CVE-2021-35109 : Possible address manipulation from APP-NS while APP-S is configuring an RG where

Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile

Published 2022-09-02 12:15:09

Updated 2023-04-19 17:10:55

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Input validation

Products affected by CVE-2021-35109

Qualcomm » Wcn6855 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn6855 » Version: N/A
Qualcomm » Wcn6856 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn6856 » Version: N/A
Qualcomm » Wcd9370 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9370 » Version: N/A
Qualcomm » Wcd9375 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9375 » Version: N/A
Qualcomm » Wcd9380 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9380 » Version: N/A
Qualcomm » Wcd9385 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9385 » Version: N/A
Qualcomm » Wcn6750 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn6750 » Version: N/A
Qualcomm » Wsa8830 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8830 » Version: N/A
Qualcomm » Wsa8835 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8835 » Version: N/A
Qualcomm » Wcn7851 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn7851_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn7851 » Version: N/A
Qualcomm » Sd 8 Gen1 5g Firmware » Version: N/A
cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8475 » Version: N/A
Qualcomm » Sm7450 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7450 » Version: N/A
Qualcomm » Sm8475 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8475_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8475 » Version: N/A
Qualcomm » Sm8475p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8475p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8475p » Version: N/A
Qualcomm » Wsa8832 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8832_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8832 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2021-35109

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 9 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-35109

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.8	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	0.9	5.9	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
6.8	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	0.9	5.9	Qualcomm, Inc.
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-35109

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-35109

https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletin

Qualcomm Documentation
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-35109

Products affected by CVE-2021-35109

Exploit prediction scoring system (EPSS) score for CVE-2021-35109

CVSS scores for CVE-2021-35109

CWE ids for CVE-2021-35109

References for CVE-2021-35109