CVE-2021-30321

Published: Nov 12, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: product-security@qualcomm.com (Secondary)

Description

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity

Affected (23)

Products: Qualcomm: Aqt1000 Firmware, Qca1062 Firmware, Qca1064 Firmware, Qca2066 Firmware, Qca6320 Firmware, Qca6391 Firmware, Qca6420 Firmware, Qca6430 Firmware, Sc8280xp Firmware, Sd 8cx Firmware, Wcd9340 Firmware, Wcd9341 Firmware, Wcd9380 Firmware, Wcd9385 Firmware, Wcn3998 Firmware, Wcn6850 Firmware, Wcn6851 Firmware, Wcn6855 Firmware, Wcn6856 Firmware, Wsa8810 Firmware, Wsa8815 Firmware, Wsa8830 Firmware, Wsa8835 Firmware

23 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Aqt1000 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Aqt1000	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca1062 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca1062	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca1064 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca1064	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca2066 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca2066	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6320 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6320	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6391 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6391	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6420 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6420	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6430 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6430	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sc8280xp Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sc8280xp	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sd 8cx Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sd 8cx	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9340 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9340	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9341 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9341	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9380 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9380	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9385 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9385	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3998 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3998	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn6850 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn6850	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn6851 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn6851	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn6855 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn6855	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn6856 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn6856	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8810 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8810	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8815 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8815	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8830 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8830	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8835 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8835	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://www.qualcomm.com/company/product-security/bulletins/november-2021-bulletin

Source: product-security@qualcomm.com

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/november-2021-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.