CVE-2021-35080 : Disabled SMMU from secure side while RPM is assigned a secure stream can lead to

Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Published 2022-06-14 10:15:16

Updated 2022-06-22 19:54:17

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2021-35080

Qualcomm » Wcn3998 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3998 » Version: N/A
Qualcomm » Wsa8810 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8810 » Version: N/A
Qualcomm » Wsa8815 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8815 » Version: N/A
Qualcomm » Qcm4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm4290 » Version: N/A
Qualcomm » Qcs4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs4290 » Version: N/A
Qualcomm » Sm4125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4125 » Version: N/A
Qualcomm » Sd460 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd460 » Version: N/A
Qualcomm » Sd662 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd662 » Version: N/A
Qualcomm » Wcd9370 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9370 » Version: N/A
Qualcomm » Wcd9375 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9375 » Version: N/A
Qualcomm » Wcd9385 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9385 » Version: N/A
Qualcomm » Wcn3910 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3910 » Version: N/A
Qualcomm » Wcn3950 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3950 » Version: N/A
Qualcomm » Wcn3980 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3980 » Version: N/A
Qualcomm » Wcn3988 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3988 » Version: N/A
Qualcomm » Wcn3991 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3991 » Version: N/A
Qualcomm » Wsa8830 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8830 » Version: N/A
Qualcomm » Wsa8835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8835 » Version: N/A
Qualcomm » Qcm2290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm2290 » Version: N/A
Qualcomm » Qcs2290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs2290 » Version: N/A
Qualcomm » Sd480 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd480 » Version: N/A
Qualcomm » Sw5100 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sw5100 » Version: N/A
Qualcomm » Sw5100p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sw5100p » Version: N/A
Qualcomm » Sd680 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd680 » Version: N/A
Qualcomm » Sd695 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd695_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sd695 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-35080

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 26 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-35080

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:C/I:N/A:N	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
6.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N	2.0	4.0	Qualcomm, Inc.
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2021-35080

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-35080

https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

Qualcomm Documentation
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-35080

Products affected by CVE-2021-35080

Exploit prediction scoring system (EPSS) score for CVE-2021-35080

CVSS scores for CVE-2021-35080

CWE ids for CVE-2021-35080

References for CVE-2021-35080