CVE-2021-1899

Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVSS v3 4.6 MEDIUM
CVSS v2.0 2.1 LOW

4.6^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin	Patch Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:apq8009w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8009w:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:aqt1000:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:qca4020_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca4020:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6420:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6430:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca9379:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:qualcomm215_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qualcomm215:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_675:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd205:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd210:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd675:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd678:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd720g:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd730:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd855:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sda429w:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm429w:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdx50m:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdx55m:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm6250:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9326:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3610:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:qualcomm:wcn3615_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3615:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3620:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:qualcomm:wcn3680_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3680:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3991:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3998:-:*:*:*:*:*:*:*

Configuration 40 (hide)

AND

cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*

Configuration 41 (hide)

AND

cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:45

Type	Values Removed	Values Added
References	~~() https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin - Patch, Vendor Advisory~~	() https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin - Patch, Vendor Advisory

15 Jul 2021, 18:39

Type	Values Removed	Values Added
References	~~(CONFIRM) https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin -~~	(CONFIRM) https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin - Patch, Vendor Advisory
CWE		CWE-125
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 4.6
CPE		cpe:2.3:o:qualcomm:sd855_firmware:-:::::::* cpe:2.3:o:qualcomm:qca4020_firmware:-:::::::* cpe:2.3:o:qualcomm:sd720g_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3680b:-:::::::* cpe:2.3:h:qualcomm:wcd9370:-:::::::* cpe:2.3:h:qualcomm:qca4020:-:::::::* cpe:2.3:h:qualcomm:wcd9380:-:::::::* cpe:2.3:o:qualcomm:sdx50m_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9341:-:::::::* cpe:2.3:h:qualcomm:qca9379:-:::::::* cpe:2.3:h:qualcomm:wcn3660b:-:::::::* cpe:2.3:h:qualcomm:sd855:-:::::::* cpe:2.3:h:qualcomm:wcn3610:-:::::::* cpe:2.3:h:qualcomm:sm6250:-:::::::* cpe:2.3:o:qualcomm:wcn3950_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3991_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3680:-:::::::* cpe:2.3:o:qualcomm:wcn3680b_firmware:-:::::::* cpe:2.3:h:qualcomm:sdx55m:-:::::::* cpe:2.3:o:qualcomm:wcn3980_firmware:-:::::::* cpe:2.3:h:qualcomm:sd720g:-:::::::* cpe:2.3:o:qualcomm:sdx55_firmware:-:::::::* cpe:2.3:h:qualcomm:sdx50m:-:::::::* cpe:2.3:h:qualcomm:sd675:-:::::::* cpe:2.3:o:qualcomm:wcd9380_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3615_firmware:-:::::::* cpe:2.3:o:qualcomm:sda429w_firmware:-:::::::* cpe:2.3:o:qualcomm:qualcomm215_firmware:-:::::::* cpe:2.3:h:qualcomm:aqt1000:-:::::::* cpe:2.3:o:qualcomm:wcd9370_firmware:-:::::::* cpe:2.3:o:qualcomm:sd210_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3610_firmware:-:::::::* cpe:2.3:h:qualcomm:sdx55:-:::::::* cpe:2.3:h:qualcomm:qca6430:-:::::::* cpe:2.3:h:qualcomm:sdm429w:-:::::::* cpe:2.3:h:qualcomm:sd205:-:::::::* cpe:2.3:o:qualcomm:sm6250_firmware:-:::::::* cpe:2.3:o:qualcomm:sd_675_firmware:-:::::::* cpe:2.3:h:qualcomm:sd678:-:::::::* cpe:2.3:h:qualcomm:wcn3950:-:::::::* cpe:2.3:o:qualcomm:wsa8815_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8810_firmware:-:::::::* cpe:2.3:o:qualcomm:wcd9375_firmware:-:::::::* cpe:2.3:o:qualcomm:qca6430_firmware:-:::::::* cpe:2.3:o:qualcomm:msm8909w_firmware:-:::::::* cpe:2.3:o:qualcomm:sd678_firmware:-:::::::* cpe:2.3:h:qualcomm:apq8009w:-:::::::* cpe:2.3:o:qualcomm:aqt1000_firmware:-:::::::* cpe:2.3:h:qualcomm:qca6420:-:::::::* cpe:2.3:h:qualcomm:wcn3991:-:::::::* cpe:2.3:o:qualcomm:sd675_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3680_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9326:-:::::::* cpe:2.3:o:qualcomm:qca6420_firmware:-:::::::* cpe:2.3:o:qualcomm:apq8009w_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3660b_firmware:-:::::::* cpe:2.3:h:qualcomm:qualcomm215:-:::::::* cpe:2.3:o:qualcomm:sdm429w_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3615:-:::::::* cpe:2.3:o:qualcomm:sd205_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9375:-:::::::* cpe:2.3:h:qualcomm:wcn3980:-:::::::* cpe:2.3:h:qualcomm:sd_675:-:::::::* cpe:2.3:h:qualcomm:wcn3998:-:::::::* cpe:2.3:h:qualcomm:sda429w:-:::::::* cpe:2.3:o:qualcomm:wcn3998_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3620_firmware:-:::::::* cpe:2.3:h:qualcomm:msm8909w:-:::::::* cpe:2.3:h:qualcomm:wsa8810:-:::::::* cpe:2.3:o:qualcomm:qca6174a_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3620:-:::::::* cpe:2.3:h:qualcomm:sd210:-:::::::* cpe:2.3:o:qualcomm:wcd9341_firmware:-:::::::* cpe:2.3:h:qualcomm:qca6174a:-:::::::* cpe:2.3:o:qualcomm:sdx55m_firmware:-:::::::* cpe:2.3:o:qualcomm:sd730_firmware:-:::::::* cpe:2.3:o:qualcomm:qca9379_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8815:-:::::::* cpe:2.3:o:qualcomm:wcn3988_firmware:-:::::::* cpe:2.3:h:qualcomm:sd730:-:::::::* cpe:2.3:h:qualcomm:wcn3988:-:::::::* cpe:2.3:o:qualcomm:wcd9326_firmware:-:::::::*

13 Jul 2021, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-07-13 06:15

Updated : 2024-11-21 05:45

NVD link : CVE-2021-1899

Mitre link : CVE-2021-1899

CVE.ORG link : CVE-2021-1899

JSON object : View

Products Affected

qualcomm

sd678_firmware
wcn3680
sd675_firmware
qca9379
sda429w
sd210_firmware
sd210
wcd9370_firmware
sd855
wsa8810_firmware
sdx55m
sd205_firmware
wcn3991_firmware
qualcomm215_firmware
wcd9375_firmware
qca6430
apq8009w
wcn3615_firmware
sdm429w_firmware
wcd9341_firmware
sdx50m_firmware
sda429w_firmware
sd720g_firmware
sd730
wcn3680b_firmware
wcn3610
wcn3660b_firmware
wcd9375
wcn3610_firmware
sdx55m_firmware
apq8009w_firmware
wcn3680b
wcd9380
wcn3998
sdm429w
wcn3660b
msm8909w_firmware
aqt1000
wcn3998_firmware
wcn3980
wcn3988_firmware
qca6430_firmware
aqt1000_firmware
wcd9326
wcd9380_firmware
qca9379_firmware
msm8909w
wcd9370
wcn3950
wcn3991
wsa8815
sd720g
sm6250
wcn3680_firmware
qca6420
sd678
sd_675
sdx55_firmware
wsa8810
qualcomm215
sdx50m
qca6174a
qca4020_firmware
sdx55
qca6420_firmware
wcd9341
qca4020
sm6250_firmware
wcn3620
sd_675_firmware
wcn3615
wsa8815_firmware
wcn3980_firmware
wcn3950_firmware
sd855_firmware
qca6174a_firmware
wcn3988
sd205
sd675
wcn3620_firmware
sd730_firmware
wcd9326_firmware

CWE

CWE-125

Out-of-bounds Read

4.6 /10

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2021-1899

4.6^/10

2.1^/10

Attach tags to `CVE-2021-1899`