CVE-2021-35070

RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin	Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcm6125:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs6125:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd665:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:11

Type	Values Removed	Values Added
CVSS	v2 : ~~4.9~~ v3 : ~~5.5~~	v2 : 4.9 v3 : 6.5
References	~~() https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin - Vendor Advisory~~	() https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin - Vendor Advisory

22 Jun 2022, 20:36

Type	Values Removed	Values Added
References	~~(CONFIRM) https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin -~~	(CONFIRM) https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin - Vendor Advisory
CWE		CWE-200
CPE		cpe:2.3:h:qualcomm:wcd9375:-:::::::* cpe:2.3:h:qualcomm:qcs6125:-:::::::* cpe:2.3:o:qualcomm:sd665_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3950_firmware:-:::::::* cpe:2.3:o:qualcomm:qcm6125_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3980:-:::::::* cpe:2.3:h:qualcomm:wsa8810:-:::::::* cpe:2.3:h:qualcomm:sd665:-:::::::* cpe:2.3:o:qualcomm:wcd9375_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3950:-:::::::* cpe:2.3:o:qualcomm:qcs6125_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3980_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9370:-:::::::* cpe:2.3:o:qualcomm:wcd9370_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8815:-:::::::* cpe:2.3:h:qualcomm:qcm6125:-:::::::* cpe:2.3:o:qualcomm:wsa8810_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8815_firmware:-:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.9 v3 : 5.5

14 Jun 2022, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-06-14 10:15

Updated : 2024-11-21 06:11

NVD link : CVE-2021-35070

Mitre link : CVE-2021-35070

CVE.ORG link : CVE-2021-35070

JSON object : View

Products Affected

qualcomm

sd665_firmware
wcn3980_firmware
wsa8810_firmware
sd665
wcn3950
qcs6125_firmware
qcm6125
wcd9370_firmware
wcn3950_firmware
wsa8810
wcd9375_firmware
wsa8815_firmware
wsa8815
wcd9375
qcs6125
qcm6125_firmware
wcd9370
wcn3980

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

6.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

4.9 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-35070

6.5^/10

4.9^/10

Attach tags to `CVE-2021-35070`