ID

VAR-202110-1119


CVE

CVE-2021-30306


TITLE

plural  Qualcomm  Product out-of-bounds read vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-013743

DESCRIPTION

Possible buffer over read due to improper buffer allocation for file length passed from user space in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile. plural Qualcomm The product contains an out-of-bounds read vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-30306 // JVNDB: JVNDB-2021-013743 // VULMON: CVE-2021-30306

AFFECTED PRODUCTS

vendor:qualcommmodel:wcd9370scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd765gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8145pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd780gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6391scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd662scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx12scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9385scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9375scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9380scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm6490scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6856scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8195pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3680bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd480scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6595auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3950scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd765scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd888scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6851scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd460scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6426scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qrb5165scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9335scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd865 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6696scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8815scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd690 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3991scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6150pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3988scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd888 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd778gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd750gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs6490scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6750scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6740scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9377scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6390scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd870scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9341scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7325scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd768gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9326scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8830scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:qca6595auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8953scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6391scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6574auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6174ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6390scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6574scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8053scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6574ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6426scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-013743 // NVD: CVE-2021-30306

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30306
value: HIGH

Trust: 1.0

product-security@qualcomm.com: CVE-2021-30306
value: HIGH

Trust: 1.0

NVD: CVE-2021-30306
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202110-074
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2021-30306
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-30306
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.2
version: 3.1

Trust: 1.0

product-security@qualcomm.com: CVE-2021-30306
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-30306
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-013743 // CNNVD: CNNVD-202110-074 // NVD: CVE-2021-30306 // NVD: CVE-2021-30306

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.0

problemtype:Out-of-bounds read (CWE-125) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-013743 // NVD: CVE-2021-30306

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-074

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202110-074

PATCH

title:October 2021 Security Bulletinurl:https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2021-bulletin.html

Trust: 0.8

title:Multiple Qualcomm Product Buffer Error Vulnerability Fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=166696

Trust: 0.6

sources: JVNDB: JVNDB-2021-013743 // CNNVD: CNNVD-202110-074

EXTERNAL IDS

db:NVDid:CVE-2021-30306

Trust: 3.3

db:JVNDBid:JVNDB-2021-013743

Trust: 0.8

db:CNNVDid:CNNVD-202110-074

Trust: 0.6

db:VULMONid:CVE-2021-30306

Trust: 0.1

sources: VULMON: CVE-2021-30306 // JVNDB: JVNDB-2021-013743 // CNNVD: CNNVD-202110-074 // NVD: CVE-2021-30306

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30306

Trust: 1.4

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-wearables-202111-0000001172568432

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-october-2021-36587

Trust: 0.6

url:https://source.android.com/security/bulletin/2021-10-01

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-30306 // JVNDB: JVNDB-2021-013743 // CNNVD: CNNVD-202110-074 // NVD: CVE-2021-30306

SOURCES

db:VULMONid:CVE-2021-30306
db:JVNDBid:JVNDB-2021-013743
db:CNNVDid:CNNVD-202110-074
db:NVDid:CVE-2021-30306

LAST UPDATE DATE

2024-08-14T14:25:09.441000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2021-30306date:2021-10-20T00:00:00
db:JVNDBid:JVNDB-2021-013743date:2022-09-27T06:07:00
db:CNNVDid:CNNVD-202110-074date:2021-11-29T00:00:00
db:NVDid:CVE-2021-30306date:2021-10-26T18:48:47.270

SOURCES RELEASE DATE

db:VULMONid:CVE-2021-30306date:2021-10-20T00:00:00
db:JVNDBid:JVNDB-2021-013743date:2022-09-27T00:00:00
db:CNNVDid:CNNVD-202110-074date:2021-10-04T00:00:00
db:NVDid:CVE-2021-30306date:2021-10-20T07:15:08.850