CVE-2021-35080

Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVSS v3 6.5 MEDIUM
CVSS v2.0 4.9 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin	Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcm2290:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcm4290:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs2290:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs4290:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd460:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd480:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd662:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd680:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:sd695_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd695:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:qualcomm:sm4125_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm4125:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sw5100:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sw5100p:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3910:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3991:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3998:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:11

Type	Values Removed	Values Added
References	~~() https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin - Vendor Advisory~~	() https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin - Vendor Advisory
CVSS	v2 : ~~4.9~~ v3 : ~~5.5~~	v2 : 4.9 v3 : 6.5

22 Jun 2022, 19:54

Type	Values Removed	Values Added
CWE		CWE-200
CPE		cpe:2.3:o:qualcomm:wcn3950_firmware:-:::::::* cpe:2.3:o:qualcomm:qcm4290_firmware:-:::::::* cpe:2.3:o:qualcomm:qcs4290_firmware:-:::::::* cpe:2.3:h:qualcomm:sm4125:-:::::::* cpe:2.3:o:qualcomm:sw5100_firmware:-:::::::* cpe:2.3:h:qualcomm:sw5100:-:::::::* cpe:2.3:h:qualcomm:wsa8810:-:::::::* cpe:2.3:o:qualcomm:wsa8830_firmware:-:::::::* cpe:2.3:h:qualcomm:sw5100p:-:::::::* cpe:2.3:o:qualcomm:sm4125_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3950:-:::::::* cpe:2.3:o:qualcomm:qcs2290_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3991:-:::::::* cpe:2.3:h:qualcomm:wcn3988:-:::::::* cpe:2.3:h:qualcomm:sd680:-:::::::* cpe:2.3:h:qualcomm:sd662:-:::::::* cpe:2.3:h:qualcomm:sd695:-:::::::* cpe:2.3:o:qualcomm:wcd9385_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9385:-:::::::* cpe:2.3:o:qualcomm:wcd9370_firmware:-:::::::* cpe:2.3:o:qualcomm:qcm2290_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8815:-:::::::* cpe:2.3:o:qualcomm:sw5100p_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9375:-:::::::* cpe:2.3:h:qualcomm:sd460:-:::::::* cpe:2.3:o:qualcomm:sd662_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn3910:-:::::::* cpe:2.3:h:qualcomm:wcn3980:-:::::::* cpe:2.3:o:qualcomm:wcn3988_firmware:-:::::::* cpe:2.3:h:qualcomm:qcm4290:-:::::::* cpe:2.3:h:qualcomm:qcs2290:-:::::::* cpe:2.3:h:qualcomm:qcs4290:-:::::::* cpe:2.3:o:qualcomm:sd680_firmware:-:::::::* cpe:2.3:h:qualcomm:sd480:-:::::::* cpe:2.3:o:qualcomm:sd460_firmware:-:::::::* cpe:2.3:o:qualcomm:wcd9375_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3910_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3991_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8835:-:::::::* cpe:2.3:h:qualcomm:wcn3998:-:::::::* cpe:2.3:h:qualcomm:wsa8830:-:::::::* cpe:2.3:o:qualcomm:wsa8835_firmware:-:::::::* cpe:2.3:o:qualcomm:sd695_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3980_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9370:-:::::::* cpe:2.3:h:qualcomm:qcm2290:-:::::::* cpe:2.3:o:qualcomm:sd480_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8810_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn3998_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8815_firmware:-:::::::*
References	~~(CONFIRM) https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin -~~	(CONFIRM) https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 4.9 v3 : 5.5

14 Jun 2022, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-06-14 10:15

Updated : 2024-11-21 06:11

NVD link : CVE-2021-35080

Mitre link : CVE-2021-35080

CVE.ORG link : CVE-2021-35080

JSON object : View

Products Affected

qualcomm

wcd9370
wcn3910_firmware
wcd9375_firmware
sd460_firmware
sw5100
wsa8830_firmware
sd680_firmware
sd680
wcd9385
wcn3991_firmware
wsa8835
qcm4290
wsa8815_firmware
sw5100_firmware
wcd9375
wsa8810
sd480
wcd9370_firmware
sd662_firmware
qcs2290
qcm2290_firmware
wcn3998_firmware
sw5100p
wcn3988
wsa8815
qcs2290_firmware
wcn3950
sd662
sw5100p_firmware
wcn3980
qcm4290_firmware
wcn3980_firmware
wcn3988_firmware
qcs4290_firmware
sm4125_firmware
wsa8810_firmware
wcn3991
wsa8835_firmware
sd695_firmware
sm4125
wcd9385_firmware
sd695
wcn3950_firmware
wsa8830
qcs4290
wcn3910
qcm2290
wcn3998
sd480_firmware
sd460

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

6.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

4.9 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-35080

6.5^/10

4.9^/10

Attach tags to `CVE-2021-35080`