Details of VAR-202112-0911

ID

VAR-202112-0911

CVE

CVE-2021-30273

TITLE

plural Snapdragon Product Reachable Assertion Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2022-002864

DESCRIPTION

Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables. plural Snapdragon A reachable assertion vulnerability exists in the product.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-30273 // JVNDB: JVNDB-2022-002864 // VULMON: CVE-2021-30273

AFFECTED PRODUCTS

vendor:	qualcomm	model:	mdm9207	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9370	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa415m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 8cx	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca4004	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd678	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm8207	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qsw8573	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9367	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9330	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9375	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9380	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8195p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9306	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csrb31024	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3990	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3950	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9335	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6584	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6696	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3991	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6250p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qet4101	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3988	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6174a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3620	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9340	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd720g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9628	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9377	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ar6003	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6584au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdw2500	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3980	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	mdm9207	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8096au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9215	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8009w	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	csrb31024	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ar6003	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm8207	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9205	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9250	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-002864 // NVD: CVE-2021-30273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30273
value:	HIGH
Trust: 1.0
product-security@qualcomm.com:	CVE-2021-30273
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-30273
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-265
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-30273
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-30273
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-002864
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-002864 // CNNVD: CNNVD-202112-265 // NVD: CVE-2021-30273 // NVD: CVE-2021-30273

PROBLEMTYPE DATA

problemtype:	CWE-617	Trust: 1.0
problemtype:	Reachable assertions (CWE-617) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-002864 // NVD: CVE-2021-30273

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-265

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-265

PATCH

title:	December 2021 Security Bulletin	url:	https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2021-bulletin.html	Trust: 0.8
title:	Qualcomm Fixes for chip security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173593	Trust: 0.6

sources: JVNDB: JVNDB-2022-002864 // CNNVD: CNNVD-202112-265

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30273	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-002864	Trust: 0.8
db:	CS-HELP	id:	SB2021120708	Trust: 0.6
db:	CNNVD	id:	CNNVD-202112-265	Trust: 0.6
db:	VULMON	id:	CVE-2021-30273	Trust: 0.1

sources: VULMON: CVE-2021-30273 // JVNDB: JVNDB-2022-002864 // CNNVD: CNNVD-202112-265 // NVD: CVE-2021-30273

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30273	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021120708	Trust: 0.6
url:	https://source.android.com/security/bulletin/2021-12-01	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-december-37014	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-30273 // JVNDB: JVNDB-2022-002864 // CNNVD: CNNVD-202112-265 // NVD: CVE-2021-30273

SOURCES

db:	VULMON	id:	CVE-2021-30273
db:	JVNDB	id:	JVNDB-2022-002864
db:	CNNVD	id:	CNNVD-202112-265
db:	NVD	id:	CVE-2021-30273

LAST UPDATE DATE

2024-08-14T13:23:01.519000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-30273	date:	2022-01-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-002864	date:	2023-01-18T01:51:00
db:	CNNVD	id:	CNNVD-202112-265	date:	2022-01-12T00:00:00
db:	NVD	id:	CVE-2021-30273	date:	2022-01-11T21:33:36.267

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-30273	date:	2022-01-03T00:00:00
db:	JVNDB	id:	JVNDB-2022-002864	date:	2023-01-18T00:00:00
db:	CNNVD	id:	CNNVD-202112-265	date:	2021-12-06T00:00:00
db:	NVD	id:	CVE-2021-30273	date:	2022-01-03T08:15:08.133