github - ghsa-7r3q-qx4p-q5jf

ghsa-7r3q-qx4p-q5jf

Vulnerability from github

Published

2022-05-24 19:13

Modified

2022-07-13 00:01

Severity

5.5 (Medium) - CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1929"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T12:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
  "id": "GHSA-7r3q-qx4p-q5jf",
  "modified": "2022-07-13T00:01:02Z",
  "published": "2022-05-24T19:13:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1929"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2021-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

cve-2021-1929

Vulnerability from cvelistv5

Published

2021-09-08 11:25

Modified

2024-08-03 16:25

Severity

6.2 (Medium) - cvssV3_1 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

References

URL	Tags
https://www.qualcomm.com/company/product-security/bulletins/august-2021-bulletin	x_refsource_CONFIRM

Impacted products

Vendor	Product
Qualcomm, Inc.	Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:25:06.318Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2021-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "APQ8096AU, AQT1000, MSM8996AU, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCM2290, QCM4290, QCM6125, QCS2290, QCS4290, QCS603, QCS605, QCS610, QCS6125, Qualcomm215, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD205, SD210, SD460, SD480, SD662, SD665, SD675, SD678, SD720G, SD730, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM830, SDX50M, SDX55, SDX55M, SDXR2 5G, SM6250, SM7250P, SM7315, SM7325P, WCD9326, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Permissions, Privileges and Access Controls in Android",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-08T11:25:43",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2021-bulletin"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@qualcomm.com",
          "ID": "CVE-2021-1929",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "APQ8096AU, AQT1000, MSM8996AU, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCM2290, QCM4290, QCM6125, QCS2290, QCS4290, QCS603, QCS605, QCS610, QCS6125, Qualcomm215, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD205, SD210, SD460, SD480, SD662, SD665, SD675, SD678, SD720G, SD730, SD765, SD765G, SD768G, SD778G, SD780G, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM830, SDX50M, SDX55, SDX55M, SDXR2 5G, SM6250, SM7250P, SM7315, SM7325P, WCD9326, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Qualcomm, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Lack of strict validation of bootmode can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables"
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 6.2,
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Permissions, Privileges and Access Controls in Android"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qualcomm.com/company/product-security/bulletins/august-2021-bulletin",
              "refsource": "CONFIRM",
              "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2021-bulletin"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2021-1929",
    "datePublished": "2021-09-08T11:25:43",
    "dateReserved": "2020-12-08T00:00:00",
    "dateUpdated": "2024-08-03T16:25:06.318Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.