github - ghsa-2f3f-w2jr-748c

ghsa-2f3f-w2jr-748c

Vulnerability from github

Published

2022-06-15 00:00

Modified

2022-06-25 00:00

Severity

7.1 (High) - CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-35116"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-14T10:15:00Z",
    "severity": "HIGH"
  },
  "details": "APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
  "id": "GHSA-2f3f-w2jr-748c",
  "modified": "2022-06-25T00:00:55Z",
  "published": "2022-06-15T00:00:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35116"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2021-35116

Vulnerability from cvelistv5

Published

2022-06-14 09:51

Modified

2024-08-04 00:33

Severity

7.7 (High) - cvssV3_1 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

References

URL	Tags
https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin	x_refsource_CONFIRM

Impacted products

Vendor	Product
Qualcomm, Inc.	Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:33:51.053Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "APQ8009, APQ8009W, APQ8096AU, AQT1000, CSRB31024, MDM9607, MDM9626, MDM9628, MDM9640, MSM8909W, MSM8937, MSM8996AU, PM8937, QCA6174A, QCA6310, QCA6320, QCA6390, QCA6391, QCA6420, QCA6430, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA9377, QCM2290, QCM4290, QCM6490, QCS2290, QCS4290, QCS603, QCS605, QCS6490, SA415M, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SD 675, SD 8 Gen1 5G, SD429, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD820, SD835, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDW2500, SDX12, SDX50M, SDX55, SDX55M, SDX65, SM4125, SM6250, SM7250P, SM7315, SM7325P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Improper Input Validation in Neural Networks",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-14T09:51:08",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@qualcomm.com",
          "ID": "CVE-2021-35116",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "APQ8009, APQ8009W, APQ8096AU, AQT1000, CSRB31024, MDM9607, MDM9626, MDM9628, MDM9640, MSM8909W, MSM8937, MSM8996AU, PM8937, QCA6174A, QCA6310, QCA6320, QCA6390, QCA6391, QCA6420, QCA6430, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA9377, QCM2290, QCM4290, QCM6490, QCS2290, QCS4290, QCS603, QCS605, QCS6490, SA415M, SA6155, SA6155P, SA8155, SA8155P, SA8195P, SD 675, SD 8 Gen1 5G, SD429, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD680, SD690 5G, SD695, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD820, SD835, SD855, SD865 5G, SD870, SD888, SD888 5G, SDM429W, SDW2500, SDX12, SDX50M, SDX55, SDX55M, SDX65, SM4125, SM6250, SM7250P, SM7315, SM7325P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WCN7850, WCN7851, WSA8810, WSA8815, WSA8830, WSA8835"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Qualcomm, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables"
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 7.7,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Input Validation in Neural Networks"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin",
              "refsource": "CONFIRM",
              "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2021-35116",
    "datePublished": "2022-06-14T09:51:08",
    "dateReserved": "2021-06-21T00:00:00",
    "dateUpdated": "2024-08-04T00:33:51.053Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.