7.5
CVE-2021-35111
- EPSS 0.19%
- Published 14.06.2022 10:15:17
- Last modified 21.11.2024 06:11:55
- Source product-security@qualcomm.com
- Teams watchlist Login
- Open Login
Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobile
Data is provided by the National Vulnerability Database (NVD)
Qualcomm ≫ Ar8035 Firmware Version-
Qualcomm ≫ Qca6390 Firmware Version-
Qualcomm ≫ Qca6391 Firmware Version-
Qualcomm ≫ Qca8081 Firmware Version-
Qualcomm ≫ Qca8337 Firmware Version-
Qualcomm ≫ Sd 8 Gen1 5g Firmware Version-
Qualcomm ≫ Sd765 Firmware Version-
Qualcomm ≫ Sd765g Firmware Version-
Qualcomm ≫ Sd768g Firmware Version-
Qualcomm ≫ Sd778g Firmware Version-
Qualcomm ≫ Sd865 5g Firmware Version-
Qualcomm ≫ Sd870 Firmware Version-
Qualcomm ≫ Sd888 5g Firmware Version-
Qualcomm ≫ Sdx55 Firmware Version-
Qualcomm ≫ Sdx55m Firmware Version-
Qualcomm ≫ Sdx65 Firmware Version-
Qualcomm ≫ Sm7250p Firmware Version-
Qualcomm ≫ Sm7450 Firmware Version-
Qualcomm ≫ Sm8475 Firmware Version-
Qualcomm ≫ Sm8475p Firmware Version-
Qualcomm ≫ Wcd9341 Firmware Version-
Qualcomm ≫ Wcd9370 Firmware Version-
Qualcomm ≫ Wcd9375 Firmware Version-
Qualcomm ≫ Wcd9380 Firmware Version-
Qualcomm ≫ Wcd9385 Firmware Version-
Qualcomm ≫ Wcn3991 Firmware Version-
Qualcomm ≫ Wcn3998 Firmware Version-
Qualcomm ≫ Wcn6750 Firmware Version-
Qualcomm ≫ Wcn6850 Firmware Version-
Qualcomm ≫ Wcn6851 Firmware Version-
Qualcomm ≫ Wcn6855 Firmware Version-
Qualcomm ≫ Wcn6856 Firmware Version-
Qualcomm ≫ Wcn7851 Firmware Version-
Qualcomm ≫ Wsa8810 Firmware Version-
Qualcomm ≫ Wsa8815 Firmware Version-
Qualcomm ≫ Wsa8830 Firmware Version-
Qualcomm ≫ Wsa8832 Firmware Version-
Qualcomm ≫ Wsa8835 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.411 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.1 | 8.6 | 6.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:C
|
| product-security@qualcomm.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.