qualcomm:sd660_firmware:-", "cpe:/o:qualcomm:sa8150p_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:sd_8_gen1_5g_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:wcd9360_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:sdxr1_firmware:-", "cpe:/o:qualcomm:sd690_5g_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:sm7250p_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:qcs410_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:sd720g_firmware:-", "cpe:/o:qualcomm:sd765g_firmware:-", "cpe:/o:qualcomm:sa415m_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:sw5100_firmware:-"], "id": "CVE-2021-30350", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30350", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8cx_gen2_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd7c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-19T20:57:34", "description": "In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-205836329", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39794", "cwe": ["CWE-276"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.6, "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39794"], "modified": "2022-04-19T18:32:00", "cpe": ["cpe:/o:google:android:11.0", "cpe:/o:google:android:12.1", "cpe:/o:google:android:12.0"], "id": "CVE-2021-39794", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39794", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-24T16:20:23", "description": "Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-35104", "cwe": ["CWE-120"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35104"], "modified": "2022-06-24T15:22:00", "cpe": ["cpe:/o:qualcomm:qca6584au_firmware:-", "cpe:/o:qualcomm:qcn5164_firmware:-", "cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:ipq8076a_firmware:-", "cpe:/o:qualcomm:qcs6125_firmware:-", "cpe:/o:qualcomm:mdm9628_firmware:-", "cpe:/o:qualcomm:csr8811_firmware:-", "cpe:/o:qualcomm:qcs4290_firmware:-", "cpe:/o:qualcomm:qcn5152_firmware:-", "cpe:/o:qualcomm:sm6250p_firmware:-", "cpe:/o:qualcomm:qca6564au_firmware:-", "cpe:/o:qualcomm:sd665_firmware:-", "cpe:/o:qualcomm:ipq8074_firmware:-", "cpe:/o:qualcomm:sa8150p_firmware:-", "cpe:/o:qualcomm:qca9367_firmware:-", "cpe:/o:qualcomm:qcn5550_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:sd205_firmware:-", "cpe:/o:qualcomm:wcn3610_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:qcn5024_firmware:-", "cpe:/o:qualcomm:qcn5124_firmware:-", "cpe:/o:qualcomm:qcs603_firmware:-", "cpe:/o:qualcomm:sa6150p_firmware:-", "cpe:/o:qualcomm:wcd9360_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:ipq6000_firmware:-", "cpe:/o:qualcomm:qca8075_firmware:-", "cpe:/o:qualcomm:qcn9012_firmware:-", "cpe:/o:qualcomm:qcn5122_firmware:-", "cpe:/o:qualcomm:sm7250p_firmware:-", "cpe:/o:qualcomm:sw5100_firmware:-", "cpe:/o:qualcomm:qcm4290_firmware:-", "cpe:/o:qualcomm:sa6145p_firmware:-", "cpe:/o:qualcomm:qsm8250_firmware:-", "cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:qsw8573_firmware:-", "cpe:/o:qualcomm:fsm10055_firmware:-", "cpe:/o:qualcomm:sdxr1_firmware:-", "cpe:/o:qualcomm:apq8096au_firmware:-", "cpe:/o:qualcomm:sd765g_firmware:-", "cpe:/o:qualcomm:sdxr2_5g_firmware:-", "cpe:/o:qualcomm:ipq8070a_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:sa8295p_firmware:-", "cpe:/o:qualcomm:sd678_firmware:-", "cpe:/o:qualcomm:apq8017_firmware:-", "cpe:/o:qualcomm:sd888_firmware:-", "cpe:/o:qualcomm:sm6250_firmware:-", "cpe:/o:qualcomm:sm7315_firmware:-", "cpe:/o:qualcomm:ipq8076_firmware:-", "cpe:/o:qualcomm:qcs605_firmware:-", "cpe:/o:qualcomm:sd429_firmware:-", "cpe:/o:qualcomm:qca6564a_firmware:-", "cpe:/o:qualcomm:sd660_firmware:-", "cpe:/o:qualcomm:sd720g_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:qca6564_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:sw5100p_firmware:-", "cpe:/o:qualcomm:qcs405_firmware:-", "cpe:/o:qualcomm:sd_8_gen1_5g_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:ipq8072_firmware:-", "cpe:/o:qualcomm:qcn9074_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:wcn3999_firmware:-", "cpe:/o:qualcomm:apq8064au_firmware:-", "cpe:/o:qualcomm:ipq8071a_firmware:-", "cpe:/o:qualcomm:qca9889_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:msm8996au_firmware:-", "cpe:/o:qualcomm:sd768g_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:qcn5064_firmware:-", "cpe:/o:qualcomm:mdm9250_firmware:-", "cpe:/o:qualcomm:csrb31024_firmware:-", "cpe:/o:qualcomm:sa415m_firmware:-", "cpe:/o:qualcomm:sdw2500_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:ar8031_firmware:-", "cpe:/o:qualcomm:ipq8078a_firmware:-", "cpe:/o:qualcomm:ipq8174_firmware:-", "cpe:/o:qualcomm:sa8155p_firmware:-", "cpe:/o:qualcomm:sa4155p_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:sd_675_firmware:-", "cpe:/o:qualcomm:qrb5165n_firmware:-", "cpe:/o:qualcomm:qcn5052_firmware:-", "cpe:/o:qualcomm:sd690_5g_firmware:-", "cpe:/o:qualcomm:ipq8074a_firmware:-", "cpe:/o:qualcomm:ipq8173_firmware:-", "cpe:/o:qualcomm:sa4150p_firmware:-", "cpe:/o:qualcomm:qcs410_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:qrb5165_firmware:-", "cpe:/o:qualcomm:qca6426_firmware:-", "cpe:/o:qualcomm:fsm10056_firmware:-", "cpe:/o:qualcomm:qca6436_firmware:-", "cpe:/o:qualcomm:sd662_firmware:-", "cpe:/o:qualcomm:sd460_firmware:-", "cpe:/o:qualcomm:sdx20_firmware:-", "cpe:/o:qualcomm:ipq6018_firmware:-", "cpe:/o:qualcomm:sxr2150p_firmware:-", "cpe:/o:qualcomm:sdm429w_firmware:-", "cpe:/o:qualcomm:sd439_firmware:-", "cpe:/o:qualcomm:qca9377_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:qcm6125_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:sda429w_firmware:-", "cpe:/o:qualcomm:sdx55_firmware:-", "cpe:/o:qualcomm:ipq8072a_firmware:-", "cpe:/o:qualcomm:qca6428_firmware:-", "cpe:/o:qualcomm:sd730_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:qcs2290_firmware:-", "cpe:/o:qualcomm:sd765_firmware:-", "cpe:/o:qualcomm:qcn9000_firmware:-", "cpe:/o:qualcomm:apq8009w_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:sa8195p_firmware:-", "cpe:/o:qualcomm:mdm9150_firmware:-", "cpe:/o:qualcomm:qam8295p_firmware:-", "cpe:/o:qualcomm:sd750g_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:qca6174a_firmware:-", "cpe:/o:qualcomm:csra6640_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:qcn5022_firmware:-", "cpe:/o:qualcomm:sa6155p_firmware:-", "cpe:/o:qualcomm:sdx12_firmware:-", "cpe:/o:qualcomm:qca6574_firmware:-", "cpe:/o:qualcomm:sa515m_firmware:-", "cpe:/o:qualcomm:qca6438_firmware:-", "cpe:/o:qualcomm:qca4024_firmware:-", "cpe:/o:qualcomm:sd210_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:qcx315_firmware:-", "cpe:/o:qualcomm:ipq8070_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:sa8145p_firmware:-", "cpe:/o:qualcomm:sdx65_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:ipq6028_firmware:-", "cpe:/o:qualcomm:qcs610_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:sd855_firmware:-", "cpe:/o:qualcomm:csra6620_firmware:-", "cpe:/o:qualcomm:msm8909w_firmware:-", "cpe:/o:qualcomm:qrb5165m_firmware:-", "cpe:/o:qualcomm:sdx24_firmware:-", "cpe:/o:qualcomm:sd675_firmware:-", "cpe:/o:qualcomm:wcn3620_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:aqt1000_firmware:-", "cpe:/o:qualcomm:qcm2290_firmware:-", "cpe:/o:qualcomm:wcd9330_firmware:-", "cpe:/o:qualcomm:ipq8071_firmware:-", "cpe:/o:qualcomm:ipq6010_firmware:-", "cpe:/o:qualcomm:mdm9607_firmware:-", "cpe:/o:qualcomm:sa6155_firmware:-", "cpe:/o:qualcomm:sa8155_firmware:-", "cpe:/o:qualcomm:mdm9206_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:qcn9011_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-"], "id": "CVE-2021-35104", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35104", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8071a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csr8811_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8064au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd439_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8074a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5064_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8072_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5052_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8009w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8076_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6010_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9011_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8070_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdw2500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx12_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8071_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca4024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5022_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6438_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:fsm10056_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sxr2150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8076a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8173_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5122_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8072a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5124_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8070a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6028_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6428_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9889_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8075_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8174_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5164_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa4150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa4155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qsw8573_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:fsm10055_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5152_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165n_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5550_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq8078a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9367_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-20T16:21:55", "description": "In reinit of HeifDecoderImpl.cpp, there is a possible crash due to a missing null check. This could lead to remote persistent denial of service in the file picker with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215002587", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39804", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39804"], "modified": "2022-04-20T14:45:00", "cpe": ["cpe:/o:google:android:11.0", "cpe:/o:google:android:12.1", "cpe:/o:google:android:12.0"], "id": "CVE-2021-39804", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39804", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-07-13T17:15:14", "description": "In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209966086", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39808", "cwe": ["CWE-862"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39808"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:google:android:11.0", "cpe:/o:google:android:12.0", "cpe:/o:google:android:10.0"], "id": "CVE-2021-39808", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39808", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-22T20:18:44", "description": "Memory corruption in graphics support layer due to use after free condition in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-35130", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35130"], "modified": "2022-06-22T18:22:00", "cpe": ["cpe:/o:qualcomm:sdx65_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:qcs610_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:sa8145p_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:sdx12_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:sa8195p_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:sa6155p_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:sa8150p_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-", "cpe:/o:qualcomm:sa6145p_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:sm7315_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:wcd9341_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:sa8155p_firmware:-", "cpe:/o:qualcomm:qca6174a_firmware:-", "cpe:/o:qualcomm:sd888_firmware:-", "cpe:/o:qualcomm:qam8295p_firmware:-", "cpe:/o:qualcomm:qca9377_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:wcn3980_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:wsa8815_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:sw5100_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:sw5100p_firmware:-", "cpe:/o:qualcomm:sa6150p_firmware:-", "cpe:/o:qualcomm:wcd9335_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:wsa8810_firmware:-", "cpe:/o:qualcomm:sa4155p_firmware:-", "cpe:/o:qualcomm:qcs410_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:sa8295p_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:sa4150p_firmware:-"], "id": "CVE-2021-35130", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35130", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa4155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa4150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx12_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-27T18:42:29", "description": "Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-30341", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30341"], "modified": "2022-06-27T17:29:00", "cpe": ["cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:sdw2500_firmware:-", "cpe:/o:qualcomm:sd662_firmware:-", "cpe:/o:qualcomm:sw5100p_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-", "cpe:/o:qualcomm:sda429w_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:sm6250_firmware:-", "cpe:/o:qualcomm:qcs2290_firmware:-", "cpe:/o:qualcomm:sd205_firmware:-", "cpe:/o:qualcomm:sm7250p_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:qca6426_firmware:-", "cpe:/o:qualcomm:qca6564au_firmware:-", "cpe:/o:qualcomm:sd210_firmware:-", "cpe:/o:qualcomm:sd665_firmware:-", "cpe:/o:qualcomm:sd429_firmware:-", "cpe:/o:qualcomm:qcs610_firmware:-", "cpe:/o:qualcomm:mdm9207_firmware:-", "cpe:/o:qualcomm:sd7c_firmware:-", "cpe:/o:qualcomm:qcs4290_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:sd730_firmware:-", "cpe:/o:qualcomm:sdx65_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:wcn3610_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:mdm9250_firmware:-", "cpe:/o:qualcomm:qcs410_firmware:-", "cpe:/o:qualcomm:sd660_firmware:-", "cpe:/o:qualcomm:apq8009w_firmware:-", "cpe:/o:qualcomm:mdm9607_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:qca9367_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:qca6174a_firmware:-", "cpe:/o:qualcomm:mdm9640_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:mdm8207_firmware:-", "cpe:/o:qualcomm:wcd9306_firmware:-", "cpe:/o:qualcomm:qca6430_firmware:-", "cpe:/o:qualcomm:msm8996au_firmware:-", "cpe:/o:qualcomm:qca6564a_firmware:-", "cpe:/o:qualcomm:qcm4290_firmware:-", "cpe:/o:qualcomm:sd888_firmware:-", "cpe:/o:qualcomm:qsw8573_firmware:-", "cpe:/o:qualcomm:sa515m_firmware:-", "cpe:/o:qualcomm:qca9377_firmware:-", "cpe:/o:qualcomm:sw5100_firmware:-", "cpe:/o:qualcomm:sa415m_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:sd680_firmware:-", "cpe:/o:qualcomm:qcs6125_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:sd850_firmware:-", "cpe:/o:qualcomm:sd_8cx_gen2_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:sdx12_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:sd690_5g_firmware:-", "cpe:/o:qualcomm:sd768g_firmware:-", "cpe:/o:qualcomm:wcd9330_firmware:-", "cpe:/o:qualcomm:sdx55_firmware:-", "cpe:/o:qualcomm:sd720g_firmware:-", "cpe:/o:qualcomm:qca4004_firmware:-", "cpe:/o:qualcomm:qcm6125_firmware:-", "cpe:/o:qualcomm:sdxr2_5g_firmware:-", "cpe:/o:qualcomm:qcx315_firmware:-", "cpe:/o:qualcomm:apq8096au_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:sd750g_firmware:-", "cpe:/o:qualcomm:sdx20_firmware:-", "cpe:/o:qualcomm:sd678_firmware:-", "cpe:/o:qualcomm:sm6250p_firmware:-", "cpe:/o:qualcomm:mdm9206_firmware:-", "cpe:/o:qualcomm:qca9379_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:sd460_firmware:-", "cpe:/o:qualcomm:sd765_firmware:-", "cpe:/o:qualcomm:sd855_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:wcn3620_firmware:-", "cpe:/o:qualcomm:qcm2290_firmware:-", "cpe:/o:qualcomm:sd675_firmware:-", "cpe:/o:qualcomm:aqt1000_firmware:-", "cpe:/o:qualcomm:mdm9628_firmware:-", "cpe:/o:qualcomm:sdxr1_firmware:-", "cpe:/o:qualcomm:mdm9205_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:sm7315_firmware:-", "cpe:/o:qualcomm:qca6436_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:sd765g_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:qca6574_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:sdx24_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:msm8909w_firmware:-", "cpe:/o:qualcomm:csrb31024_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:qca6420_firmware:-", "cpe:/o:qualcomm:wcd9360_firmware:-", "cpe:/o:qualcomm:sd_8_gen1_5g_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:sdm429w_firmware:-", "cpe:/o:qualcomm:sd_675_firmware:-"], "id": "CVE-2021-30341", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30341", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdw2500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd7c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx12_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9367_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9207_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8009w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8cx_gen2_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qsw8573_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T15:25:04", "description": "An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.9, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-06T18:15:00", "type": "cve", "title": "CVE-2021-25477", "cwe": ["CWE-415"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-25477"], "modified": "2021-10-13T18:07:00", "cpe": ["cpe:/o:google:android:9.0", "cpe:/o:google:android:11.0", "cpe:/o:google:android:10.0"], "id": "CVE-2021-25477", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25477", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-22T18:20:19", "description": "Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-35100", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35100"], "modified": "2022-06-22T17:53:00", "cpe": ["cpe:/o:qualcomm:sd750g_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:sd888_firmware:-", "cpe:/o:qualcomm:sdxr2_5g_firmware:-", "cpe:/o:qualcomm:qcs603_firmware:-", "cpe:/o:qualcomm:wcd9340_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:apq8009w_firmware:-", "cpe:/o:qualcomm:sd_8_gen1_5g_firmware:-", "cpe:/o:qualcomm:sd730_firmware:-", "cpe:/o:qualcomm:qca6564a_firmware:-", "cpe:/o:qualcomm:sm7315_firmware:-", "cpe:/o:qualcomm:sd768g_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:aqt1000_firmware:-", "cpe:/o:qualcomm:qcs610_firmware:-", "cpe:/o:qualcomm:qcs605_firmware:-", "cpe:/o:qualcomm:sa8155p_firmware:-", "cpe:/o:qualcomm:mdm9206_firmware:-", "cpe:/o:qualcomm:sd429_firmware:-", "cpe:/o:qualcomm:csra6640_firmware:-", "cpe:/o:qualcomm:sd460_firmware:-", "cpe:/o:qualcomm:sd210_firmware:-", "cpe:/o:qualcomm:sa6150p_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:wcn3610_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:qca6174a_firmware:-", "cpe:/o:qualcomm:qca6426_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:sdx20_firmware:-", "cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:sa6155_firmware:-", "cpe:/o:qualcomm:wcd9330_firmware:-", "cpe:/o:qualcomm:mdm9250_firmware:-", "cpe:/o:qualcomm:sd662_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:sm6250_firmware:-", "cpe:/o:qualcomm:qualcomm215_firmware:-", "cpe:/o:qualcomm:apq8017_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-", "cpe:/o:qualcomm:sd690_5g_firmware:-", "cpe:/o:qualcomm:sd765_firmware:-", "cpe:/o:qualcomm:wcd9335_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:qca9377_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:sd855_firmware:-", "cpe:/o:qualcomm:qca6436_firmware:-", "cpe:/o:qualcomm:wcd9341_firmware:-", "cpe:/o:qualcomm:fsm10055_firmware:-", "cpe:/o:qualcomm:qca9367_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:mdm9607_firmware:-", "cpe:/o:qualcomm:qcs405_firmware:-", "cpe:/o:qualcomm:msm8909w_firmware:-", "cpe:/o:qualcomm:wsa8815_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:qcs4290_firmware:-", "cpe:/o:qualcomm:sdw2500_firmware:-", "cpe:/o:qualcomm:qcs410_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:sd205_firmware:-", "cpe:/o:qualcomm:sda429w_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:apq8096au_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:qca6574_firmware:-", "cpe:/o:qualcomm:sdm429w_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:sa8145p_firmware:-", "cpe:/o:qualcomm:qcm6125_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:sa8155_firmware:-", "cpe:/o:qualcomm:qca6584au_firmware:-", "cpe:/o:qualcomm:wcn3680b_firmware:-", "cpe:/o:qualcomm:sd765g_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:sd720g_firmware:-", "cpe:/o:qualcomm:wsa8810_firmware:-", "cpe:/o:qualcomm:sa6145p_firmware:-", "cpe:/o:qualcomm:wcn3980_firmware:-", "cpe:/o:qualcomm:wcd9326_firmware:-", "cpe:/o:qualcomm:wcn3999_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:ar8031_firmware:-", "cpe:/o:qualcomm:qcm4290_firmware:-", "cpe:/o:qualcomm:wcn3990_firmware:-", "cpe:/o:qualcomm:csra6620_firmware:-", "cpe:/o:qualcomm:apq8064au_firmware:-", "cpe:/o:qualcomm:mdm9628_firmware:-", "cpe:/o:qualcomm:sm7250p_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:sd678_firmware:-", "cpe:/o:qualcomm:sa8195p_firmware:-", "cpe:/o:qualcomm:qcs6125_firmware:-", "cpe:/o:qualcomm:fsm10056_firmware:-", "cpe:/o:qualcomm:sa8150p_firmware:-", "cpe:/o:qualcomm:sd675_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:wcn3660b_firmware:-", "cpe:/o:qualcomm:wcn3620_firmware:-", "cpe:/o:qualcomm:qcs2290_firmware:-", "cpe:/o:qualcomm:sa6155p_firmware:-", "cpe:/o:qualcomm:qcm2290_firmware:-", "cpe:/o:qualcomm:sd_675_firmware:-", "cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:qca6564au_firmware:-", "cpe:/o:qualcomm:msm8996au_firmware:-"], "id": "CVE-2021-35100", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35100", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:fsm10056_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8064au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdw2500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:fsm10055_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9367_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qualcomm215_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8009w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-22T20:18:58", "description": "Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-35091", "cwe": ["CWE-704"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35091"], "modified": "2022-06-22T19:06:00", "cpe": ["cpe:/o:qualcomm:sd_8_gen1_5g_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-"], "id": "CVE-2021-35091", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35091", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-22T22:24:30", "description": "RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-35070", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35070"], "modified": "2022-06-22T20:36:00", "cpe": ["cpe:/o:qualcomm:wcn3980_firmware:-", "cpe:/o:qualcomm:qcm6125_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:sd665_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:qcs6125_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:wsa8815_firmware:-", "cpe:/o:qualcomm:wsa8810_firmware:-"], "id": "CVE-2021-35070", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35070", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-23T20:45:41", "description": "Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-30338", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30338"], "modified": "2022-06-23T19:30:00", "cpe": ["cpe:/o:qualcomm:sdxr1_firmware:-", "cpe:/o:qualcomm:sd850_firmware:-"], "id": "CVE-2021-30338", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30338", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd850_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-20T16:21:55", "description": "In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-209446496", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39807", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39807"], "modified": "2022-04-20T14:54:00", "cpe": ["cpe:/o:google:android:11.0", "cpe:/o:google:android:12.1", "cpe:/o:google:android:12.0", "cpe:/o:google:android:10.0"], "id": "CVE-2021-39807", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39807", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-23T22:52:13", "description": "Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-30334", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30334"], "modified": "2022-06-23T20:58:00", "cpe": ["cpe:/o:qualcomm:wcn3999_firmware:-", "cpe:/o:qualcomm:sa4155p_firmware:-", "cpe:/o:qualcomm:qcs605_firmware:-", "cpe:/o:qualcomm:fsm10055_firmware:-", "cpe:/o:qualcomm:sd855_firmware:-", "cpe:/o:qualcomm:qcs6125_firmware:-", "cpe:/o:qualcomm:sdm429w_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:sdx65_firmware:-", "cpe:/o:qualcomm:sa8145p_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:sd730_firmware:-", "cpe:/o:qualcomm:sd690_5g_firmware:-", "cpe:/o:qualcomm:sdxr2_5g_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-", "cpe:/o:qualcomm:qcm4290_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:qcx315_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:qam8295p_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:sd439_firmware:-", "cpe:/o:qualcomm:sa8155_firmware:-", "cpe:/o:qualcomm:sd429_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:sxr2150p_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:qrb5165n_firmware:-", "cpe:/o:qualcomm:sa8295p_firmware:-", "cpe:/o:qualcomm:msm8909w_firmware:-", "cpe:/o:qualcomm:wcn3620_firmware:-", "cpe:/o:qualcomm:apq8009w_firmware:-", "cpe:/o:qualcomm:sd205_firmware:-", "cpe:/o:qualcomm:qcs2290_firmware:-", "cpe:/o:qualcomm:csra6640_firmware:-", "cpe:/o:qualcomm:sa8195p_firmware:-", "cpe:/o:qualcomm:qcs8155_firmware:-", "cpe:/o:qualcomm:sa6150p_firmware:-", "cpe:/o:qualcomm:wcn3610_firmware:-", "cpe:/o:qualcomm:sd768g_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:qrb5165m_firmware:-", "cpe:/o:qualcomm:qsm8250_firmware:-", "cpe:/o:qualcomm:sa8150p_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:sd765g_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:qcs410_firmware:-", "cpe:/o:qualcomm:sd888_firmware:-", "cpe:/o:qualcomm:qcm6125_firmware:-", "cpe:/o:qualcomm:qca6574_firmware:-", "cpe:/o:qualcomm:sa6155p_firmware:-", "cpe:/o:qualcomm:sdx55_firmware:-", "cpe:/o:qualcomm:sa8155p_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:qcm2290_firmware:-", "cpe:/o:qualcomm:qcs4290_firmware:-", "cpe:/o:qualcomm:qcs603_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:fsm10056_firmware:-", "cpe:/o:qualcomm:sa4150p_firmware:-", "cpe:/o:qualcomm:sd210_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:qsw8573_firmware:-", "cpe:/o:qualcomm:sd750g_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:csra6620_firmware:-", "cpe:/o:qualcomm:sa6145p_firmware:-", "cpe:/o:qualcomm:qca6564au_firmware:-", "cpe:/o:qualcomm:sdx24_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:sw5100p_firmware:-", "cpe:/o:qualcomm:sd720g_firmware:-", "cpe:/o:qualcomm:qrb5165_firmware:-", "cpe:/o:qualcomm:sm7315_firmware:-", "cpe:/o:qualcomm:sd678_firmware:-", "cpe:/o:qualcomm:sd_8_gen1_5g_firmware:-", "cpe:/o:qualcomm:sm6250p_firmware:-", "cpe:/o:qualcomm:wcd9335_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:qcs610_firmware:-", "cpe:/o:qualcomm:sa6155_firmware:-", "cpe:/o:qualcomm:wcd9360_firmware:-", "cpe:/o:qualcomm:sa515m_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:qca6426_firmware:-", "cpe:/o:qualcomm:sdxr1_firmware:-", "cpe:/o:qualcomm:sa415m_firmware:-", "cpe:/o:qualcomm:sd_675_firmware:-", "cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:sd460_firmware:-", "cpe:/o:qualcomm:sd662_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:aqt1000_firmware:-", "cpe:/o:qualcomm:qet4101_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:sd665_firmware:-", "cpe:/o:qualcomm:csrb31024_firmware:-", "cpe:/o:qualcomm:sm6250_firmware:-", "cpe:/o:qualcomm:sw5100_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:qcs405_firmware:-", "cpe:/o:qualcomm:qcn9011_firmware:-", "cpe:/o:qualcomm:sm7250p_firmware:-", "cpe:/o:qualcomm:qcn9012_firmware:-", "cpe:/o:qualcomm:mdm9150_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:qca6564_firmware:-", "cpe:/o:qualcomm:sd660_firmware:-", "cpe:/o:qualcomm:ar8031_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:sd675_firmware:-", "cpe:/o:qualcomm:sda429w_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:qca6174a_firmware:-", "cpe:/o:qualcomm:qca9377_firmware:-", "cpe:/o:qualcomm:sd765_firmware:-", "cpe:/o:qualcomm:qca6436_firmware:-", "cpe:/o:qualcomm:qca6564a_firmware:-"], "id": "CVE-2021-30334", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30334", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8009w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa4150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qsw8573_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd439_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qet4101_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:fsm10056_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165n_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa4155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs8155_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9011_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:fsm10055_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sxr2150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-23T22:52:09", "description": "Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-30339", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30339"], "modified": "2022-06-23T21:06:00", "cpe": ["cpe:/o:qualcomm:wcn3999_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:sd662_firmware:-", "cpe:/o:qualcomm:sd750g_firmware:-", "cpe:/o:qualcomm:sd768g_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:sd680_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:sw5100p_firmware:-", "cpe:/o:qualcomm:wsa8815_firmware:-", "cpe:/o:qualcomm:qca9984_firmware:-", "cpe:/o:qualcomm:sw5100_firmware:-", "cpe:/o:qualcomm:sdx65_firmware:-", "cpe:/o:qualcomm:sm7315_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:qcs405_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:sd690_5g_firmware:-", "cpe:/o:qualcomm:sd765g_firmware:-", "cpe:/o:qualcomm:sd_8_gen1_5g_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:qcm4290_firmware:-", "cpe:/o:qualcomm:sm7250p_firmware:-", "cpe:/o:qualcomm:sd888_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:wsa8810_firmware:-", "cpe:/o:qualcomm:sdx57m_firmware:-", "cpe:/o:qualcomm:wcn3980_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:qcm2290_firmware:-", "cpe:/o:qualcomm:qcs4290_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:sd765_firmware:-", "cpe:/o:qualcomm:sd460_firmware:-", "cpe:/o:qualcomm:qcs2290_firmware:-"], "id": "CVE-2021-30339", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30339", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx57m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9984_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-23T22:52:06", "description": "Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-30342", "cwe": ["CWE-367"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30342"], "modified": "2022-06-23T21:03:00", "cpe": ["cpe:/o:qualcomm:wcd9330_firmware:-", "cpe:/o:qualcomm:mdm9655_firmware:-", "cpe:/o:qualcomm:fsm10055_firmware:-", "cpe:/o:qualcomm:sd855_firmware:-", "cpe:/o:qualcomm:qcs6125_firmware:-", "cpe:/o:qualcomm:apq8017_firmware:-", "cpe:/o:qualcomm:sdm429w_firmware:-", "cpe:/o:qualcomm:sa8145p_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:sd730_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-", "cpe:/o:qualcomm:qcm4290_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:sd439_firmware:-", "cpe:/o:qualcomm:mdm9206_firmware:-", "cpe:/o:qualcomm:sd429_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:mdm9207_firmware:-", "cpe:/o:qualcomm:msm8909w_firmware:-", "cpe:/o:qualcomm:qca4004_firmware:-", "cpe:/o:qualcomm:wcn3620_firmware:-", "cpe:/o:qualcomm:apq8009w_firmware:-", "cpe:/o:qualcomm:sd_8cx_gen2_firmware:-", "cpe:/o:qualcomm:sd205_firmware:-", "cpe:/o:qualcomm:qcs2290_firmware:-", "cpe:/o:qualcomm:sa8195p_firmware:-", "cpe:/o:qualcomm:qca6584_firmware:-", "cpe:/o:qualcomm:sa6150p_firmware:-", "cpe:/o:qualcomm:wcn3610_firmware:-", "cpe:/o:qualcomm:sa8150p_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:qcs410_firmware:-", "cpe:/o:qualcomm:qcm6125_firmware:-", "cpe:/o:qualcomm:mdm9650_firmware:-", "cpe:/o:qualcomm:qca6574_firmware:-", "cpe:/o:qualcomm:sa6155p_firmware:-", "cpe:/o:qualcomm:sa8155p_firmware:-", "cpe:/o:qualcomm:qcm2290_firmware:-", "cpe:/o:qualcomm:qcs4290_firmware:-", "cpe:/o:qualcomm:fsm10056_firmware:-", "cpe:/o:qualcomm:sd210_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:wcd9306_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:qsw8573_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:qca9367_firmware:-", "cpe:/o:qualcomm:sa6145p_firmware:-", "cpe:/o:qualcomm:qca6564au_firmware:-", "cpe:/o:qualcomm:sdx24_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:sw5100p_firmware:-", "cpe:/o:qualcomm:sd720g_firmware:-", "cpe:/o:qualcomm:qca6420_firmware:-", "cpe:/o:qualcomm:sd678_firmware:-", "cpe:/o:qualcomm:sm6250p_firmware:-", "cpe:/o:qualcomm:mdm9640_firmware:-", "cpe:/o:qualcomm:qcs610_firmware:-", "cpe:/o:qualcomm:mdm9607_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:sdxr1_firmware:-", "cpe:/o:qualcomm:mdm9205_firmware:-", "cpe:/o:qualcomm:msm8996au_firmware:-", "cpe:/o:qualcomm:sa415m_firmware:-", "cpe:/o:qualcomm:sd_675_firmware:-", "cpe:/o:qualcomm:sd460_firmware:-", "cpe:/o:qualcomm:sd662_firmware:-", "cpe:/o:qualcomm:sdx20_firmware:-", "cpe:/o:qualcomm:mdm9628_firmware:-", "cpe:/o:qualcomm:sd680_firmware:-", "cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:aqt1000_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:mdm8207_firmware:-", "cpe:/o:qualcomm:sd665_firmware:-", "cpe:/o:qualcomm:csrb31024_firmware:-", "cpe:/o:qualcomm:sm6250_firmware:-", "cpe:/o:qualcomm:sw5100_firmware:-", "cpe:/o:qualcomm:sd7c_firmware:-", "cpe:/o:qualcomm:sd850_firmware:-", "cpe:/o:qualcomm:mdm9150_firmware:-", "cpe:/o:qualcomm:apq8096au_firmware:-", "cpe:/o:qualcomm:sd660_firmware:-", "cpe:/o:qualcomm:sd675_firmware:-", "cpe:/o:qualcomm:sda429w_firmware:-", "cpe:/o:qualcomm:sdw2500_firmware:-", "cpe:/o:qualcomm:qca6430_firmware:-", "cpe:/o:qualcomm:qca6174a_firmware:-", "cpe:/o:qualcomm:mdm9250_firmware:-", "cpe:/o:qualcomm:qca6584au_firmware:-", "cpe:/o:qualcomm:qca9377_firmware:-", "cpe:/o:qualcomm:qca6564a_firmware:-", "cpe:/o:qualcomm:sdx12_firmware:-"], "id": "CVE-2021-30342", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30342", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:C/I:N/A:N"}, "cpe23": ["cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9367_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8009w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdw2500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6584_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd7c_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qsw8573_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9207_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd439_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8cx_gen2_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:fsm10056_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx12_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:fsm10055_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-18T16:26:52", "description": "In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID: ALPS06461919.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-11T20:15:00", "type": "cve", "title": "CVE-2022-20081", "cwe": ["CWE-295"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-20081"], "modified": "2022-04-18T14:25:00", "cpe": ["cpe:/o:google:android:10.0", "cpe:/o:google:android:12.0", "cpe:/o:google:android:11.0"], "id": "CVE-2022-20081", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20081", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-22T18:20:11", "description": "Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon Industrial IOT", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-35123", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.3, "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35123"], "modified": "2022-06-22T17:43:00", "cpe": ["cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:wcn3980_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:sd660_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:wcd9335_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:sd_8_gen1_5g_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:sd855_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:aqt1000_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-"], "id": "CVE-2021-35123", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35123", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-18T20:43:57", "description": "In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209791720References: Upstream kernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39801", "cwe": ["CWE-416", "CWE-667"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39801"], "modified": "2022-04-18T18:34:00", "cpe": ["cpe:/o:google:android:-"], "id": "CVE-2021-39801", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39801", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-07-13T17:15:15", "description": "In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39802", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39802"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/o:google:android:-"], "id": "CVE-2021-39802", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39802", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-18T20:43:58", "description": "In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208277166References: Upstream kernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39800", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39800"], "modified": "2022-04-18T18:35:00", "cpe": ["cpe:/o:google:android:-"], "id": "CVE-2021-39800", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39800", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-20T16:21:59", "description": "In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-39796", "cwe": ["CWE-1021"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39796"], "modified": "2022-04-20T15:18:00", "cpe": ["cpe:/o:google:android:11.0", "cpe:/o:google:android:12.1", "cpe:/o:google:android:12.0", "cpe:/o:google:android:10.0"], "id": "CVE-2021-39796", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39796", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:google:android:10.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-22T22:24:31", "description": "Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-30349", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-30349"], "modified": "2022-06-22T20:50:00", "cpe": ["cpe:/o:qualcomm:sd429_firmware:-", "cpe:/o:qualcomm:qcn9012_firmware:-", "cpe:/o:qualcomm:mdm9205_firmware:-", "cpe:/o:qualcomm:csra6620_firmware:-", "cpe:/o:qualcomm:qcm6125_firmware:-", "cpe:/o:qualcomm:qcs4290_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-", "cpe:/o:qualcomm:sd765_firmware:-", "cpe:/o:qualcomm:qcs603_firmware:-", "cpe:/o:qualcomm:qca6426_firmware:-", "cpe:/o:qualcomm:ar8031_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:sd662_firmware:-", "cpe:/o:qualcomm:qca6574_firmware:-", "cpe:/o:qualcomm:qcn6023_firmware:-", "cpe:/o:qualcomm:qrb5165m_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:sd768g_firmware:-", "cpe:/o:qualcomm:qca4004_firmware:-", "cpe:/o:qualcomm:sa8195p_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:qca6430_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:qcs405_firmware:-", "cpe:/o:qualcomm:sa6145p_firmware:-", "cpe:/o:qualcomm:sa4150p_firmware:-", "cpe:/o:qualcomm:qcn5152_firmware:-", "cpe:/o:qualcomm:sdx57m_firmware:-", "cpe:/o:qualcomm:qcm2290_firmware:-", "cpe:/o:qualcomm:wcn3680b_firmware:-", "cpe:/o:qualcomm:qcn9000_firmware:-", "cpe:/o:qualcomm:qcn6024_firmware:-", "cpe:/o:qualcomm:sa4155p_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:sd_8cx_gen3_firmware:-", "cpe:/o:qualcomm:sa8155_firmware:-", "cpe:/o:qualcomm:wcd9306_firmware:-", "cpe:/o:qualcomm:qcx315_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:qcn5021_firmware:-", "cpe:/o:qualcomm:sda429w_firmware:-", "cpe:/o:qualcomm:csrb31024_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:qca8081_firmware:-", "cpe:/o:qualcomm:sd680_firmware:-", "cpe:/o:qualcomm:ipq6028_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:qcn9024_firmware:-", "cpe:/o:qualcomm:sd855_firmware:-", "cpe:/o:qualcomm:sdxr2_5g_firmware:-", "cpe:/o:qualcomm:csra6640_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:qcs605_firmware:-", "cpe:/o:qualcomm:csr8811_firmware:-", "cpe:/o:qualcomm:qcs6125_firmware:-", "cpe:/o:qualcomm:sa8145p_firmware:-", "cpe:/o:qualcomm:sa6150p_firmware:-", "cpe:/o:qualcomm:qcs610_firmware:-", "cpe:/o:qualcomm:qcm4290_firmware:-", "cpe:/o:qualcomm:sdx55_firmware:-", "cpe:/o:qualcomm:qca6564au_firmware:-", "cpe:/o:qualcomm:fsm10055_firmware:-", "cpe:/o:qualcomm:ipq6005_firmware:-", "cpe:/o:qualcomm:qcn5121_firmware:-", "cpe:/o:qualcomm:qca6564a_firmware:-", "cpe:/o:qualcomm:qcs2290_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:qcn5122_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:qcn5022_firmware:-", "cpe:/o:qualcomm:sdx24_firmware:-", "cpe:/o:qualcomm:wcn3620_firmware:-", "cpe:/o:qualcomm:ipq6010_firmware:-", "cpe:/o:qualcomm:sxr2150p_firmware:-", "cpe:/o:qualcomm:qca6564_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:qca8075_firmware:-", "cpe:/o:qualcomm:sa515m_firmware:-", "cpe:/o:qualcomm:sa6155_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:fsm10056_firmware:-", "cpe:/o:qualcomm:sw5100p_firmware:-", "cpe:/o:qualcomm:wcn3660b_firmware:-", "cpe:/o:qualcomm:qca6436_firmware:-", "cpe:/o:qualcomm:sd665_firmware:-", "cpe:/o:qualcomm:aqt1000_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:sdm429w_firmware:-", "cpe:/o:qualcomm:sd_8cx_gen2_firmware:-", "cpe:/o:qualcomm:qcn9070_firmware:-", "cpe:/o:qualcomm:qcn9072_firmware:-", "cpe:/o:qualcomm:qca6420_firmware:-", "cpe:/o:qualcomm:qcn5052_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:qcn9074_firmware:-", "cpe:/o:qualcomm:qcn9022_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:sa8155p_firmware:-", "cpe:/o:qualcomm:qrb5165_firmware:-", "cpe:/o:qualcomm:sd750g_firmware:-", "cpe:/o:qualcomm:sa6155p_firmware:-", "cpe:/o:qualcomm:sd460_firmware:-", "cpe:/o:qualcomm:wcn3999_firmware:-", "cpe:/o:qualcomm:sa8150p_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:qca9984_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:ipq6000_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:qca8072_firmware:-", "cpe:/o:qualcomm:ipq6018_firmware:-", "cpe:/o:qualcomm:mdm9150_firmware:-", "cpe:/o:qualcomm:qca6174a_firmware:-", "cpe:/o:qualcomm:qcn9011_firmware:-", "cpe:/o:qualcomm:wcd9360_firmware:-", "cpe:/o:qualcomm:wcn3610_firmware:-", "cpe:/o:qualcomm:qrb5165n_firmware:-", "cpe:/o:qualcomm:qca4024_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:sdxr1_firmware:-", "cpe:/o:qualcomm:qca9377_firmware:-", "cpe:/o:qualcomm:sd690_5g_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:sm7250p_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:qcs410_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:sd765g_firmware:-", "cpe:/o:qualcomm:sa415m_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:sw5100_firmware:-", "cpe:/o:qualcomm:qsm8250_firmware:-"], "id": "CVE-2021-30349", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30349", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5152_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5121_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5022_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165n_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6005_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9011_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csr8811_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8075_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa4155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8072_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca4004_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8cx_gen3_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa4150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:fsm10055_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5021_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6028_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca4024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5052_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8cx_gen2_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9070_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9072_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ipq6010_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn6023_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn5122_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6564_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:fsm10056_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9984_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sxr2150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx57m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9022_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-06-24T16:20:22", "description": "A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T10:15:00", "type": "cve", "title": "CVE-2021-35112", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-35112"], "modified": "2022-06-24T15:29:00", "cpe": ["cpe:/o:qualcomm:sd865_5g_firmware:-", "cpe:/o:qualcomm:qcs6125_firmware:-", "cpe:/o:qualcomm:qcs4290_firmware:-", "cpe:/o:qualcomm:sa8150p_firmware:-", "cpe:/o:qualcomm:qca6574au_firmware:-", "cpe:/o:qualcomm:sd205_firmware:-", "cpe:/o:qualcomm:wcn3610_firmware:-", "cpe:/o:qualcomm:wcn6851_firmware:-", "cpe:/o:qualcomm:qcs603_firmware:-", "cpe:/o:qualcomm:sa6150p_firmware:-", "cpe:/o:qualcomm:qet4101_firmware:-", "cpe:/o:qualcomm:wcd9360_firmware:-", "cpe:/o:qualcomm:wcd9370_firmware:-", "cpe:/o:qualcomm:wsa8810_firmware:-", "cpe:/o:qualcomm:sm7250p_firmware:-", "cpe:/o:qualcomm:sw5100_firmware:-", "cpe:/o:qualcomm:qcm4290_firmware:-", "cpe:/o:qualcomm:sa6145p_firmware:-", "cpe:/o:qualcomm:wcn3910_firmware:-", "cpe:/o:qualcomm:qsw8573_firmware:-", "cpe:/o:qualcomm:sd765g_firmware:-", "cpe:/o:qualcomm:qualcomm215_firmware:-", "cpe:/o:qualcomm:sdxr2_5g_firmware:-", "cpe:/o:qualcomm:sm7325p_firmware:-", "cpe:/o:qualcomm:sd888_firmware:-", "cpe:/o:qualcomm:sm7315_firmware:-", "cpe:/o:qualcomm:qcs605_firmware:-", "cpe:/o:qualcomm:sd429_firmware:-", "cpe:/o:qualcomm:sd780g_firmware:-", "cpe:/o:qualcomm:wcn6856_firmware:-", "cpe:/o:qualcomm:wcd9385_firmware:-", "cpe:/o:qualcomm:wcn6855_firmware:-", "cpe:/o:qualcomm:qcs6490_firmware:-", "cpe:/o:qualcomm:wcn3660b_firmware:-", "cpe:/o:qualcomm:sw5100p_firmware:-", "cpe:/o:qualcomm:qcs405_firmware:-", "cpe:/o:qualcomm:sd_8_gen1_5g_firmware:-", "cpe:/o:qualcomm:wcn6750_firmware:-", "cpe:/o:qualcomm:qca6696_firmware:-", "cpe:/o:qualcomm:sd888_5g_firmware:-", "cpe:/o:qualcomm:wcn6850_firmware:-", "cpe:/o:qualcomm:wcn3999_firmware:-", "cpe:/o:qualcomm:wcn3980_firmware:-", "cpe:/o:qualcomm:sd870_firmware:-", "cpe:/o:qualcomm:sd768g_firmware:-", "cpe:/o:qualcomm:qca6391_firmware:-", "cpe:/o:qualcomm:qcm6490_firmware:-", "cpe:/o:qualcomm:ar8031_firmware:-", "cpe:/o:qualcomm:sa8155p_firmware:-", "cpe:/o:qualcomm:wcn6740_firmware:-", "cpe:/o:qualcomm:qrb5165n_firmware:-", "cpe:/o:qualcomm:qcs410_firmware:-", "cpe:/o:qualcomm:wcn3950_firmware:-", "cpe:/o:qualcomm:qrb5165_firmware:-", "cpe:/o:qualcomm:qca6426_firmware:-", "cpe:/o:qualcomm:qca6436_firmware:-", "cpe:/o:qualcomm:sd662_firmware:-", "cpe:/o:qualcomm:sd460_firmware:-", "cpe:/o:qualcomm:wcd9341_firmware:-", "cpe:/o:qualcomm:sdm429w_firmware:-", "cpe:/o:qualcomm:wcd9340_firmware:-", "cpe:/o:qualcomm:qca9377_firmware:-", "cpe:/o:qualcomm:ar8035_firmware:-", "cpe:/o:qualcomm:qcm6125_firmware:-", "cpe:/o:qualcomm:sdx55m_firmware:-", "cpe:/o:qualcomm:qca6390_firmware:-", "cpe:/o:qualcomm:wsa8835_firmware:-", "cpe:/o:qualcomm:sda429w_firmware:-", "cpe:/o:qualcomm:sdx55_firmware:-", "cpe:/o:qualcomm:wcn3990_firmware:-", "cpe:/o:qualcomm:qca8337_firmware:-", "cpe:/o:qualcomm:qcs2290_firmware:-", "cpe:/o:qualcomm:sd765_firmware:-", "cpe:/o:qualcomm:apq8009w_firmware:-", "cpe:/o:qualcomm:qca6574a_firmware:-", "cpe:/o:qualcomm:sa8195p_firmware:-", "cpe:/o:qualcomm:mdm9150_firmware:-", "cpe:/o:qualcomm:qam8295p_firmware:-", "cpe:/o:qualcomm:wsa8830_firmware:-", "cpe:/o:qualcomm:wcd9375_firmware:-", "cpe:/o:qualcomm:qca6174a_firmware:-", "cpe:/o:qualcomm:csra6640_firmware:-", "cpe:/o:qualcomm:sm6375_firmware:-", "cpe:/o:qualcomm:wcd9335_firmware:-", "cpe:/o:qualcomm:sa6155p_firmware:-", "cpe:/o:qualcomm:sdx12_firmware:-", "cpe:/o:qualcomm:sa515m_firmware:-", "cpe:/o:qualcomm:sd210_firmware:-", "cpe:/o:qualcomm:wcn3998_firmware:-", "cpe:/o:qualcomm:sd480_firmware:-", "cpe:/o:qualcomm:sa8145p_firmware:-", "cpe:/o:qualcomm:wcd9380_firmware:-", "cpe:/o:qualcomm:qcs610_firmware:-", "cpe:/o:qualcomm:wcn3991_firmware:-", "cpe:/o:qualcomm:sd855_firmware:-", "cpe:/o:qualcomm:csra6620_firmware:-", "cpe:/o:qualcomm:msm8909w_firmware:-", "cpe:/o:qualcomm:qrb5165m_firmware:-", "cpe:/o:qualcomm:sdx24_firmware:-", "cpe:/o:qualcomm:wcn3620_firmware:-", "cpe:/o:qualcomm:wcn3988_firmware:-", "cpe:/o:qualcomm:aqt1000_firmware:-", "cpe:/o:qualcomm:qcm2290_firmware:-", "cpe:/o:qualcomm:sd778g_firmware:-", "cpe:/o:qualcomm:sa8295p_firmware:-", "cpe:/o:qualcomm:wsa8815_firmware:-", "cpe:/o:qualcomm:qca6595au_firmware:-"], "id": "CVE-2021-35112", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35112", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:qualcomm:sd888_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qet4101_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:apq8009w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7315_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx12_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qualcomm215_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qsw8573_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qrb5165n_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8145p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-20T16:22:01", "description": "In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a background application to regain foreground permissions due to insufficient background restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-183147114", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-0694", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0694"], "modified": "2022-04-20T14:25:00", "cpe": ["cpe:/o:google:android:11.0"], "id": "CVE-2021-0694", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0694", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*"]}, {"lastseen": "2022-04-20T16:22:01", "description": "In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "cve", "title": "CVE-2021-0707", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0707"], "modified": "2022-04-20T14:26:00", "cpe": ["cpe:/o:google:android:-"], "id": "CVE-2021-0707", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0707", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-08-04T13:10:09", "description": "In ion_ioctl of ion-ioctl.c, there is a possible use after free due to\nimproper locking. This could lead to local escalation of privilege with no\nadditional execution privileges needed. User interaction is not needed for\nexploitation.Product: AndroidVersions: Android kernelAndroid ID:\nA-209791720References: Upstream kernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T00:00:00", "type": "ubuntucve", "title": "CVE-2021-39801", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39801"], "modified": "2022-04-12T00:00:00", "id": "UB:CVE-2021-39801", "href": "https://ubuntu.com/security/CVE-2021-39801", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T13:10:10", "description": "In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head\ndata due to a use after free. This could lead to local information\ndisclosure with no additional execution privileges needed. User interaction\nis not needed for exploitation.Product: AndroidVersions: Android\nkernelAndroid ID: A-208277166References: Upstream kernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-12T00:00:00", "type": "ubuntucve", "title": "CVE-2021-39800", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39800"], "modified": "2022-04-12T00:00:00", "id": "UB:CVE-2021-39800", "href": "https://ubuntu.com/security/CVE-2021-39800", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-04T13:10:08", "description": "In change_pte_range of mprotect.c , there is a possible way to make a\nshared mmap writable due to a permissions bypass. This could lead to local\nescalation of privilege with no additional execution privileges needed.\nUser interaction is not needed for exploitation.Product: AndroidVersions:\nAndroid kernelAndroid ID: A-213339151References: Upstream kernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T00:00:00", "type": "ubuntucve", "title": "CVE-2021-39802", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39802"], "modified": "2022-04-12T00:00:00", "id": "UB:CVE-2021-39802", "href": "https://ubuntu.com/security/CVE-2021-39802", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T13:10:07", "description": "In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a\npossible way to trick victim to install harmful app due to a\ntapjacking/overlay attack. This could lead to local escalation of privilege\nwith User execution privileges needed. User interaction is needed for\nexploitation.Product: AndroidVersions: Android-10 Android-11 Android-12\nAndroid-12LAndroid ID: A-205595291\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009626>\n", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-12T00:00:00", "type": "ubuntucve", "title": "CVE-2021-39796", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39796"], "modified": "2022-04-12T00:00:00", "id": "UB:CVE-2021-39796", "href": "https://ubuntu.com/security/CVE-2021-39796", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-04T13:10:08", "description": "In dma_buf_release of dma-buf.c, there is a possible memory corruption due\nto a use after free. This could lead to local escalation of privilege with\nno additional execution privileges needed. User interaction is not needed\nfor exploitation.Product: AndroidVersions: Android kernelAndroid ID:\nA-155756045References: Upstream kernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T00:00:00", "type": "ubuntucve", "title": "CVE-2021-0707", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0707"], "modified": "2022-04-12T00:00:00", "id": "UB:CVE-2021-0707", "href": "https://ubuntu.com/security/CVE-2021-0707", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-08-11T15:56:46", "description": "In ion_ioctl of ion-ioctl.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-209791720References: Upstream kernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "debiancve", "title": "CVE-2021-39801", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39801"], "modified": "2022-04-12T17:15:00", "id": "DEBIANCVE:CVE-2021-39801", "href": "https://security-tracker.debian.org/tracker/CVE-2021-39801", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-11T15:56:46", "description": "In ion_ioctl of ion-ioctl.c, there is a possible way to leak kernel head data due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208277166References: Upstream kernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-12T17:15:00", "type": "debiancve", "title": "CVE-2021-39800", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39800"], "modified": "2022-04-12T17:15:00", "id": "DEBIANCVE:CVE-2021-39800", "href": "https://security-tracker.debian.org/tracker/CVE-2021-39800", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-11T15:56:46", "description": "In change_pte_range of mprotect.c , there is a possible way to make a shared mmap writable due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213339151References: Upstream kernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "debiancve", "title": "CVE-2021-39802", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39802"], "modified": "2022-04-12T17:15:00", "id": "DEBIANCVE:CVE-2021-39802", "href": "https://security-tracker.debian.org/tracker/CVE-2021-39802", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-09T05:59:10", "description": "In HarmfulAppWarningActivity of HarmfulAppWarningActivity.java, there is a possible way to trick victim to install harmful app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205595291", "cvss3": {"exploitabilityScore": 1.3, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "debiancve", "title": "CVE-2021-39796", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-39796"], "modified": "2022-04-12T17:15:00", "id": "DEBIANCVE:CVE-2021-39796", "href": "https://security-tracker.debian.org/tracker/CVE-2021-39796", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-11T15:56:42", "description": "In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References: Upstream kernel", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-12T17:15:00", "type": "debiancve", "title": "CVE-2021-0707", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-0707"], "modified": "2022-04-12T17:15:00", "id": "DEBIANCVE:CVE-2021-0707", "href": "https://security-tracker.debian.org/tracker/CVE-2021-0707", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-06-15T17:01:43", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1676-1 advisory.\n\n - A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.\n (CVE-2020-27835)\n\n - In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References:\n Upstream kernel (CVE-2021-0707)\n\n - There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. (CVE-2021-38208)\n\n - A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.\n (CVE-2021-4154)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)\n\n - In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. (CVE-2022-29156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2022-05-17T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:1676-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27835", "CVE-2021-0707", "CVE-2021-20292", "CVE-2021-20321", "CVE-2021-38208", "CVE-2021-4154", "CVE-2022-0812", "CVE-2022-1158", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1419", "CVE-2022-1516", "CVE-2022-28356", "CVE-2022-28748", "CVE-2022-28893", "CVE-2022-29156"], "modified": "2022-05-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1676-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161220", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1676-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161220);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/17\");\n\n script_cve_id(\n \"CVE-2020-27835\",\n \"CVE-2021-0707\",\n \"CVE-2021-4154\",\n \"CVE-2021-20292\",\n \"CVE-2021-20321\",\n \"CVE-2021-38208\",\n \"CVE-2022-0812\",\n \"CVE-2022-1158\",\n \"CVE-2022-1280\",\n \"CVE-2022-1353\",\n \"CVE-2022-1419\",\n \"CVE-2022-1516\",\n \"CVE-2022-28356\",\n \"CVE-2022-28748\",\n \"CVE-2022-28893\",\n \"CVE-2022-29156\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1676-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:1676-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:1676-1 advisory.\n\n - A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the\n way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.\n (CVE-2020-27835)\n\n - In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References:\n Upstream kernel (CVE-2021-0707)\n\n - There is a flaw reported in the Linux kernel in versions before 5.9 in\n drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue\n results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker with a local account with a root privilege, can leverage this vulnerability to\n escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users\n do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial\n of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure\n of a bind call. (CVE-2021-38208)\n\n - A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's\n cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting\n the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.\n (CVE-2021-4154)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols\n functionality in the way a user terminates their session using a simulated Ethernet card and continued\n usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)\n\n - In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to\n rtrs_clt_dev_release. (CVE-2022-29156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1028340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1121726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1137728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199024\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-May/011024.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2fb34b9c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27835\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29156\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29156\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-4154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-azure-5.3.18-150300.38.56.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-azure-devel-5.3.18-150300.38.56.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-azure-5.3.18-150300.38.56.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-azure-5.3.18-150300.38.56.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-azure-5.3.18-150300.38.56.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-devel / kernel-devel-azure / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T17:02:00", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1687-1 advisory.\n\n - A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.\n (CVE-2020-27835)\n\n - In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References:\n Upstream kernel (CVE-2021-0707)\n\n - There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. (CVE-2021-38208)\n\n - A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.\n (CVE-2021-4154)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)\n\n - In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. (CVE-2022-29156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2022-05-17T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:1687-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27835", "CVE-2021-0707", "CVE-2021-20292", "CVE-2021-20321", "CVE-2021-38208", "CVE-2021-4154", "CVE-2022-0812", "CVE-2022-1158", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1419", "CVE-2022-1516", "CVE-2022-28356", "CVE-2022-28748", "CVE-2022-28893", "CVE-2022-29156"], "modified": "2022-05-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-64kb", "p-cpe:/a:novell:suse_linux:kernel-64kb-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_68-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1687-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161235", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1687-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161235);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/17\");\n\n script_cve_id(\n \"CVE-2020-27835\",\n \"CVE-2021-0707\",\n \"CVE-2021-4154\",\n \"CVE-2021-20292\",\n \"CVE-2021-20321\",\n \"CVE-2021-38208\",\n \"CVE-2022-0812\",\n \"CVE-2022-1158\",\n \"CVE-2022-1280\",\n \"CVE-2022-1353\",\n \"CVE-2022-1419\",\n \"CVE-2022-1516\",\n \"CVE-2022-28356\",\n \"CVE-2022-28748\",\n \"CVE-2022-28893\",\n \"CVE-2022-29156\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1687-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:1687-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:1687-1 advisory.\n\n - A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the\n way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.\n (CVE-2020-27835)\n\n - In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References:\n Upstream kernel (CVE-2021-0707)\n\n - There is a flaw reported in the Linux kernel in versions before 5.9 in\n drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue\n results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker with a local account with a root privilege, can leverage this vulnerability to\n escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users\n do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial\n of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure\n of a bind call. (CVE-2021-38208)\n\n - A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's\n cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting\n the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.\n (CVE-2021-4154)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols\n functionality in the way a user terminates their session using a simulated Ethernet card and continued\n usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)\n\n - In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to\n rtrs_clt_dev_release. (CVE-2022-29156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1028340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1137728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199024\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-May/011033.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?22aad500\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27835\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29156\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29156\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-4154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_68-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-ha-release-15.3', 'sles-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-ha-release-15.3', 'sles-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-ha-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-150300_59_68-default-1-150300.7.5.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-live-patching-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'sle-we-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-development-tools-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'s390x', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.68.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-ha-release-15.3', 'sles-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.68.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-legacy-release-15.3', 'sles-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T17:01:57", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:1669-1 advisory.\n\n - A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.\n (CVE-2020-27835)\n\n - In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References:\n Upstream kernel (CVE-2021-0707)\n\n - There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. (CVE-2021-38208)\n\n - A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.\n (CVE-2021-4154)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)\n\n - In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. (CVE-2022-29156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2022-05-17T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:1669-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27835", "CVE-2021-0707", "CVE-2021-20292", "CVE-2021-20321", "CVE-2021-38208", "CVE-2021-4154", "CVE-2022-0812", "CVE-2022-1158", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1419", "CVE-2022-1516", "CVE-2022-28356", "CVE-2022-28748", "CVE-2022-28893", "CVE-2022-29156"], "modified": "2022-05-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:release-notes-sle_rt", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-1669-1.NASL", "href": "https://www.tenable.com/plugins/nessus/161225", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:1669-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161225);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/17\");\n\n script_cve_id(\n \"CVE-2020-27835\",\n \"CVE-2021-0707\",\n \"CVE-2021-4154\",\n \"CVE-2021-20292\",\n \"CVE-2021-20321\",\n \"CVE-2021-38208\",\n \"CVE-2022-0812\",\n \"CVE-2022-1158\",\n \"CVE-2022-1280\",\n \"CVE-2022-1353\",\n \"CVE-2022-1419\",\n \"CVE-2022-1516\",\n \"CVE-2022-28356\",\n \"CVE-2022-28748\",\n \"CVE-2022-28893\",\n \"CVE-2022-29156\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:1669-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:1669-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:1669-1 advisory.\n\n - A use after free in the Linux kernel infiniband hfi1 driver in versions prior to 5.10-rc6 was found in the\n way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system.\n (CVE-2020-27835)\n\n - In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a use after free. This could\n lead to local escalation of privilege with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-155756045References:\n Upstream kernel (CVE-2021-0707)\n\n - There is a flaw reported in the Linux kernel in versions before 5.9 in\n drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue\n results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker with a local account with a root privilege, can leverage this vulnerability to\n escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users\n do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial\n of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure\n of a bind call. (CVE-2021-38208)\n\n - A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel's\n cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting\n the fsconfig syscall parameter leading to a container breakout and a denial of service on the system.\n (CVE-2021-4154)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols\n functionality in the way a user terminates their session using a simulated Ethernet card and continued\n usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)\n\n - In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. (CVE-2022-28356)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to\n rtrs_clt_dev_release. (CVE-2022-29156)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1028340\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1137728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193842\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197677\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197926\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198400\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198484\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199024\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-May/011018.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b69002cb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27835\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0707\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0812\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28356\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29156\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29156\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-4154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:release-notes-sle_rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-5.3.18-150300.88.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'dlm-kmp-rt-5.3.18-150300.88.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'gfs2-kmp-rt-5.3.18-150300.88.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-devel-rt-5.3.18-150300.88.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-rt-5.3.18-150300.88.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-rt-devel-5.3.18-150300.88.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-rt_debug-devel-5.3.18-150300.88.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-source-rt-5.3.18-150300.88.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'kernel-syms-rt-5.3.18-150300.88.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'ocfs2-kmp-rt-5.3.18-150300.88.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']},\n {'reference':'release-notes-sle_rt-15.3.20220422-150300.3.3.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-15.3', 'sle-module-rt-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2022-05-16T14:51:38", "description": "An update that solves 16 vulnerabilities, contains 6\n features and has 25 fixes is now available.\n\nDescription:\n\n\n The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various\n security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2020-27835: Fixed a use after free vulnerability in infiniband hfi1\n driver in the way user calls Ioctl after open dev file and fork. A local\n user could use this flaw to crash the system (bnc#1179878).\n - CVE-2021-0707: Fixed a use after free vulnerability in dma_buf_release\n of dma-buf.c, which may lead to local escalation of privilege with no\n additional execution privileges needed (bnc#1198437).\n - CVE-2021-20292: Fixed object validation prior to performing operations\n on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem\n (bnc#1183723).\n - CVE-2021-20321: Fixed a race condition accessing file object in the\n OverlayFS subsystem in the way users do rename in specific way with\n OverlayFS. A local user could have used this flaw to crash the system\n (bnc#1191647).\n - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and\n BUG) by making a getsockname call after a certain type of failure of a\n bind call (bnc#1187055).\n - CVE-2021-4154: Fixed a use-after-free vulnerability in\n cgroup1_parse_param in kernel/cgroup/cgroup-v1.c, allowing a local\n privilege escalation by an attacker with user privileges by exploiting\n the fsconfig syscall parameter, leading to a container breakout and a\n denial of service on the system (bnc#1193842).\n - CVE-2022-0812: Fixed information leak when a file is read from RDMA\n (bsc#1196639)\n - CVE-2022-1158: Fixed a vulnerability in the kvm module that may lead to\n a use-after-free write or denial of service (bsc#1197660).\n - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in\n drivers/gpu/drm/drm_lease.c (bnc#1197914).\n - CVE-2022-1353: Fixed access controll to kernel memory in the\n pfkey_register function in net/key/af_key.c (bnc#1198516).\n - CVE-2022-1419: Fixed a concurrency use-after-free in\n vgem_gem_dumb_create (bsc#1198742).\n - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect\n (bsc#1199012).\n - CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c\n (bnc#1197391).\n - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a\n devices (bsc#1196018).\n - CVE-2022-28893: Fixed a use after free vulnerability in inet_put_port\n where some sockets are not closed before xs_xprt_free() (bsc#1198330).\n - CVE-2022-29156: Fixed a double free vulnerability related to\n rtrs_clt_dev_release.ate (jsc#SLE-15176 bsc#1198515).\n\n The following non-security bugs were fixed:\n\n - ACPI/APEI: Limit printable size of BERT table data (git-fixes).\n - ACPI: processor idle: Check for architectural support for LPI\n (git-fixes).\n - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).\n - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).\n - ALSA: hda/hdmi: fix warning about PCM count when used with SOF\n (git-fixes).\n - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).\n - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020\n (git-fixes).\n - ALSA: pcm: Test for \"silence\" field in struct \"pcm_format_data\"\n (git-fixes).\n - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb\n (git-fixes).\n - ALSA: usb-audio: Increase max buffer size (git-fixes).\n - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).\n - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek\n (git-fixes).\n - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use\n (git-fixes).\n - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).\n - ASoC: msm8916-wcd-digital: Check failure for\n devm_snd_soc_register_component (git-fixes).\n - ASoC: soc-compress: Change the check for codec_dai (git-fixes).\n - ASoC: soc-compress: prevent the potentially use of null pointer\n (git-fixes).\n - ASoC: soc-core: skip zero num_dai component in searching dai name\n (git-fixes).\n - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).\n - Bluetooth: Fix use after free in hci_send_acl (git-fixes).\n - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).\n - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes).\n - Documentation: add link to stable release candidate tree (git-fixes).\n - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).\n - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).\n - Input: omap4-keypad - fix pm_runtime_get_sync() error checking\n (git-fixes).\n - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).\n - NFSv4: fix open failure with O_ACCMODE flag (git-fixes).\n - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge\n (git-fixes).\n - PCI: aardvark: Fix support for MSI interrupts (git-fixes).\n - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).\n - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum\n (git-fixes).\n - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).\n - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).\n - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).\n - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175).\n - RDMA/mlx5: Do not remove cache MRs when a delay is needed\n (jsc#SLE-15175).\n - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR\n (jsc#SLE-15175).\n - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()\n (git-fixes).\n - SUNRPC: Fix the svc_deferred_event trace class (git-fixes).\n - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).\n - SUNRPC: Handle low memory situations in call_status() (git-fixes).\n - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).\n - USB: serial: pl2303: add IBM device IDs (git-fixes).\n - USB: serial: simple: add Nokia phone driver (git-fixes).\n - USB: storage: ums-realtek: fix error code in rts51x_read_mem()\n (git-fixes).\n - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c\n (git-fixes).\n - USB: dwc3: omap: fix \"unbalanced disables for smps10_out1\" on omap5evm\n (git-fixes).\n - USB: gadget: uvc: Fix crash when encoding data for usb request\n (git-fixes).\n - adm8211: fix error return code in adm8211_probe() (git-fixes).\n - arm64/sve: Use correct size when reinitialising SVE state (git-fixes)\n - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1\n (git-fixes)\n - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)\n - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)\n - arm64: dts: exynos: correct GIC CPU interfaces address range on\n (git-fixes)\n - arm64: dts: ls1028a: fix memory node (git-fixes)\n - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)\n - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)\n - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)\n - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of\n (git-fixes)\n - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0\n (git-fixes)\n - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)\n - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)\n - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)\n - arm64: head: avoid over-mapping in map_memory (git-fixes)\n - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs\n (git-fixes).\n - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).\n - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern\n (git-fixes).\n - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).\n - ath5k: fix building with LEDS=m (git-fixes).\n - ath9k: Fix usage of driver-private space in tx_info (git-fixes).\n - ath9k: Properly clear TX status area before reporting to mac80211\n (git-fixes).\n - ath9k_htc: fix uninit value bugs (git-fixes).\n - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172).\n - bfq: Avoid merging queues with different parents (bsc#1197926).\n - bfq: Drop pointless unlock-lock pair (bsc#1197926).\n - bfq: Get rid of __bio_blkcg() usage (bsc#1197926).\n - bfq: Make sure bfqg for which we are queueing requests is online\n (bsc#1197926).\n - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).\n - bfq: Split shared queues on move between cgroups (bsc#1197926).\n - bfq: Track whether bfq_group is still online (bsc#1197926).\n - bfq: Update cgroup information before merging bio (bsc#1197926).\n - block: Drop leftover references to RQF_SORTED (bsc#1182073).\n - bnx2x: fix napi API usage sequence (bsc#1198217).\n - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT\n (git-fixes bsc#1177028).\n - brcmfmac: firmware: Allocate space for default boardrev in nvram\n (git-fixes).\n - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).\n - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path\n (git-fixes).\n - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio\n (git-fixes).\n - carl9170: fix missing bit-wise or operator for tx_params (git-fixes).\n - cfg80211: hold bss_lock while updating nontrans_list (git-fixes).\n - cifs: fix bad fids sent over wire (bsc#1197157).\n - clk: Enforce that disjoints limits are invalid (git-fixes).\n - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).\n - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).\n - direct-io: defer alignment check until after the EOF check (bsc#1197656).\n - direct-io: do not force writeback for reads beyond EOF (bsc#1197656).\n - dma-debug: fix return value of __setup handlers (git-fixes).\n - dma: at_xdmac: fix a missing check on list iterator (git-fixes).\n - dmaengine: Revert \"dmaengine: shdma: Fix runtime PM imbalance on error\"\n (git-fixes).\n - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).\n - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).\n - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).\n - dmaengine: mediatek:Fix PM usage reference leak of\n mtk_uart_apdma_alloc_chan_resources (git-fixes).\n - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj\n (git-fixes).\n - drm/amd/display: Fix a NULL pointer dereference in\n amdgpu_dm_connector_add_common_modes() (git-fixes).\n - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).\n - drm/amd/display: do not ignore alpha property on pre-multiplied mode\n (git-fixes).\n - drm/amd: Add USBC connector ID (git-fixes).\n - drm/amdgpu: Fix recursive locking warning (git-fixes).\n - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).\n - drm/amdkfd: Check for potential null return of kmalloc_array()\n (git-fixes).\n - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).\n - drm/amdkfd: make CRAT table missing message informational only\n (git-fixes).\n - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe\n (git-fixes).\n - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev\n (git-fixes).\n - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt\n (git-fixes).\n - drm/edid: Do not clear formats if using deep color (git-fixes).\n - drm/edid: check basic audio support on CEA extension block (git-fixes).\n - drm/i915/gem: Flush coherency domains on first set-domain-ioctl\n (git-fixes).\n - drm/i915: Call i915_globals_exit() if pci_register_device() fails\n (git-fixes).\n - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).\n - drm/mediatek: Add AAL output size configuration (git-fixes).\n - drm/mediatek: Fix aal size config (git-fixes).\n - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()\n (git-fixes).\n - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised\n (git-fixes).\n - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare\n (git-fixes).\n - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).\n - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync()\n usage (git-fixes).\n - drm: Add orientation quirk for GPD Win Max (git-fixes).\n - drm: add a locked version of drm_is_current_master (bsc#1197914).\n - drm: add a locked version of drm_is_current_master (bsc#1197914).\n - drm: drm_file struct kABI compatibility workaround (bsc#1197914).\n - drm: drm_file struct kABI compatibility workaround (bsc#1197914).\n - drm: protect drm_master pointers in drm_lease.c (bsc#1197914).\n - drm: protect drm_master pointers in drm_lease.c (bsc#1197914).\n - drm: serialize drm_file.master with a new spinlock (bsc#1197914).\n - drm: serialize drm_file.master with a new spinlock (bsc#1197914).\n - drm: use the lookup lock in drm_is_current_master (bsc#1197914).\n - drm: use the lookup lock in drm_is_current_master (bsc#1197914).\n - e1000e: Fix possible overflow in LTR decoding (git-fixes).\n - fibmap: Reject negative block numbers (bsc#1198448).\n - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448).\n - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).\n - gpiolib: acpi: use correct format characters (git-fixes).\n - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).\n - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER\n (git-fixes).\n - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).\n - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module\n (git-fixes).\n - ipmi: Move remove_work to dedicated workqueue (git-fixes).\n - ipmi: bail out if init_srcu_struct fails (git-fixes).\n - iwlwifi: Fix -EIO error code that is never returned (git-fixes).\n - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).\n - livepatch: Do not block removal of patches that are safe to unload\n (bsc#1071995).\n - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).\n - media: cx88-mpeg: clear interrupt status register before streaming video\n (git-fixes).\n - media: hdpvr: initialize dev->worker at hdpvr_register_videodev\n (git-fixes).\n - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe\n (git-fixes).\n - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).\n - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).\n - mmc: host: Return an error when ->enable_sdio_irq() ops is missing\n (git-fixes).\n - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).\n - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).\n - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is\n complete (git-fixes).\n - mtd: onenand: Check for error irq (git-fixes).\n - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init\n (git-fixes).\n - mtd: rawnand: gpmi: fix controller timings setting (git-fixes).\n - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).\n - net: asix: add proper error handling of usb read errors (git-fixes).\n - net: mcs7830: handle usb read errors properly (git-fixes).\n - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).\n - nfc: nci: add flush_workqueue to prevent uaf (git-fixes).\n - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe\n (git-fixes).\n - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init\n (git-fixes).\n - power: supply: axp20x_battery: properly report current when discharging\n (git-fixes).\n - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).\n - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong\n false return (git-fixes).\n - power: supply: wm8350-power: Add missing free in free_charger_irq\n (git-fixes).\n - power: supply: wm8350-power: Handle error for wm8350_register_irq\n (git-fixes).\n - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).\n - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106,\n git-fixes).\n - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE\n (bsc#1198413).\n - random: check for signal_pending() outside of need_resched() check\n (git-fixes).\n - ray_cs: Check ioremap return value (git-fixes).\n - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).\n - rtc: check if __rtc_read_time was successful (git-fixes).\n - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).\n - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands\n (git-fixes).\n - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove()\n (git-fixes).\n - scsi: mpt3sas: Page fault in reply q processing (git-fixes).\n - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340\n bsc#1198825).\n - spi: Fix erroneous sgs value with min_t() (git-fixes).\n - spi: Fix invalid sgs value (git-fixes).\n - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and\n controller (git-fixes).\n - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()\n (git-fixes).\n - spi: mxic: Fix the transmit path (git-fixes).\n - spi: tegra20: Use of_device_get_match_data() (git-fixes).\n - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree\n (git-fixes).\n - vgacon: Propagate console boot parameters before calling `vc_resize'\n (bsc#1152489)\n - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).\n - video: fbdev: cirrusfb: check pixclock to avoid divide by zero\n (git-fixes).\n - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow\n (git-fixes).\n - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).\n - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).\n - video: fbdev: udlfb: properly check endpoint type (bsc#1152489)\n - video: fbdev: w100fb: Reset global state (git-fixes).\n - virtio_console: break out of buf poll on remove (git-fixes).\n - virtio_console: eliminate anonymous module_init & module_exit\n (git-fixes).\n - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).\n - x86/pm: Save the MSR validity status at context setup (bsc#1198400).\n - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO\n (git-fixes).\n - x86/speculation: Restore speculation related MSRs during S3 resume\n (bsc#1198400).\n - xen/blkfront: fix comment for need_copy (git-fixes).\n - xen/x86: obtain full video frame buffer address for Dom0 also under EFI\n (bsc#1193556).\n - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0\n (bsc#1193556).\n - xen: fix is_xen_pmu() (git-fixes).\n - xhci: fix runtime PM imbalance in USB2 resume (git-fixes).\n - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()\n (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-1676=1\n\n - SUSE Linux Enterprise Module for Public Cloud 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1676=1", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-05-16T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27835", "CVE-2021-0707", "CVE-2021-20292", "CVE-2021-20321", "CVE-2021-38208", "CVE-2021-4154", "CVE-2022-0812", "CVE-2022-1158", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1419", "CVE-2022-1516", "CVE-2022-28356", "CVE-2022-28748", "CVE-2022-28893", "CVE-2022-29156"], "modified": "2022-05-16T00:00:00", "id": "SUSE-SU-2022:1676-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L2XH3U7GRKSKGRIYFN7EO74WDNEGFDR5/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-04T09:56:40", "description": "An update that solves 16 vulnerabilities, contains 6\n features and has 29 fixes is now available.\n\nDescription:\n\n\n The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various\n security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2022-29156: Fixed a double free related to rtrs_clt_dev_release\n (bnc#1198515).\n - CVE-2022-28893: Ensuring that sockets are in the intended state inside\n the SUNRPC subsystem (bnc#1198330).\n - CVE-2022-28748: Fixed memory lead over the network by ax88179_178a\n devices (bsc#1196018).\n - CVE-2022-28356: Fixed a refcount leak bug found in net/llc/af_llc.c\n (bnc#1197391).\n - CVE-2022-1516: Fixed null-ptr-deref caused by x25_disconnect\n (bsc#1199012).\n - CVE-2022-1419: Fixed a concurrency use-after-free in\n vgem_gem_dumb_create (bsc#1198742).\n - CVE-2022-1353: Fixed access controll to kernel memory in the\n pfkey_register function in net/key/af_key.c (bnc#1198516).\n - CVE-2022-1280: Fixed a use-after-free vulnerability in drm_lease_held in\n drivers/gpu/drm/drm_lease.c (bnc#1197914).\n - CVE-2022-1158: Fixed KVM x86/mmu compare-and-exchange of gPTE via the\n user address (bsc#1197660).\n - CVE-2022-0812: Fixed random memory leakage inside NFS/RDMA (bsc#1196639).\n - CVE-2021-4154: Fixed a use-after-free flaw inside cgroup1_parse_param in\n kernel/cgroup/cgroup-v1.c. A local attacker with a user privilege could\n cause a privilege escalation by exploiting the fsconfig syscall\n parameter leading to a container breakout and a denial of service on the\n system (bnc#1193842).\n - CVE-2021-38208: Fixed a denial of service (NULL pointer dereference and\n BUG) by making a getsockname call after a certain type of failure of a\n bind call (bnc#1187055).\n - CVE-2021-20321: Fixed a race condition accessing file object in the\n OverlayFS subsystem in the way users do rename in specific way with\n OverlayFS. A local user could have used this flaw to crash the system\n (bnc#1191647).\n - CVE-2021-20292: Fixed object validation prior to performing operations\n on the object in nouveau_sgdma_create_ttm in Nouveau DRM subsystem\n (bnc#1183723).\n - CVE-2021-0707: Fixed possible memory corruption due to a use after free\n inside dma_buf_releas e of dma-buf.c (bnc#1198437).\n - CVE-2020-27835: Fixed use after free in infiniband hfi1 driver in the\n way user calls Ioctl after open dev file and fork. A local user could\n use this flaw to crash the system (bnc#1179878).\n\n\n The following non-security bugs were fixed:\n\n - ACPI: processor idle: Check for architectural support for LPI\n (git-fixes).\n - ACPI/APEI: Limit printable size of BERT table data (git-fixes).\n - ACPICA: Avoid walking the ACPI Namespace if it is not there (git-fixes).\n - adm8211: fix error return code in adm8211_probe() (git-fixes).\n - ALSA: cs4236: fix an incorrect NULL check on list iterator (git-fixes).\n - ALSA: hda/hdmi: fix warning about PCM count when used with SOF\n (git-fixes).\n - ALSA: hda/realtek: Add alc256-samsung-headphone fixup (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo PD50PNT (git-fixes).\n - ALSA: hda/realtek: Fix audio regression on Mi Notebook Pro 2020\n (git-fixes).\n - ALSA: pcm: Test for \"silence\" field in struct \"pcm_format_data\"\n (git-fixes).\n - ALSA: usb-audio: Cap upper limits of buffer/period bytes for implicit fb\n (git-fixes).\n - ALSA: usb-audio: Increase max buffer size (git-fixes).\n - ALSA: usb-audio: Limit max buffer and period sizes per time (git-fixes).\n - arm64: clear_page() shouldn't use DC ZVA when DCZID_EL0.DZP == 1\n (git-fixes)\n - arm64: dts: allwinner: h5: NanoPI Neo 2: Fix ethernet node (git-fixes)\n - arm64: dts: allwinner: orangepi-zero-plus: fix PHY mode (git-fixes)\n - arm64: dts: exynos: correct GIC CPU interfaces address range on\n (git-fixes)\n - arm64: dts: ls1028a: fix memory node (git-fixes)\n - arm64: dts: ls1028a: fix node name for the sysclk (git-fixes)\n - arm64: dts: lx2160a: fix scl-gpios property name (git-fixes)\n - arm64: dts: marvell: armada-37xx: Extend PCIe MEM space (git-fixes)\n - arm64: dts: marvell: armada-37xx: Fix reg for standard variant of\n (git-fixes)\n - arm64: dts: marvell: armada-37xx: Remap IO space to bus address 0x0\n (git-fixes)\n - arm64: dts: rockchip: Fix GPU register width for RK3328 (git-fixes)\n - arm64: dts: rockchip: remove mmc-hs400-enhanced-strobe from (git-fixes)\n - arm64: dts: zii-ultra: fix 12V_MAIN voltage (git-fixes)\n - arm64: head: avoid over-mapping in map_memory (git-fixes)\n - arm64: Update config files; arm LIBNVDIMM y->m ppc64le ND_BLK ->m\n (bsc#1199024).\n - arm64/sve: Use correct size when reinitialising SVE state (git-fixes)\n - ASoC: atmel: Remove system clock tree configuration for at91sam9g20ek\n (git-fixes).\n - ASoC: codecs: wcd934x: do not switch off SIDO Buck when codec is in use\n (git-fixes).\n - ASoC: mediatek: mt6358: add missing EXPORT_SYMBOLs (git-fixes).\n - ASoC: msm8916-wcd-digital: Check failure for\n devm_snd_soc_register_component (git-fixes).\n - ASoC: soc-compress: Change the check for codec_dai (git-fixes).\n - ASoC: soc-compress: prevent the potentially use of null pointer\n (git-fixes).\n - ASoC: soc-core: skip zero num_dai component in searching dai name\n (git-fixes).\n - ASoC: soc-dapm: fix two incorrect uses of list iterator (git-fixes).\n - ata: libata-core: Disable READ LOG DMA EXT for Samsung 840 EVOs\n (git-fixes).\n - ata: sata_dwc_460ex: Fix crash due to OOB write (git-fixes).\n - ath10k: fix memory overwrite of the WoWLAN wakeup packet pattern\n (git-fixes).\n - ath5k: fix building with LEDS=m (git-fixes).\n - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 (git-fixes).\n - ath9k_htc: fix uninit value bugs (git-fixes).\n - ath9k: Fix usage of driver-private space in tx_info (git-fixes).\n - ath9k: Properly clear TX status area before reporting to mac80211\n (git-fixes).\n - backlight: qcom-wled: Respect enabled-strings in set_brightness\n (bsc#1152489)\n - bareudp: use ipv6_mod_enabled to check if IPv6 enabled (jsc#SLE-15172).\n - bfq: Avoid merging queues with different parents (bsc#1197926).\n - bfq: Drop pointless unlock-lock pair (bsc#1197926).\n - bfq: Get rid of __bio_blkcg() usage (bsc#1197926).\n - bfq: Make sure bfqg for which we are queueing requests is online\n (bsc#1197926).\n - bfq: Remove pointless bfq_init_rq() calls (bsc#1197926).\n - bfq: Split shared queues on move between cgroups (bsc#1197926).\n - bfq: Track whether bfq_group is still online (bsc#1197926).\n - bfq: Update cgroup information before merging bio (bsc#1197926).\n - block: Drop leftover references to RQF_SORTED (bsc#1182073).\n - Bluetooth: btmtksdio: Fix kernel oops in btmtksdio_interrupt (git-fixes).\n - Bluetooth: Fix use after free in hci_send_acl (git-fixes).\n - Bluetooth: hci_serdev: call init_rwsem() before p->open() (git-fixes).\n - bnx2x: fix napi API usage sequence (bsc#1198217).\n - bpf: Resolve to prog->aux->dst_prog->type only for BPF_PROG_TYPE_EXT\n (git-fixes bsc#1177028).\n - brcmfmac: firmware: Allocate space for default boardrev in nvram\n (git-fixes).\n - brcmfmac: pcie: Fix crashes due to early IRQs (git-fixes).\n - brcmfmac: pcie: Release firmwares in the brcmf_pcie_setup error path\n (git-fixes).\n - brcmfmac: pcie: Replace brcmf_pcie_copy_mem_todev with memcpy_toio\n (git-fixes).\n - carl9170: fix missing bit-wise or operator for tx_params (git-fixes).\n - cfg80211: hold bss_lock while updating nontrans_list (git-fixes).\n - cifs: do not skip link targets when an I/O fails (bsc#1194625).\n - cifs: fix bad fids sent over wire (bsc#1197157).\n - clk: Enforce that disjoints limits are invalid (git-fixes).\n - clk: si5341: fix reported clk_rate when output divider is 2 (git-fixes).\n - direct-io: clean up error paths of do_blockdev_direct_IO (bsc#1197656).\n - direct-io: defer alignment check until after the EOF check (bsc#1197656).\n - direct-io: do not force writeback for reads beyond EOF (bsc#1197656).\n - dma-debug: fix return value of __setup handlers (git-fixes).\n - dma: at_xdmac: fix a missing check on list iterator (git-fixes).\n - dmaengine: idxd: add RO check for wq max_batch_size write (git-fixes).\n - dmaengine: idxd: add RO check for wq max_transfer_size write (git-fixes).\n - dmaengine: imx-sdma: Fix error checking in sdma_event_remap (git-fixes).\n - dmaengine: mediatek:Fix PM usage reference leak of\n mtk_uart_apdma_alloc_chan_resources (git-fixes).\n - dmaengine: Revert \"dmaengine: shdma: Fix runtime PM imbalance on error\"\n (git-fixes).\n - Documentation: add link to stable release candidate tree (git-fixes).\n - drm: add a locked version of drm_is_current_master (bsc#1197914).\n - drm: Add orientation quirk for GPD Win Max (git-fixes).\n - drm: drm_file struct kABI compatibility workaround (bsc#1197914).\n - drm: protect drm_master pointers in drm_lease.c (bsc#1197914).\n - drm: serialize drm_file.master with a new spinlock (bsc#1197914).\n - drm: use the lookup lock in drm_is_current_master (bsc#1197914).\n - drm/amd: Add USBC connector ID (git-fixes).\n - drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj\n (git-fixes).\n - drm/amd/display: do not ignore alpha property on pre-multiplied mode\n (git-fixes).\n - drm/amd/display: Fix a NULL pointer dereference in\n amdgpu_dm_connector_add_common_modes() (git-fixes).\n - drm/amd/display: Fix allocate_mst_payload assert on resume (git-fixes).\n - drm/amd/display: Fix memory leak in dcn21_clock_source_create\n (bsc#1152472)\n - drm/amdgpu: fix amdgpu_ras_block_late_init error handler (bsc#1152489)\n - drm/amdgpu: fix off by one in amdgpu_gfx_kiq_acquire() (git-fixes).\n - drm/amdgpu: Fix recursive locking warning (git-fixes).\n - drm/amdkfd: Check for potential null return of kmalloc_array()\n (git-fixes).\n - drm/amdkfd: Fix Incorrect VMIDs passed to HWS (git-fixes).\n - drm/amdkfd: make CRAT table missing message informational only\n (git-fixes).\n - drm/bridge: Add missing pm_runtime_disable() in __dw_mipi_dsi_probe\n (git-fixes).\n - drm/bridge: cdns-dsi: Make sure to to create proper aliases for dt\n (git-fixes).\n - drm/bridge: Fix free wrong object in sii8620_init_rcp_input_dev\n (git-fixes).\n - drm/cma-helper: Set VM_DONTEXPAND for mmap (bsc#1152472)\n - drm/edid: check basic audio support on CEA extension block (git-fixes).\n - drm/edid: Do not clear formats if using deep color (git-fixes).\n - drm/fb-helper: Mark screen buffers in system memory with (bsc#1152472)\n - drm/i915: Call i915_globals_exit() if pci_register_device() fails\n (git-fixes).\n - drm/i915: Drop all references to DRM IRQ midlayer (bsc#1152489)\n - drm/i915: Keep gem ctx->vm alive until the final put (bsc#1152489)\n - drm/i915: s/JSP2/ICP2/ PCH (bsc#1152489)\n - drm/i915/gem: Flush coherency domains on first set-domain-ioctl\n (git-fixes).\n - drm/imx: Fix memory leak in imx_pd_connector_get_modes (git-fixes).\n - drm/mediatek: Add AAL output size configuration (git-fixes).\n - drm/mediatek: Fix aal size config (git-fixes).\n - drm/msm/dsi: Use connector directly in msm_dsi_manager_connector_init()\n (git-fixes).\n - drm/panel/raspberrypi-touchscreen: Avoid NULL deref if not initialised\n (git-fixes).\n - drm/panel/raspberrypi-touchscreen: Initialise the bridge in prepare\n (git-fixes).\n - drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap (bsc#1152472)\n - drm/tegra: Fix reference leak in tegra_dsi_ganged_probe (git-fixes).\n - drm/vc4: crtc: Lookup the encoder from the register at boot (bsc#1198534)\n - drm/vc4: Use pm_runtime_resume_and_get to fix pm_runtime_get_sync()\n usage (git-fixes).\n - drm/vmwgfx: Remove unused compile options (bsc#1152472)\n - e1000e: Fix possible overflow in LTR decoding (git-fixes).\n - fibmap: Reject negative block numbers (bsc#1198448).\n - fibmap: Use bmap instead of ->bmap method in ioctl_fibmap (bsc#1198448).\n - firmware: arm_scmi: Fix sorting of retrieved clock rates (git-fixes).\n - gpiolib: acpi: use correct format characters (git-fixes).\n - gpu: ipu-v3: Fix dev_dbg frequency output (git-fixes).\n - HID: i2c-hid: fix GET/SET_REPORT for unnumbered reports (git-fixes).\n - hwrng: cavium - HW_RANDOM_CAVIUM should depend on ARCH_THUNDER\n (git-fixes).\n - i2c: dev: Force case user pointers in compat_i2cdev_ioctl() (git-fixes).\n - IB/hfi1: Allow larger MTU without AIP (jsc#SLE-13208).\n - Input: omap4-keypad - fix pm_runtime_get_sync() error checking\n (git-fixes).\n - ipmi: bail out if init_srcu_struct fails (git-fixes).\n - ipmi: Fix UAF when uninstall ipmi_si and ipmi_msghandler module\n (git-fixes).\n - ipmi: Move remove_work to dedicated workqueue (git-fixes).\n - iwlwifi: Fix -EIO error code that is never returned (git-fixes).\n - iwlwifi: mvm: Fix an error code in iwl_mvm_up() (git-fixes).\n - KEYS: fix length validation in keyctl_pkey_params_get_2() (git-fixes).\n - livepatch: Do not block removal of patches that are safe to unload\n (bsc#1071995).\n - lz4: fix LZ4_decompress_safe_partial read out of bound (git-fixes).\n - media: cx88-mpeg: clear interrupt status register before streaming video\n (git-fixes).\n - media: hdpvr: initialize dev->worker at hdpvr_register_videodev\n (git-fixes).\n - memory: atmel-ebi: Fix missing of_node_put in atmel_ebi_probe\n (git-fixes).\n - mfd: asic3: Add missing iounmap() on error asic3_mfd_probe (git-fixes).\n - mfd: mc13xxx: Add check for mc13xxx_irq_request (git-fixes).\n - mmc: host: Return an error when ->enable_sdio_irq() ops is missing\n (git-fixes).\n - mmc: mmci_sdmmc: Replace sg_dma_xxx macros (git-fixes).\n - mmc: mmci: stm32: correctly check all elements of sg list (git-fixes).\n - mmc: renesas_sdhi: do not overwrite TAP settings when HS400 tuning is\n complete (git-fixes).\n - mtd: onenand: Check for error irq (git-fixes).\n - mtd: rawnand: atmel: fix refcount issue in atmel_nand_controller_init\n (git-fixes).\n - mtd: rawnand: gpmi: fix controller timings setting (git-fixes).\n - mwl8k: Fix a double Free in mwl8k_probe_hw (git-fixes).\n - net: asix: add proper error handling of usb read errors (git-fixes).\n - net: mana: Add counter for packet dropped by XDP (bsc#1195651).\n - net: mana: Add counter for XDP_TX (bsc#1195651).\n - net: mana: Add handling of CQE_RX_TRUNCATED (bsc#1195651).\n - net: mana: Remove unnecessary check of cqe_type in mana_process_rx_cqe()\n (bsc#1195651).\n - net: mana: Reuse XDP dropped page (bsc#1195651).\n - net: mana: Use struct_size() helper in mana_gd_create_dma_region()\n (bsc#1195651).\n - net: mcs7830: handle usb read errors properly (git-fixes).\n - net: usb: aqc111: Fix out-of-bounds accesses in RX fixup (git-fixes).\n - nfc: nci: add flush_workqueue to prevent uaf (git-fixes).\n - NFSv4: fix open failure with O_ACCMODE flag (git-fixes).\n - PCI: aardvark: Fix reading PCI_EXP_RTSTA_PME bit on emulated bridge\n (git-fixes).\n - PCI: aardvark: Fix support for MSI interrupts (git-fixes).\n - PCI: imx6: Allow to probe when dw_pcie_wait_for_link() fails (git-fixes).\n - PCI: pciehp: Add Qualcomm quirk for Command Completed erratum\n (git-fixes).\n - PCI: pciehp: Clear cmd_busy bit in polling mode (git-fixes).\n - PM: core: keep irq flags in device_pm_check_callbacks() (git-fixes).\n - power: reset: gemini-poweroff: Fix IRQ check in gemini_poweroff_probe\n (git-fixes).\n - power: supply: ab8500: Fix memory leak in ab8500_fg_sysfs_init\n (git-fixes).\n - power: supply: axp20x_battery: properly report current when discharging\n (git-fixes).\n - power: supply: axp288-charger: Set Vhold to 4.4V (git-fixes).\n - power: supply: bq24190_charger: Fix bq24190_vbus_is_enabled() wrong\n false return (git-fixes).\n - power: supply: wm8350-power: Add missing free in free_charger_irq\n (git-fixes).\n - power: supply: wm8350-power: Handle error for wm8350_register_irq\n (git-fixes).\n - powerpc/perf: Expose Performance Monitor Counter SPR's as part of\n extended regs (bsc#1198077 ltc#197299).\n - powerpc/perf: Fix power10 event alternatives (jsc#SLE-13513 git-fixes).\n - powerpc/perf: Fix power9 event alternatives (bsc#1137728, LTC#178106,\n git-fixes).\n - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct\n (bsc#1198077 ltc#197299).\n - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE\n (bsc#1198413).\n - random: check for signal_pending() outside of need_resched() check\n (git-fixes).\n - ray_cs: Check ioremap return value (git-fixes).\n - RDMA/core: Set MR type in ib_reg_user_mr (jsc#SLE-8449).\n - RDMA/mlx5: Add a missing update of cache->last_add (jsc#SLE-15175).\n - RDMA/mlx5: Do not remove cache MRs when a delay is needed\n (jsc#SLE-15175).\n - RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR\n (jsc#SLE-15175).\n - regulator: wm8994: Add an off-on delay for WM8994 variant (git-fixes).\n - rpm: Run external scriptlets on uninstall only when available\n (bsc#1196514 bsc#1196114 bsc#1196942).\n - rpm: Use bash for %() expansion (jsc#SLE-18234).\n - rpm/*.spec.in: remove backtick usage\n - rpm/constraints.in: skip SLOW_DISK workers for kernel-source\n - rpm/kernel-obs-build.spec.in: use default dracut modules (bsc#1195926,\n bsc#1198484)\n - rtc: check if __rtc_read_time was successful (git-fixes).\n - rtc: wm8350: Handle error for wm8350_register_irq (git-fixes).\n - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677\n LTC#197378).\n - scsi: libsas: Fix sas_ata_qc_issue() handling of NCQ NON DATA commands\n (git-fixes).\n - scsi: mpt3sas: Fix use after free in _scsih_expander_node_remove()\n (git-fixes).\n - scsi: mpt3sas: Page fault in reply q processing (git-fixes).\n - scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (bsc#1028340\n bsc#1198825).\n - spi: atmel-quadspi: Fix the buswidth adjustment between spi-mem and\n controller (git-fixes).\n - spi: bcm-qspi: fix MSPI only access with bcm_qspi_exec_mem_op()\n (git-fixes).\n - spi: Fix erroneous sgs value with min_t() (git-fixes).\n - spi: Fix invalid sgs value (git-fixes).\n - spi: mxic: Fix the transmit path (git-fixes).\n - spi: tegra20: Use of_device_get_match_data() (git-fixes).\n - staging: mt7621-dts: fix LEDs and pinctrl on GB-PC1 devicetree\n (git-fixes).\n - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367).\n - SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()\n (git-fixes).\n - SUNRPC: Fix the svc_deferred_event trace class (git-fixes).\n - SUNRPC: Handle ENOMEM in call_transmit_status() (git-fixes).\n - SUNRPC: Handle low memory situations in call_status() (git-fixes).\n - USB: dwc3: core: Fix tx/rx threshold settings (git-fixes).\n - USB: dwc3: core: Only handle soft-reset in DCTL (git-fixes).\n - USB: dwc3: gadget: Return proper request status (git-fixes).\n - USB: dwc3: omap: fix \"unbalanced disables for smps10_out1\" on omap5evm\n (git-fixes).\n - USB: gadget: uvc: Fix crash when encoding data for usb request\n (git-fixes).\n - USB: hcd-pci: Use PCI_STD_NUM_BARS when checking standard BARs\n (bsc#1152489)\n - USB: serial: pl2303: add IBM device IDs (git-fixes).\n - USB: serial: simple: add Nokia phone driver (git-fixes).\n - USB: storage: ums-realtek: fix error code in rts51x_read_mem()\n (git-fixes).\n - USB: usb-storage: Fix use of bitfields for hardware data in ene_ub6250.c\n (git-fixes).\n - vgacon: Propagate console boot parameters before calling `vc_resize'\n (bsc#1152489)\n - video: fbdev: atari: Atari 2 bpp (STe) palette bugfix (git-fixes).\n - video: fbdev: cirrusfb: check pixclock to avoid divide by zero\n (git-fixes).\n - video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow\n (git-fixes).\n - video: fbdev: sm712fb: Fix crash in smtcfb_read() (git-fixes).\n - video: fbdev: sm712fb: Fix crash in smtcfb_write() (git-fixes).\n - video: fbdev: udlfb: properly check endpoint type (bsc#1152489)\n - video: fbdev: w100fb: Reset global state (git-fixes).\n - virtio_console: break out of buf poll on remove (git-fixes).\n - virtio_console: eliminate anonymous module_init & module_exit\n (git-fixes).\n - w1: w1_therm: fixes w1_seq for ds28ea00 sensors (git-fixes).\n - x86/pm: Save the MSR validity status at context setup (bsc#1198400).\n - x86/sev: Unroll string mmio with CC_ATTR_GUEST_UNROLL_STRING_IO\n (git-fixes).\n - x86/speculation: Restore speculation related MSRs during S3 resume\n (bsc#1198400).\n - xen: fix is_xen_pmu() (git-fixes).\n - xen/blkfront: fix comment for need_copy (git-fixes).\n - xen/x86: obtain full video frame buffer address for Dom0 also under EFI\n (bsc#1193556).\n - xen/x86: obtain upper 32 bits of video frame buffer address for Dom0\n (bsc#1193556).\n - xhci: fix runtime PM imbalance in USB2 resume (git-fixes).\n - xhci: fix uninitialized string returned by xhci_decode_ctrl_ctx()\n (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-1687=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-1687=1\n\n - SUSE Linux Enterprise Workstation Extension 15-SP3:\n\n zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1687=1\n\n - SUSE Linux Enterprise Module for Live Patching 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1687=1\n\n - SUSE Linux Enterprise Module for Legacy Software 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-1687=1\n\n - SUSE Linux Enterprise Module for Development Tools 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1687=1\n\n - SUSE Linux Enterprise Module for Basesystem 15-SP3:\n\n zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1687=1\n\n - SUSE Linux Enterprise Micro 5.2:\n\n zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1687=1\n\n - SUSE Linux Enterprise Micro 5.1:\n\n zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1687=1\n\n - SUSE Linux Enterprise High Availability 15-SP3:\n\n zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1687=1", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-05-16T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27835", "CVE-2021-0707", "CVE-2021-20292", "CVE-2021-20321", "CVE-2021-38208", "CVE-2021-4154", "CVE-2022-0812", "CVE-2022-1158", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1419", "CVE-2022-1516", "CVE-2022-28356", "CVE-2022-28748", "CVE-2022-28893", "CVE-2022-29156"], "modified": "2022-05-16T00:00:00", "id": "SUSE-SU-2022:1687-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4ZLCOPPADTK7VNZ3TWIPMNF3S3J73QZG/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}

Android Security Bulletin—April 2022

Description

Related