CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
12.6%
Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Vendor | Product | Version | CPE |
---|---|---|---|
qualcomm | apq8009 | - | cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:* |
qualcomm | apq8009_firmware | - | cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:* |
qualcomm | apq8053 | - | cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:* |
qualcomm | apq8053_firmware | - | cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:* |
qualcomm | apq8096au | - | cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:* |
qualcomm | apq8096au_firmware | - | cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:* |
qualcomm | aqt1000 | - | cpe:2.3:h:qualcomm:aqt1000:-:*:*:*:*:*:*:* |
qualcomm | aqt1000_firmware | - | cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:* |
qualcomm | ar8031 | - | cpe:2.3:h:qualcomm:ar8031:-:*:*:*:*:*:*:* |
qualcomm | ar8031_firmware | - | cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:* |
[
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009, APQ8053, APQ8096AU, AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MSM8996AU, PMP8074, QCA1023, QCA1062, QCA1064, QCA10901, QCA2062, QCA2064, QCA2065, QCA2066, QCA4010, QCA4020, QCA4024, QCA6174A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6694, QCA6696, QCA8072, QCA8075, QCA8081, QCA9369, QCA9377, QCA9379, QCA9888, QCA9889, QCA9984, QCM2290, QCM4290, QCM6125, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN6122, QCN7605, QCN7606, QCN9000, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS605, QCS610, ...[truncated*]"
}
]
}
]
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
12.6%