Details of VAR-202110-1032

ID

VAR-202110-1032

CVE

CVE-2021-1949

TITLE

plural Qualcomm Integer overflow vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2021-013759

DESCRIPTION

Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product contains an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-1949 // JVNDB: JVNDB-2021-013759 // VULMON: CVE-2021-1949

AFFECTED PRODUCTS

vendor:	qualcomm	model:	qca6564	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs603	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9371	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd765g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd780g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6391	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd678	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6335	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fsm10056	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qsw8573	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9367	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9385	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdxr1	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9375	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6851	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd765	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csra6640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6426	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6696	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	aqt1000	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3991	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdxr2 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6250p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm4290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3620	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd750g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx50m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6310	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6431	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9628	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9377	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm4125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd870	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6320	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdw2500	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7325	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8830	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs4290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ar8031	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9370	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6421	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd662	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	fsm10055	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd820	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca4020	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9330	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6420	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9380	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6856	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8195p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qualcomm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3950	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3999	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd888	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd460	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qrb5165	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd865 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd690 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm830	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3988	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6174a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd888 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd778g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3910	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6750	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csra6620	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6740	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd720g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9379	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qsm8250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6436	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6390	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8064au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9626	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd768g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6430	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	aqt1000	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8009w	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ar8031	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8096au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8064au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	csra6640	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-013759 // NVD: CVE-2021-1949

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1949
value:	HIGH
Trust: 1.0
product-security@qualcomm.com:	CVE-2021-1949
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-1949
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202110-096
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-1949
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1949
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

product-security@qualcomm.com:	CVE-2021-1949
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2021-013759
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-1949 // JVNDB: JVNDB-2021-013759 // CNNVD: CNNVD-202110-096 // NVD: CVE-2021-1949 // NVD: CVE-2021-1949

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.0
problemtype:	Integer overflow or wraparound (CWE-190) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-013759 // NVD: CVE-2021-1949

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-096

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202110-096

PATCH

title:	October 2021 Security Bulletin	url:	https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2021-bulletin.html	Trust: 0.8
title:	Multiple Qualcomm Product input verification error vulnerability fixes	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166714	Trust: 0.6

sources: JVNDB: JVNDB-2021-013759 // CNNVD: CNNVD-202110-096

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1949	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-013759	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-096	Trust: 0.6
db:	VULMON	id:	CVE-2021-1949	Trust: 0.1

sources: VULMON: CVE-2021-1949 // JVNDB: JVNDB-2021-013759 // CNNVD: CNNVD-202110-096 // NVD: CVE-2021-1949

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1949	Trust: 1.4
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-wearables-202111-0000001172568432	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-october-2021-36587	Trust: 0.6
url:	https://source.android.com/security/bulletin/2021-10-01	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-1949 // JVNDB: JVNDB-2021-013759 // CNNVD: CNNVD-202110-096 // NVD: CVE-2021-1949

SOURCES

db:	VULMON	id:	CVE-2021-1949
db:	JVNDB	id:	JVNDB-2021-013759
db:	CNNVD	id:	CNNVD-202110-096
db:	NVD	id:	CVE-2021-1949

LAST UPDATE DATE

2024-08-14T15:17:01.389000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-1949	date:	2021-10-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-013759	date:	2022-09-27T08:31:00
db:	CNNVD	id:	CNNVD-202110-096	date:	2021-11-29T00:00:00
db:	NVD	id:	CVE-2021-1949	date:	2021-10-26T17:56:02.987

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-1949	date:	2021-10-20T00:00:00
db:	JVNDB	id:	JVNDB-2021-013759	date:	2022-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202110-096	date:	2021-10-04T00:00:00
db:	NVD	id:	CVE-2021-1949	date:	2021-10-20T07:15:07.597