CVE-2021-30331 : Possible buffer overflow due to improper data validation of external commands se

Possible buffer overflow due to improper data validation of external commands sent via DIAG interface in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Published 2022-04-01 05:15:07

Updated 2023-04-19 17:10:55

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2021-30331

Qualcomm » Mdm9650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9650 » Version: N/A
Qualcomm » Qca6174a Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6174a » Version: N/A
Qualcomm » Qca9377 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9377 » Version: N/A
Qualcomm » Mdm9150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9150 » Version: N/A
Qualcomm » Sd 675 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd 675 » Version: N/A
Qualcomm » Qca8081 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca8081 » Version: N/A
Qualcomm » Sdx55 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55 » Version: N/A
Qualcomm » Qcs610 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs610 » Version: N/A
Qualcomm » Qca6390 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6390 » Version: N/A
Qualcomm » Qca6391 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6391 » Version: N/A
Qualcomm » Wcd9335 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9335 » Version: N/A
Qualcomm » Wcd9341 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9341 » Version: N/A
Qualcomm » Wcn3990 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3990 » Version: N/A
Qualcomm » Wcn3998 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3998 » Version: N/A
Qualcomm » Wcn6850 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn6850 » Version: N/A
Qualcomm » Wcn6851 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn6851 » Version: N/A
Qualcomm » Wcn6855 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn6855 » Version: N/A
Qualcomm » Wcn6856 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn6856 » Version: N/A
Qualcomm » Wsa8810 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8810 » Version: N/A
Qualcomm » Wsa8815 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8815 » Version: N/A
Qualcomm » Qcm4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm4290 » Version: N/A
Qualcomm » Qcs4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs4290 » Version: N/A
Qualcomm » Sdx55m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55m » Version: N/A
Qualcomm » Sm6250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6250 » Version: N/A
Qualcomm » Sm7250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7250p » Version: N/A
Qualcomm » Qcm6125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm6125 » Version: N/A
Qualcomm » Qcs410 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs410 » Version: N/A
Qualcomm » Qcs6125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs6125 » Version: N/A
Qualcomm » Sm6250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6250p » Version: N/A
Qualcomm » Ar8035 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ar8035 » Version: N/A
Qualcomm » Qca6426 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6426 » Version: N/A
Qualcomm » Qca6436 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6436 » Version: N/A
Qualcomm » Qca8337 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca8337 » Version: N/A
Qualcomm » Sd460 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd460 » Version: N/A
Qualcomm » Sd662 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd662 » Version: N/A
Qualcomm » Sd665 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd665 » Version: N/A
Qualcomm » Sd675 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd675 » Version: N/A
Qualcomm » Sd690 5g Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd690 5g » Version: N/A
Qualcomm » Sd720g Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd720g » Version: N/A
Qualcomm » Sd730 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd730 » Version: N/A
Qualcomm » Sd750g Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd750g » Version: N/A
Qualcomm » Sd765 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd765 » Version: N/A
Qualcomm » Sd765g Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd765g » Version: N/A
Qualcomm » Sd768g Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd768g » Version: N/A
Qualcomm » Sd865 5g Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd865 5g » Version: N/A
Qualcomm » Sd888 5g Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd888 5g » Version: N/A
Qualcomm » Sdxr2 5g Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdxr2 5g » Version: N/A
Qualcomm » Wcd9370 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9370 » Version: N/A
Qualcomm » Wcd9375 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9375 » Version: N/A
Qualcomm » Wcd9380 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9380 » Version: N/A
Qualcomm » Wcd9385 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9385 » Version: N/A
Qualcomm » Wcn3910 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3910 » Version: N/A
Qualcomm » Wcn3950 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3950 » Version: N/A
Qualcomm » Wcn3980 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3980 » Version: N/A
Qualcomm » Wcn3988 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3988 » Version: N/A
Qualcomm » Wcn3991 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3991 » Version: N/A
Qualcomm » Wcn6750 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn6750 » Version: N/A
Qualcomm » Wsa8830 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8830 » Version: N/A
Qualcomm » Wsa8835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8835 » Version: N/A
Qualcomm » Fsm10055 Firmware » Version: N/A
cpe:2.3:o:qualcomm:fsm10055_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Fsm10055 » Version: N/A
Qualcomm » Qcm2290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm2290 » Version: N/A
Qualcomm » Qcs2290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs2290 » Version: N/A
Qualcomm » Fsm10056 Firmware » Version: N/A
cpe:2.3:o:qualcomm:fsm10056_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Fsm10056 » Version: N/A
Qualcomm » Sd678 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd678 » Version: N/A
Qualcomm » Sd870 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd870 » Version: N/A
Qualcomm » Sd480 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd480 » Version: N/A
Qualcomm » Sd778g Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd778g » Version: N/A
Qualcomm » Sm7325p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7325p » Version: N/A
Qualcomm » Qcx315 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcx315 » Version: N/A
Qualcomm » Qcm6490 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm6490 » Version: N/A
Qualcomm » Qcs6490 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs6490 » Version: N/A
Qualcomm » Sm6225 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6225_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6225 » Version: N/A
Qualcomm » Sm6375 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6375_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6375 » Version: N/A
Qualcomm » Sdx65 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx65 » Version: N/A
Qualcomm » Sd 8 Gen1 5g Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8475 » Version: N/A
Qualcomm » Sw5100 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sw5100 » Version: N/A
Qualcomm » Sw5100p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sw5100p » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-30331

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 11 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-30331

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	Qualcomm, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2021-30331

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-30331

https://www.qualcomm.com/company/product-security/bulletins/march-2022-bulletin

March 2022 Security Bulletin | Qualcomm
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-30331

Products affected by CVE-2021-30331

Exploit prediction scoring system (EPSS) score for CVE-2021-30331

CVSS scores for CVE-2021-30331

CWE ids for CVE-2021-30331

References for CVE-2021-30331