8.4

CVE-2021-30315

Improper handling of sensor HAL structure in absence of sensor can lead to use after free in Snapdragon Auto

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QualcommMdm9628 Firmware Version-
   QualcommMdm9628 Version-
QualcommQca6564a Firmware Version-
   QualcommQca6564a Version-
QualcommQca6564au Firmware Version-
   QualcommQca6564au Version-
QualcommQca6574 Firmware Version-
   QualcommQca6574 Version-
QualcommQca6574a Firmware Version-
   QualcommQca6574a Version-
QualcommQca6574au Firmware Version-
   QualcommQca6574au Version-
QualcommQca6595 Firmware Version-
   QualcommQca6595 Version-
QualcommQca6595au Firmware Version-
   QualcommQca6595au Version-
QualcommQca6696 Firmware Version-
   QualcommQca6696 Version-
QualcommSa6155 Firmware Version-
   QualcommSa6155 Version-
QualcommSa6155p Firmware Version-
   QualcommSa6155p Version-
QualcommSa8150p Firmware Version-
   QualcommSa8150p Version-
QualcommSa8155 Firmware Version-
   QualcommSa8155 Version-
QualcommSa8155p Firmware Version-
   QualcommSa8155p Version-
QualcommSa8195p Firmware Version-
   QualcommSa8195p Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.077
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
product-security@qualcomm.com 8.4 2.5 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.