7.5

CVE-2021-35111

Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobile

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QualcommAr8035 Firmware Version-
   QualcommAr8035 Version-
QualcommQca6390 Firmware Version-
   QualcommQca6390 Version-
QualcommQca6391 Firmware Version-
   QualcommQca6391 Version-
QualcommQca8081 Firmware Version-
   QualcommQca8081 Version-
QualcommQca8337 Firmware Version-
   QualcommQca8337 Version-
QualcommSd 8 Gen1 5g Firmware Version-
   QualcommSm8475 Version-
QualcommSd765 Firmware Version-
   QualcommSd765 Version-
QualcommSd765g Firmware Version-
   QualcommSd765g Version-
QualcommSd768g Firmware Version-
   QualcommSd768g Version-
QualcommSd778g Firmware Version-
   QualcommSd778g Version-
QualcommSd865 5g Firmware Version-
   QualcommSd865 5g Version-
QualcommSd870 Firmware Version-
   QualcommSd870 Version-
QualcommSd888 5g Firmware Version-
   QualcommSd888 5g Version-
QualcommSdx55 Firmware Version-
   QualcommSdx55 Version-
QualcommSdx55m Firmware Version-
   QualcommSdx55m Version-
QualcommSdx65 Firmware Version-
   QualcommSdx65 Version-
QualcommSm7250p Firmware Version-
   QualcommSm7250p Version-
QualcommSm7450 Firmware Version-
   QualcommSm7450 Version-
QualcommSm8475 Firmware Version-
   QualcommSm8475 Version-
QualcommSm8475p Firmware Version-
   QualcommSm8475p Version-
QualcommWcd9341 Firmware Version-
   QualcommWcd9341 Version-
QualcommWcd9370 Firmware Version-
   QualcommWcd9370 Version-
QualcommWcd9375 Firmware Version-
   QualcommWcd9375 Version-
QualcommWcd9380 Firmware Version-
   QualcommWcd9380 Version-
QualcommWcd9385 Firmware Version-
   QualcommWcd9385 Version-
QualcommWcn3991 Firmware Version-
   QualcommWcn3991 Version-
QualcommWcn3998 Firmware Version-
   QualcommWcn3998 Version-
QualcommWcn6750 Firmware Version-
   QualcommWcn6750 Version-
QualcommWcn6850 Firmware Version-
   QualcommWcn6850 Version-
QualcommWcn6851 Firmware Version-
   QualcommWcn6851 Version-
QualcommWcn6855 Firmware Version-
   QualcommWcn6855 Version-
QualcommWcn6856 Firmware Version-
   QualcommWcn6856 Version-
QualcommWcn7851 Firmware Version-
   QualcommWcn7851 Version-
QualcommWsa8810 Firmware Version-
   QualcommWsa8810 Version-
QualcommWsa8815 Firmware Version-
   QualcommWsa8815 Version-
QualcommWsa8830 Firmware Version-
   QualcommWsa8830 Version-
QualcommWsa8832 Firmware Version-
   QualcommWsa8832 Version-
QualcommWsa8835 Firmware Version-
   QualcommWsa8835 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.411
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 7.1 8.6 6.9
AV:N/AC:M/Au:N/C:N/I:N/A:C
product-security@qualcomm.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.