Details of VAR-202203-0057

ID

VAR-202203-0057

CVE

CVE-2021-35115

TITLE

Use of freed memory vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2021-019204

DESCRIPTION

Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile. APQ8096AU firmware, AR6003 firmware, MDM8215 Multiple Qualcomm products, such as firmware, contain vulnerabilities related to use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2021-35115 // JVNDB: JVNDB-2021-019204

AFFECTED PRODUCTS

vendor:	qualcomm	model:	mdm9615m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6696	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm8215m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8145p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9310	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6150p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8540p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa9000p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm8215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ar6003	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6584au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8195p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm8615m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9341	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8150p	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	msm8996au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9215	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ar6003	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8096au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9615m	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9615	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm8215	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9310	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm8615m	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm8215m	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-019204 // NVD: CVE-2021-35115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-35115
value:	HIGH
Trust: 1.0
product-security@qualcomm.com:	CVE-2021-35115
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-35115
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202203-611
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2021-35115
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-35115
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
product-security@qualcomm.com:	CVE-2021-35115
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-35115
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-019204 // CNNVD: CNNVD-202203-611 // NVD: CVE-2021-35115 // NVD: CVE-2021-35115

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.0
problemtype:	Use of freed memory (CWE-416) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-019204 // NVD: CVE-2021-35115

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202203-611

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202203-611

PATCH

title:

Qualcomm Repair measures for chip resource management errors and loopholes

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=185046

Trust: 0.6

sources: CNNVD: CNNVD-202203-611

EXTERNAL IDS

db:	NVD	id:	CVE-2021-35115	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-019204	Trust: 0.8
db:	CS-HELP	id:	SB2022030719	Trust: 0.6
db:	CNNVD	id:	CNNVD-202203-611	Trust: 0.6

sources: JVNDB: JVNDB-2021-019204 // CNNVD: CNNVD-202203-611 // NVD: CVE-2021-35115

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/march-2022-bulletin	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2021-35115	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2022030719	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-35115/	Trust: 0.6

sources: JVNDB: JVNDB-2021-019204 // CNNVD: CNNVD-202203-611 // NVD: CVE-2021-35115

SOURCES

db:	JVNDB	id:	JVNDB-2021-019204
db:	CNNVD	id:	CNNVD-202203-611
db:	NVD	id:	CVE-2021-35115

LAST UPDATE DATE

2024-08-14T12:22:02.663000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2021-019204	date:	2023-07-19T08:29:00
db:	CNNVD	id:	CNNVD-202203-611	date:	2022-04-11T00:00:00
db:	NVD	id:	CVE-2021-35115	date:	2022-04-09T00:30:58.090

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2021-019204	date:	2023-07-19T00:00:00
db:	CNNVD	id:	CNNVD-202203-611	date:	2022-03-07T00:00:00
db:	NVD	id:	CVE-2021-35115	date:	2022-04-01T05:15:07.680