Details of VAR-202107-0496

ID

VAR-202107-0496

CVE

CVE-2021-1954

TITLE

plural Qualcomm Out-of-bounds read vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2021-009300

DESCRIPTION

Possible buffer over read due to improper validation of data pointer while parsing FILS indication IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking. plural Qualcomm The product contains an out-of-bounds read vulnerability.Denial of service (DoS) It may be put into a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-1954 // JVNDB: JVNDB-2021-009300 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1954

AFFECTED PRODUCTS

vendor:	qualcomm	model:	qca9558	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4018	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4029	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9889	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9886	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd765g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8078	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn5500	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd780g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6391	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn5054	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd678	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9000	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9563	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn5021	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9072	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca4024	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8810	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9385	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9375	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn5124	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7250p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn5022	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7325p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9561	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn6024	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6851	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn5122	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd765	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8068	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6426	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq6018	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4019	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8064	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8070	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	aqt1000	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	pmp8074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6696	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9888	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9100	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdxr2 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3991	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm4290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn6122	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8173	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx50m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9880	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4028	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8078a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd870	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9341	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8815	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8830	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9992	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9326	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq6010	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8076	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs4290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3980	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8065	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9370	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca7500	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csr8811	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn5164	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9022	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9982	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9887	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9898	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9990	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9531	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8081	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn5502	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8072	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6420	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn5154	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8174	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9380	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8071	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8075	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8195p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7315	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8076a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3950	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3990	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn5152	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6856	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ar9380	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8072	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd865 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq6028	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9012	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3988	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9024	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd888 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3910	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9985	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd778g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6750	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9994	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq5028	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9984	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn5052	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn6023	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd720g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6740	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6436	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9980	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8072a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6390	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8070a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq5018	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8071a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9896	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn5024	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd768g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn9070	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq5010	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	ipq4018	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq4028	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq4029	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	csr8811	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ar9380	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	aqt1000	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq5010	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq5018	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq4019	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-009300 // NVD: CVE-2021-1954

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1954
value:	HIGH
Trust: 1.0
product-security@qualcomm.com:	CVE-2021-1954
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1954
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-201
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-1954
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1954
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2021-1954
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-009300
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-1954 // JVNDB: JVNDB-2021-009300 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-201 // NVD: CVE-2021-1954 // NVD: CVE-2021-1954

PROBLEMTYPE DATA

problemtype:	CWE-125	Trust: 1.0
problemtype:	Out-of-bounds read (CWE-125) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-009300 // NVD: CVE-2021-1954

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-201

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	July 2021 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin	Trust: 0.8
title:	Qualcomm Repair measures for chip buffer error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155940	Trust: 0.6

sources: JVNDB: JVNDB-2021-009300 // CNNVD: CNNVD-202107-201

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1954	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-009300	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021070507	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-201	Trust: 0.6
db:	VULMON	id:	CVE-2021-1954	Trust: 0.1

sources: VULMON: CVE-2021-1954 // JVNDB: JVNDB-2021-009300 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-201 // NVD: CVE-2021-1954

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1954	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021070507	Trust: 0.6
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202109-0000001150310956	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-july-2021-35837	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/125.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-1954 // JVNDB: JVNDB-2021-009300 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-201 // NVD: CVE-2021-1954

SOURCES

db:	VULMON	id:	CVE-2021-1954
db:	JVNDB	id:	JVNDB-2021-009300
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-201
db:	NVD	id:	CVE-2021-1954

LAST UPDATE DATE

2024-08-14T12:52:22.686000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-1954	date:	2021-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-009300	date:	2022-04-20T08:04:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-201	date:	2021-11-29T00:00:00
db:	NVD	id:	CVE-2021-1954	date:	2021-07-15T19:34:23.880

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-1954	date:	2021-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-009300	date:	2022-04-20T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-201	date:	2021-07-05T00:00:00
db:	NVD	id:	CVE-2021-1954	date:	2021-07-13T06:15:09.187