Sign-up

ID

VAR-202205-0098


CVE

CVE-2021-35098


TITLE

Buffer error vulnerability in multiple Qualcomm products

Trust: 0.8

sources: JVNDB: JVNDB-2021-019898

DESCRIPTION

Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. APQ8053 firmware, APQ8096AU firmware, AQT1000 Multiple Qualcomm products such as firmware contain a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2021-35098 // JVNDB: JVNDB-2021-019898

AFFECTED PRODUCTS

vendor:qualcommmodel:qcs603scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd765gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd780gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6391scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd680scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9385scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9375scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7250pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7325pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3680bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6851scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs410scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd765scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:csra6640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6426scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9335scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8815scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:aqt1000scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3991scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdxr2 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm4290scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3620scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd750gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9377scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd870scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9341scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8830scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9326scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3980scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs4290scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ar8031scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9370scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3680scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd695scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd662scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx12scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3660bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa515mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6855scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8835scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm6125scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6420scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9380scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6856scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3990scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qualcomm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd480scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3950scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs6125scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd460scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qrb5165scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd865 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd690 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qrb5165nscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3988scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd888 5gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd778gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qrb5165mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6750scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:csra6620scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn6740scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6436scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6390scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd768gscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6430scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:qca6390scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8053scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6420scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6430scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6574auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6574ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6174ascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6426scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:csra6620scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6436scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:csra6640scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8953scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca9377scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:aqt1000scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ar8031scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:qca6391scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9640scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-019898 // NVD: CVE-2021-35098

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-35098
value: MEDIUM

Trust: 1.0

product-security@qualcomm.com: CVE-2021-35098
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-35098
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202205-1859
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2021-35098
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2021-35098
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2021-35098
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-019898 // CNNVD: CNNVD-202205-1859 // NVD: CVE-2021-35098 // NVD: CVE-2021-35098

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.0

problemtype:Buffer error (CWE-119) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-019898 // NVD: CVE-2021-35098

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202205-1859

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202205-1859

PATCH

title:Qualcomm Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=197395

Trust: 0.6

sources: CNNVD: CNNVD-202205-1859

EXTERNAL IDS

db:NVDid:CVE-2021-35098

Trust: 3.2

db:JVNDBid:JVNDB-2021-019898

Trust: 0.8

db:CNNVDid:CNNVD-202205-1859

Trust: 0.6

sources: JVNDB: JVNDB-2021-019898 // CNNVD: CNNVD-202205-1859 // NVD: CVE-2021-35098

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-35098

Trust: 0.8

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-may-2022-38198

Trust: 0.6

url:https://source.android.com/security/bulletin/pixel/2022-05-01

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-35098/

Trust: 0.6

sources: JVNDB: JVNDB-2021-019898 // CNNVD: CNNVD-202205-1859 // NVD: CVE-2021-35098

SOURCES

db:JVNDBid:JVNDB-2021-019898
db:CNNVDid:CNNVD-202205-1859
db:NVDid:CVE-2021-35098

LAST UPDATE DATE

2024-08-14T14:49:50.594000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-019898date:2023-08-24T08:28:00
db:CNNVDid:CNNVD-202205-1859date:2022-06-30T00:00:00
db:NVDid:CVE-2021-35098date:2022-06-24T15:21:45.167

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-019898date:2023-08-24T00:00:00
db:CNNVDid:CNNVD-202205-1859date:2022-05-02T00:00:00
db:NVDid:CVE-2021-35098date:2022-06-14T10:15:16.787