Vulnerability Details : CVE-2021-1899

Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Published 2021-07-13 06:15:08

Updated 2021-07-15 18:39:40

Source Qualcomm, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-1899

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 17 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-1899

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:N/A:P	3.9	2.9	nvd@nist.gov
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
4.6	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	0.9	3.6	nvd@nist.gov
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
4.6	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	0.9	3.6	product-security@qualcomm.com
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-1899

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-1899

https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin

July 2021 Security Bulletin | Qualcomm
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2021-1899

Qualcomm » Msm8909w Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8909w » Version: N/A
Qualcomm » Qca6174a Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6174a » Version: N/A
Qualcomm » Qca9379 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9379 » Version: N/A
Qualcomm » Sd210 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd210 » Version: N/A
Qualcomm » Sd205 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd205 » Version: N/A
Qualcomm » Sd 675 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 675 » Version: N/A
Qualcomm » Sd855 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd855 » Version: N/A
Qualcomm » Qca4020 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca4020_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca4020 » Version: N/A
Qualcomm » Sdx55 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55 » Version: N/A
Qualcomm » Sdm429w Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm429w » Version: N/A
Qualcomm » Aqt1000 Firmware » Version: N/A
cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Aqt1000 » Version: N/A
Qualcomm » Qca6420 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6420 » Version: N/A
Qualcomm » Qca6430 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6430 » Version: N/A
Qualcomm » Wcd9341 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9341 » Version: N/A
Qualcomm » Wcn3998 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3998 » Version: N/A
Qualcomm » Wsa8810 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8810 » Version: N/A
Qualcomm » Wsa8815 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8815 » Version: N/A
Qualcomm » Apq8009w Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8009w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8009w » Version: N/A
Qualcomm » Sda429w Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda429w » Version: N/A
Qualcomm » Sdx50m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx50m » Version: N/A
Qualcomm » Sdx55m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55m » Version: N/A
Qualcomm » Sm6250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6250 » Version: N/A
Qualcomm » Sd675 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd675 » Version: N/A
Qualcomm » Sd720g Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd720g » Version: N/A
Qualcomm » Sd730 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd730 » Version: N/A
Qualcomm » Wcd9326 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9326 » Version: N/A
Qualcomm » Wcd9370 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9370 » Version: N/A
Qualcomm » Wcd9375 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9375 » Version: N/A
Qualcomm » Wcd9380 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9380 » Version: N/A
Qualcomm » Wcn3610 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3610 » Version: N/A
Qualcomm » Wcn3615 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3615_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3615 » Version: N/A
Qualcomm » Wcn3660b Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3660b » Version: N/A
Qualcomm » Wcn3680b Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3680b » Version: N/A
Qualcomm » Wcn3950 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3950 » Version: N/A
Qualcomm » Wcn3980 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3980 » Version: N/A
Qualcomm » Wcn3988 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3988 » Version: N/A
Qualcomm » Wcn3991 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3991 » Version: N/A
Qualcomm » Wcn3620 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3620 » Version: N/A
Qualcomm » Qualcomm215 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qualcomm215_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qualcomm215 » Version: N/A
Qualcomm » Wcn3680 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3680_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3680 » Version: N/A
Qualcomm » Sd678 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd678 » Version: N/A