CVE-2021-35072 : Possible buffer overflow due to improper validation of array index while process

Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Published 2022-06-14 10:15:16

Updated 2022-06-22 20:25:52

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2021-35072

Qualcomm » Mdm9206 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9206 » Version: N/A
Qualcomm » Mdm9607 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9607 » Version: N/A
Qualcomm » Mdm9650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9650 » Version: N/A
Qualcomm » Msm8909w Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8909w » Version: N/A
Qualcomm » Mdm9640 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9640 » Version: N/A
Qualcomm » Apq8096au Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8096au » Version: N/A
Qualcomm » Msm8996au Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8996au » Version: N/A
Qualcomm » Msm8937 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8937_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8937 » Version: N/A
Qualcomm » Qca6174a Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6174a » Version: N/A
Qualcomm » Qca6574au Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6574au » Version: N/A
Qualcomm » Qca6584 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6584_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6584 » Version: N/A
Qualcomm » Qca9377 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9377 » Version: N/A
Qualcomm » Qca9379 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9379 » Version: N/A
Qualcomm » Msm8917 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8917_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8917 » Version: N/A
Qualcomm » Qca6574 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6574 » Version: N/A
Qualcomm » Sd210 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd210 » Version: N/A
Qualcomm » Sd450 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd450 » Version: N/A
Qualcomm » Sd820 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd820 » Version: N/A
Qualcomm » Sd835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd835 » Version: N/A
Qualcomm » Mdm9150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9150 » Version: N/A
Qualcomm » Apq8009 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8009 » Version: N/A
Qualcomm » Apq8017 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8017 » Version: N/A
Qualcomm » Apq8053 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8053 » Version: N/A
Qualcomm » Msm8920 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8920_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8920 » Version: N/A
Qualcomm » Msm8940 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8940_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8940 » Version: N/A
Qualcomm » Msm8953 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8953_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8953 » Version: N/A
Qualcomm » Sdm429w Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm429w » Version: N/A
Qualcomm » Qca6310 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6310_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6310 » Version: N/A
Qualcomm » Wcd9335 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9335 » Version: N/A
Qualcomm » Wcd9340 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9340 » Version: N/A
Qualcomm » Wcd9341 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9341 » Version: N/A
Qualcomm » Wcn3990 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3990 » Version: N/A
Qualcomm » Wcn3998 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3998 » Version: N/A
Qualcomm » Wsa8810 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8810 » Version: N/A
Qualcomm » Wsa8815 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8815 » Version: N/A
Qualcomm » Mdm9250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9250 » Version: N/A
Qualcomm » Mdm9628 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9628 » Version: N/A
Qualcomm » Wcd9330 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9330 » Version: N/A
Qualcomm » Apq8009w Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8009w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8009w » Version: N/A
Qualcomm » Qcm4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm4290 » Version: N/A
Qualcomm » Qcs4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs4290 » Version: N/A
Qualcomm » Sdw2500 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdw2500_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdw2500 » Version: N/A
Qualcomm » Apq8037 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8037_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8037 » Version: N/A
Qualcomm » Sm4125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4125 » Version: N/A
Qualcomm » Msm8108 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8108_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8108 » Version: N/A
Qualcomm » Msm8208 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8208_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8208 » Version: N/A
Qualcomm » Msm8209 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8209_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8209 » Version: N/A
Qualcomm » Msm8608 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8608_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8608 » Version: N/A
Qualcomm » Qca6320 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6320_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6320 » Version: N/A
Qualcomm » Qca6564a Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6564a » Version: N/A
Qualcomm » Qca6564au Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6564au » Version: N/A
Qualcomm » Qca6574a Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca6574a » Version: N/A
Qualcomm » Qca9367 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9367_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9367 » Version: N/A
Qualcomm » Sd460 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd460 » Version: N/A
Qualcomm » Sd662 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd662 » Version: N/A
Qualcomm » Sd821 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd821_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd821 » Version: N/A
Qualcomm » Wcd9326 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9326 » Version: N/A
Qualcomm » Wcd9370 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9370 » Version: N/A
Qualcomm » Wcd9375 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9375 » Version: N/A
Qualcomm » Wcn3610 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3610 » Version: N/A
Qualcomm » Wcn3615 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3615_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3615 » Version: N/A
Qualcomm » Wcn3660b Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3660b » Version: N/A
Qualcomm » Wcn3680b Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3680b » Version: N/A
Qualcomm » Wcn3910 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3910 » Version: N/A
Qualcomm » Wcn3950 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3950 » Version: N/A
Qualcomm » Wcn3980 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3980 » Version: N/A
Qualcomm » Wcn3988 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3988 » Version: N/A
Qualcomm » Wsa8830 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8830 » Version: N/A
Qualcomm » Wsa8835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8835 » Version: N/A
Qualcomm » Sd429 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd429 » Version: N/A
Qualcomm » Sd439 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd439_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd439 » Version: N/A
Qualcomm » Qcm2290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm2290 » Version: N/A
Qualcomm » Qcs2290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs2290 » Version: N/A
Qualcomm » Wcn3620 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3620 » Version: N/A
Qualcomm » Qualcomm215 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qualcomm215_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qualcomm215 » Version: N/A
Qualcomm » Sd632 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd632_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd632 » Version: N/A
Qualcomm » Wcn3660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3660 » Version: N/A
Qualcomm » Wcn3680 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3680_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3680 » Version: N/A
Qualcomm » Sdx12 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx12_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx12 » Version: N/A
Qualcomm » Sw5100 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sw5100 » Version: N/A
Qualcomm » Sw5100p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sw5100p » Version: N/A
Qualcomm » Sd680 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd680 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-35072

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 27 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-35072

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	Qualcomm, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-35072

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-35072

https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

Qualcomm Documentation
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-35072

Products affected by CVE-2021-35072

Exploit prediction scoring system (EPSS) score for CVE-2021-35072

CVSS scores for CVE-2021-35072

CWE ids for CVE-2021-35072

References for CVE-2021-35072