Lucene search

[email protected]CVE-2021-1932

HistoryOct 20, 2021 - 7:15 a.m.

CVE-2021-1932

2021-10-2007:15:07

[email protected]

web.nvd.nist.gov

cve-2021-1932

access control

trusted application environment

unauthorized access

cdsp

adsp

vm memory

snapdragon auto

snapdragon compute

snapdragon connectivity

snapdragon consumer iot

snapdragon industrial iot

snapdragon mobile

snapdragon wired infrastructure

networking

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

Improper access control in trusted application environment can cause unauthorized access to CDSP or ADSP VM memory with either privilege in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Affected configurations

NVD

Node

qualcommaqt1000Match-

AND

qualcommaqt1000_firmwareMatch-

Node

qualcommar8035Match-

AND

qualcommar8035_firmwareMatch-

Node

qualcommqca6390Match-

AND

qualcommqca6390_firmwareMatch-

Node

qualcommqca6420Match-

AND

qualcommqca6420_firmwareMatch-

Node

qualcommqca6430Match-

AND

qualcommqca6430_firmwareMatch-

Node

qualcommqca6574aMatch-

AND

qualcommqca6574a_firmwareMatch-

Node

qualcommqca6574auMatch-

AND

qualcommqca6574au_firmwareMatch-

Node

qualcommqca6595Match-

AND

qualcommqca6595_firmwareMatch-

Node

qualcommqca6595au_firmwareMatch-

AND

qualcommqca6595auMatch-

Node

qualcommqca6696_firmwareMatch-

AND

qualcommqca6696Match-

Node

qualcommqca9984_firmwareMatch-

AND

qualcommqca9984Match-

Node

qualcommqcm2290_firmwareMatch-

AND

qualcommqcm2290Match-

Node

qualcommqcm4290_firmwareMatch-

AND

qualcommqcm4290Match-

Node

qualcommqcs2290_firmwareMatch-

AND

qualcommqcs2290Match-

Node

qualcommqcs405_firmwareMatch-

AND

qualcommqcs405Match-

Node

qualcommqcs410_firmwareMatch-

AND

qualcommqcs410Match-

Node

qualcommqcs4290_firmwareMatch-

AND

qualcommqcs4290Match-

Node

qualcommqcs610_firmwareMatch-

AND

qualcommqcs610Match-

Node

qualcommsa6155p_firmwareMatch-

AND

qualcommsa6155pMatch-

Node

qualcommsa8150p_firmwareMatch-

AND

qualcommsa8150pMatch-

Node

qualcommsa8155_firmwareMatch-

AND

qualcommsa8155Match-

Node

qualcommsa8155p_firmwareMatch-

AND

qualcommsa8155pMatch-

Node

qualcommsa8195p_firmwareMatch-

AND

qualcommsa8195pMatch-

Node

qualcommsd_675_firmwareMatch-

AND

qualcommsd_675Match-

Node

qualcommsd_8c_firmwareMatch-

AND

qualcommsd_8cMatch-

Node

qualcommsd_8cxMatch-

AND

qualcommsd_8cx_firmwareMatch-

Node

qualcommsd460_firmwareMatch-

AND

qualcommsd460Match-

Node

qualcommsd480_firmwareMatch-

AND

qualcommsd480Match-

Node

qualcommsd662_firmwareMatch-

AND

qualcommsd662Match-

Node

qualcommsd675_firmwareMatch-

AND

qualcommsd675Match-

Node

qualcommsd678_firmwareMatch-

AND

qualcommsd678Match-

Node

qualcommsd720g_firmwareMatch-

AND

qualcommsd720gMatch-

Node

qualcommsd730_firmwareMatch-

AND

qualcommsd730Match-

Node

qualcommsd7c_firmwareMatch-

AND

qualcommsd7cMatch-

Node

qualcommsd855_firmwareMatch-

AND

qualcommsd855Match-

Node

qualcommsd888_5g_firmwareMatch-

AND

qualcommsd888_5gMatch-

Node

qualcommsdm830_firmwareMatch-

AND

qualcommsdm830Match-

Node

qualcommsdx24_firmwareMatch-

AND

qualcommsdx24Match-

Node

qualcommsdx50m_firmwareMatch-

AND

qualcommsdx50mMatch-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsdx55m_firmwareMatch-

AND

qualcommsdx55mMatch-

Node

qualcommsm4125_firmwareMatch-

AND

qualcommsm4125Match-

Node

qualcommsm6250_firmwareMatch-

AND

qualcommsm6250Match-

Node

qualcommsm6250p_firmwareMatch-

AND

qualcommsm6250pMatch-

Node

qualcommwcd9340_firmwareMatch-

AND

qualcommwcd9340Match-

Node

qualcommwcd9341_firmwareMatch-

AND

qualcommwcd9341Match-

Node

qualcommwcd9360_firmwareMatch-

AND

qualcommwcd9360Match-

Node

qualcommwcd9370_firmwareMatch-

AND

qualcommwcd9370Match-

Node

qualcommwcd9371_firmwareMatch-

AND

qualcommwcd9371Match-

Node

qualcommwcd9375_firmwareMatch-

AND

qualcommwcd9375Match-

Node

qualcommwcd9380_firmwareMatch-

AND

qualcommwcd9380Match-

Node

qualcommwcd9385_firmwareMatch-

AND

qualcommwcd9385Match-

Node

qualcommwcn3910_firmwareMatch-

AND

qualcommwcn3910Match-

Node

qualcommwcn3950_firmwareMatch-

AND

qualcommwcn3950Match-

Node

qualcommwcn3980_firmwareMatch-

AND

qualcommwcn3980Match-

Node

qualcommwcn3988_firmwareMatch-

AND

qualcommwcn3988Match-

Node

qualcommwcn3990_firmwareMatch-

AND

qualcommwcn3990Match-

Node

qualcommwcn3991_firmwareMatch-

AND

qualcommwcn3991Match-

Node

qualcommwcn3998_firmwareMatch-

AND

qualcommwcn3998Match-

Node

qualcommwcn3999_firmwareMatch-

AND

qualcommwcn3999Match-

Node

qualcommwcn6850_firmwareMatch-

AND

qualcommwcn6850Match-

Node

qualcommwhs9410_firmwareMatch-

AND

qualcommwhs9410Match-

Node

qualcommwsa8810_firmwareMatch-

AND

qualcommwsa8810Match-

Node

qualcommwsa8815_firmwareMatch-

AND

qualcommwsa8815Match-

CPENameOperatorVersion
qualcomm:aqt1000_firmwarequalcomm aqt1000 firmwareeq-

CPE	Name	Operator	Version
qualcomm:aqt1000_firmware	qualcomm aqt1000 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "AQT1000, AR8035, QCA6390, QCA6420, QCA6430, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS410, QCS4290, QCS610, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8C, SD 8CX, SD460, SD480, SD662, SD675, SD678, SD720G, SD730, SD7c, SD855, SD888 5G, SDM830, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM6250, SM6250P, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6850, WHS9410, WSA8810, WSA8815"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.5%

JSON

Related for CVE-2021-1932

prion1 cvelist1 nvd1