CVE-2021-30309

Published: Feb 11, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Improper size validation of QXDM commands can lead to memory corruption in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Affected (43)

Products: Qualcomm: Mdm9650 Firmware, Qca6174a Firmware, Qca6390 Firmware, Qca6391 Firmware, Qca9377 Firmware, Qcm6125 Firmware, Qcs410 Firmware, Qcs603 Firmware, Qcs605 Firmware, Qcs610 Firmware, Qcs6125 Firmware, Sd660 Firmware, Sd665 Firmware, Sd690 5g Firmware, Sd730 Firmware, Sd765 Firmware, Sd765g Firmware, Sd768g Firmware, Sd865 5g Firmware, Sd870 Firmware, Sdx12 Firmware, Sdx55m Firmware, Sdxr1 Firmware, Sm7250p Firmware, Wcd9326 Firmware, Wcd9335 Firmware, Wcd9341 Firmware, Wcd9370 Firmware, Wcd9375 Firmware, Wcd9380 Firmware, Wcd9385 Firmware, Wcn3950 Firmware, Wcn3980 Firmware, Wcn3988 Firmware, Wcn3990 Firmware, Wcn3991 Firmware, Wcn3998 Firmware, Wcn6850 Firmware, Wcn6851 Firmware, Wsa8810 Firmware, Wsa8815 Firmware, Wsa8830 Firmware, Wsa8835 Firmware

43 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9650	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6174a Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6174a	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6390 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6390	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6391 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6391	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9377 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9377	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcm6125 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcm6125	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs410 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs410	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs603 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs603	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs605 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs605	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs610 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs610	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs6125 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs6125	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd660	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd665 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd665	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd690 5g Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd690 5g	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd730 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd730	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd765 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd765	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd765g Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd765g	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd768g Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd768g	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd865 5g Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd865 5g	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd870 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd870	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx12 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx12	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx55m Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx55m	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdxr1 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdxr1	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7250p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7250p	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9326 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9326	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9335 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9335	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9341 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9341	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9370 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9370	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9375 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9375	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9380 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9380	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9385 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9385	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3950 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3950	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3980 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3980	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3988 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3988	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3990 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3990	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3991 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3991	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3998 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3998	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn6850 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn6850	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn6851 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn6851	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8810 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8810	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8815 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8815	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8830 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8830	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8835	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin

Source: product-security@qualcomm.com

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.