CVE-2021-35070

RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile

CVSS v3 5.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcm6125:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs6125:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd665:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*

History

22 Jun 2022, 20:36

Type	Values Removed	Values Added
CWE		CWE-200
CPE		cpe:2.3:h:qualcomm:wcd9375:-:::::::* cpe:2.3:h:qualcomm:qcs6125:-:::::::* cpe:2.3:o:qualcomm:sd665_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3950_firmware:-:::::::* cpe:2.3:o:qualcomm:qcm6125_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3980:-:::::::* cpe:2.3:h:qualcomm:wsa8810:-:::::::* cpe:2.3:h:qualcomm:sd665:-:::::::* cpe:2.3:o:qualcomm:wcd9375_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3950:-:::::::* cpe:2.3:o:qualcomm:qcs6125_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3980_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9370:-:::::::* cpe:2.3:o:qualcomm:wcd9370_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8815:-:::::::* cpe:2.3:h:qualcomm:qcm6125:-:::::::* cpe:2.3:o:qualcomm:wsa8810_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8815_firmware:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.9 v3 : 5.5
References	~~(CONFIRM) https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin -~~	(CONFIRM) https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin - Vendor Advisory

14 Jun 2022, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-06-14 10:15

Updated : 2024-02-04 22:29

NVD link : CVE-2021-35070

Mitre link : CVE-2021-35070

CVE.ORG link : CVE-2021-35070

JSON object : View

Products Affected

qualcomm

qcs6125
wsa8810_firmware
qcm6125
qcm6125_firmware
sd665_firmware
wcd9370_firmware
qcs6125_firmware
wcd9370
wcn3950
sd665
wcn3980
wsa8815_firmware
wcn3950_firmware
wcd9375_firmware
wcn3980_firmware
wsa8815
wcd9375
wsa8810

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.9 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-35070

5.5^/10

4.9^/10

Attach tags to `CVE-2021-35070`