6.8

CVE-2021-35109

Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile

Data is provided by the National Vulnerability Database (NVD)
QualcommSd 8 Gen1 5g Firmware Version-
   QualcommSm8475 Version-
QualcommSm7450 Firmware Version-
   QualcommSm7450 Version-
QualcommSm8475 Firmware Version-
   QualcommSm8475 Version-
QualcommSm8475p Firmware Version-
   QualcommSm8475p Version-
QualcommWcd9370 Firmware Version-
   QualcommWcd9370 Version-
QualcommWcd9375 Firmware Version-
   QualcommWcd9375 Version-
QualcommWcd9380 Firmware Version-
   QualcommWcd9380 Version-
QualcommWcd9385 Firmware Version-
   QualcommWcd9385 Version-
QualcommWcn6750 Firmware Version-
   QualcommWcn6750 Version-
QualcommWcn6855 Firmware Version-
   QualcommWcn6855 Version-
QualcommWcn6856 Firmware Version-
   QualcommWcn6856 Version-
QualcommWcn7851 Firmware Version-
   QualcommWcn7851 Version-
QualcommWsa8830 Firmware Version-
   QualcommWsa8830 Version-
QualcommWsa8832 Firmware Version-
   QualcommWsa8832 Version-
QualcommWsa8835 Firmware Version-
   QualcommWsa8835 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.1% 0.275
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
product-security@qualcomm.com 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.