Vulnerabilites related to Qualcomm, Inc. - Snapdragon Connectivity, Snapdragon Industrial IOT
cve-2021-35123
Vulnerability from cvelistv5
Published
2022-06-14 10:11
Modified
2024-08-04 00:33
Severity ?
EPSS score ?
Summary
Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon Industrial IOT
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Qualcomm, Inc. | Snapdragon Connectivity, Snapdragon Industrial IOT |
Version: AQT1000, QCA6390, QCA6391, SD 8 Gen1 5G, SD480, SD660, SD778G, SD780G, SD855, SD865 5G, SD870, SD888 5G, SDX55M, SM6375, SM7325P, WCD9335, WCD9370, WCD9375, WCD9380, WCD9385, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:33:51.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Connectivity, Snapdragon Industrial IOT",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000, QCA6390, QCA6391, SD 8 Gen1 5G, SD480, SD660, SD778G, SD780G, SD855, SD865 5G, SD870, SD888 5G, SDX55M, SM6375, SM7325P, WCD9335, WCD9370, WCD9375, WCD9380, WCD9385, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon Industrial IOT"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Copy Without Checking Size of Input in Bluetooth HOST",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T10:11:25",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2021-35123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Connectivity, Snapdragon Industrial IOT",
"version": {
"version_data": [
{
"version_value": "AQT1000, QCA6390, QCA6391, SD 8 Gen1 5G, SD480, SD660, SD778G, SD780G, SD855, SD865 5G, SD870, SD888 5G, SDX55M, SM6375, SM7325P, WCD9335, WCD9370, WCD9375, WCD9380, WCD9385, WCN3980, WCN3988, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon Industrial IOT"
}
]
},
"impact": {
"cvss": {
"baseScore": 8.8,
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input in Bluetooth HOST"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2021-35123",
"datePublished": "2022-06-14T10:11:25",
"dateReserved": "2021-06-21T00:00:00",
"dateUpdated": "2024-08-04T00:33:51.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}