www.qualcomm.com
Open in
urlscan Pro
2606:4700::6812:12d7
Public Scan
URL:
https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin
Submission: On January 11 via api from US — Scanned from DE
Submission: On January 11 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
ProductsSupportCompany
Support
Product Security
* Description of Security Ratings
* Report a Bug
* Bulletins
* Technical Resources
* Announcements
* Hall of Fame Archives
Bulletins
* Archived Bulletins
* August 2021 Bulletin
* December 2021 Bulletin
* January 2022 Bulletin
* November 2021 Bulletin
* October 2021 Bulletin
December 2021 Bulletin
DECEMBER 2021 SECURITY BULLETIN
VERSION 1.0
PUBLISHED: 12/06/2021
This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI)
customers incorporate security updates in launched or upcoming devices. This
document includes (i) a description of security vulnerabilities that have been
addressed in QTI’s proprietary code and (ii) links to related code that has been
contributed to Code Aurora Forum (CAF), a Linux Foundation Collaborative
Project, to address security vulnerabilities for customers who incorporate
Linux-based software from CAF into their devices..
Please reach out to securitybulletin@qti.qualcomm.com for any questions related
to this bulletin.
TABLE OF CONTENTS
Announcements Acknowledgements Proprietary Software Issues Open Source Software
Issues Industry Coordination Version History
ANNOUNCEMENTS
None.
ACKNOWLEDGEMENTS
We would like to thank these researchers for their contributions in reporting
these issues to us.
CVE-2021-30351 Netanel Ben Simon and Slava Makkaveev of Check Point Software
Technologies Ltd. CVE-2021-30267, CVE-2021-30268, CVE-2021-30289 Peter Park
(peterpark) CVE-2021-30335, CVE-2021-30337 360 Alpha Lab CVE-2021-30298 Bodong
Zhao from Tsinghua University CVE-2021-30348, CVE-2021-35093 Matheus Eduardo
Garbelini
PROPRIETARY SOFTWARE ISSUES
THE TABLES BELOW SUMMARIZE SECURITY VULNERABILITIES THAT WERE ADDRESSED THROUGH
PROPRIETARY SOFTWARE
This table lists high impact security vulnerabilities. Patches have been
released for affected products. OEMs have been notified and strongly recommended
to release patches on end devices.
Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2021-30275 Critical Critical Core Internal CVE-2021-30276 Critical Critical
Core Internal CVE-2021-30351 Critical Critical Audio 09/05/2021 CVE-2020-11263
High High Core Internal CVE-2021-1894 High High QWES Internal CVE-2021-1918 High
Medium KERNEL Internal CVE-2021-30267 High High RFA 01/13/2021 CVE-2021-30268
High High RFA 01/18/2021 CVE-2021-30269 High High KERNEL Internal CVE-2021-30270
High High KERNEL Internal CVE-2021-30271 High High KERNEL Internal
CVE-2021-30272 High High KERNEL Internal CVE-2021-30273 High High Data Modem
Internal CVE-2021-30274 High High Core Internal CVE-2021-30278 High High Core
Internal CVE-2021-30279 High High Core Internal CVE-2021-30282 High High Core
Internal CVE-2021-30283 High High KERNEL Internal CVE-2021-30289 High High MCS
03/01/2021 CVE-2021-30293 High High Modem Internal CVE-2021-30303 High High WLAN
HAL 02/13/2021 CVE-2021-30336 High High DSP Service Internal
This table lists moderate security vulnerabilities. OEMs have been notified and
encouraged to patch these issues.
Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2021-30348 Medium Medium BT Controller 05/24/2021 CVE-2021-35093 Medium
Medium Bluetooth 05/24/2021
CVE-2021-30275
CVE ID CVE-2021-30275 Title Integer Overflow or Wraparound in Core Description
Possible integer overflow in page alignment interface due to lack of address and
size validation before alignment Technology Area Core Vulnerability Type CWE-190
Integer Overflow or Wraparound Access Vector Local Security Rating Critical CVSS
Rating Critical CVSS Score 9.3 CVSS String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Date Reported Internal Customer
Notified Date 06/07/2021 Affected Chipsets* AR8031, AR8035, CSR8811, CSRA6620,
CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018,
IPQ6028, MDM9150, MDM9205, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6426,
QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU,
QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290,
QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024,
QCN9000, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCS2290, QCS405, QCS410,
QCS4290, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, QSM8250, SA415M, SA515M,
SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P,
SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G,
SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD7c, SD850, SD865 5G,
SD870, SD888 5G, SDX24, SDX55, SDX55M, SDX57M, SDXR2 5G, SM6225, SM6250,
SM6250P, SM6375, SM7250P, SM7325P, WCD9306, WCD9335, WCD9340, WCD9370, WCD9375,
WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3999,
WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835
CVE-2021-30276
CVE ID CVE-2021-30276 Title Improper Access Control in Core Description Improper
access control while doing XPU re-configuration dynamically can lead to
unauthorized access to a secure resource Technology Area Core Vulnerability Type
CWE-284 Improper Access Control Access Vector Local Security Rating Critical
CVSS Rating Critical CVSS Score 9.3 CVSS String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Date Reported Internal Customer
Notified Date 06/07/2021 Affected Chipsets* AR8035, QCA6390, QCA6391, QCA6426,
QCA6436, QCA8337, QCA9984, QCM2290, QCM4290, QCM6490, QCS2290, QCS405, QCS4290,
QCS6490, QCX315, QRB5165, QRB5165N, QSM8250, SD460, SD480, SD660, SD662, SD690
5G, SD750G, SD765, SD765G, SD768G, SD778G, SD865 5G, SD870, SD888 5G, SDX55,
SDX55M, SDX57M, SDXR2 5G, SM6225, SM6375, SM7250P, SM7325P, WCD9335, WCD9370,
WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991,
WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835
CVE-2021-30351
CVE ID CVE-2021-30351 Title Buffer Copy Without Checking Size of Input in Audio
Description An out of bound memory access can occur due to improper validation
of number of frames being passed during music playback Technology Area Audio
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic
Buffer Overflow') Access Vector Remote Security Rating Critical CVSS Rating
Critical CVSS Score 9.8 CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 09/05/2021 Customer Notified Date 10/04/2021 Affected Chipsets*
APQ8009, APQ8009W, APQ8017, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620,
CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ4018, IPQ4028, IPQ4029, IPQ6000,
IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A,
IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A,
IPQ8078A, IPQ8173, IPQ8174, MDM9150, MDM9206, MDM9250, MDM9607, MDM9628,
MSM8909W, MSM8996AU, QCA4024, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6428,
QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU,
QCA6584AU, QCA6595AU, QCA6696, QCA7500, QCA8075, QCA8081, QCA8337, QCA9367,
QCA9377, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985,
QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6490, QCN5022, QCN5024, QCN5052,
QCN5064, QCN5122, QCN5124, QCN5152, QCN5164, QCN5550, QCN9000, QCN9074, QCS2290,
QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QET4101,
QRB5165, QRB5165N, QSM8250, QSW8573, Qualcomm215, SA415M, SA515M, SA6145P,
SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675,
SD205, SD210, SD429, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G,
SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD845, SD855,
SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX12, SDX20,
SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375,
SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9326, WCD9330, WCD9335, WCD9340,
WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620,
WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991,
WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810,
WSA8815, WSA8830, WSA8835
CVE-2020-11263
CVE ID CVE-2020-11263 Title Integer Overflow or Wraparound in Core Description
An integer overflow due to improper check performed after the address and size
passed are aligned Technology Area Core Vulnerability Type CWE-190 Integer
Overflow or Wraparound Access Vector Local Security Rating High CVSS Rating High
CVSS Score 7.3 CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L Date
Reported Internal Customer Notified Date 06/07/2021 Affected Chipsets* AR8035,
QCA6390, QCA6391, QCA6426, QCA6436, QCA8337, QCA9984, QCM2290, QCM4290, QCS2290,
QCS405, QCS410, QCS4290, QCS610, QCX315, QRB5165, QRB5165N, QSM8250, SD 675,
SD460, SD480, SD662, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765,
SD765G, SD768G, SD7c, SD865 5G, SD870, SDX55, SDX55M, SDXR2 5G, SM6225, SM6250,
SM6250P, SM6375, SM7250P, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910,
WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6850, WCN6851,
WSA8810, WSA8815, WSA8830, WSA8835
CVE-2021-1894
CVE ID CVE-2021-1894 Title Permissions, Privileges and Access Controls in
TrustZone Description Improper access control in TrustZone due to improper error
handling while handling the signing key Technology Area QWES Vulnerability Type
CWE-264 Permissions, Privileges, and Access Controls Access Vector Local
Security Rating High CVSS Rating High CVSS Score 7.1 CVSS String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N Date Reported Internal Customer
Notified Date 06/07/2021 Affected Chipsets* AR8031, AR8035, CSRA6620, CSRA6640,
CSRB31024, FSM10055, FSM10056, MDM9150, MDM9205, MDM9628, QCA4004, QCA6174A,
QCA6390, QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574,
QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377,
QCA9984, QCM2290, QCM4290, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS610,
QCS6490, QCS8155, QCX315, QRB5165, QRB5165N, QSM8250, SA415M, SA515M, SA6145P,
SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SA8540P,
SA9000P, SC8280XP, SD 675, SD 8CX, SD460, SD480, SD662, SD665, SD675, SD678,
SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c,
SD850, SD865 5G, SD870, SD888, SD888 5G, SDX24, SDX55, SDX55M, SDX65, SDXR1,
SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315, SM7325P, SM8450,
SM8450P, WCD9306, WCD9330, WCD9335, WCD9340, WCD9360, WCD9370, WCD9375, WCD9380,
WCD9385, WCN3910, WCN3950, WCN3988, WCN3991, WCN3999, WCN6740, WCN6750, WCN6850,
WCN6851, WCN6855, WCN6856, WSA8830, WSA8835
CVE-2021-1918
CVE ID CVE-2021-1918 Title Information Exposure in Kernel Description Improper
handling of resource allocation in virtual machines can lead to information
exposure Technology Area KERNEL Vulnerability Type CWE-200 Information Exposure
Access Vector Local Security Rating High CVSS Rating Medium CVSS Score 6.5 CVSS
String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Date Reported Internal
Customer Notified Date 06/07/2021 Affected Chipsets* QCA6391, QCM6490, QCS6490,
QRB5165, QRB5165N, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G, SD888 5G,
SM7250P, SM7325P, WCD9370, WCD9375, WCD9380, WCD9385, WCN3988, WCN3991, WCN3998,
WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
CVE-2021-30267
CVE ID CVE-2021-30267 Title Integer Overflow to Buffer Overflow in Modem
Description Possible integer overflow to buffer overflow due to improper input
validation in FTM ARA commands Technology Area RFA Vulnerability Type CWE-680
Integer Overflow to Buffer Overflow Access Vector Local Security Rating High
CVSS Rating High CVSS Score 7.8 CVSS String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Date Reported 01/13/2021 Customer
Notified Date 06/07/2021 Affected Chipsets* AQT1000, AR8035, CSRB31024,
FSM10055, FSM10056, MDM9150, MDM9250, MDM9650, QCA6174A, QCA6390, QCA6391,
QCA6420, QCA6426, QCA6430, QCA6436, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU,
QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCS410, QCS603, QCS605, QCS610,
QCX315, SA415M, SA515M, SD 675, SD 8CX, SD480, SD660, SD665, SD675, SD678, SD690
5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD845, SD850, SD855,
SD865 5G, SD870, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G,
SM6250, SM6250P, SM6375, SM7250P, SM8450, SM8450P, WCD9326, WCD9335, WCD9340,
WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988,
WCN3990, WCN3991, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815,
WSA8830, WSA8835
CVE-2021-30268
CVE ID CVE-2021-30268 Title Buffer Copy Without Checking Size of Input in Modem
Description Possible heap Memory Corruption Issue due to lack of input
validation when sending HWTC IQ Capture command Technology Area RFA
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic
Buffer Overflow') Access Vector Local Security Rating High CVSS Rating High CVSS
Score 7.8 CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Date Reported
01/18/2021 Customer Notified Date 06/07/2021 Affected Chipsets* APQ8009W,
APQ8017, APQ8096AU, AQT1000, AR6003, AR8035, CSRB31024, FSM10055, FSM10056,
MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9205, MDM9206, MDM9207,
MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9615M, MDM9628, MDM9640,
MDM9650, MSM8909W, MSM8996AU, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6420,
QCA6426, QCA6430, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU,
QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377,
QCM2290, QCM4290, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QCX315,
QET4101, QSW8573, Qualcomm215, SA415M, SA515M, SD 675, SD 8CX, SD205, SD210,
SD429, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730,
SD750G, SD765, SD765G, SD768G, SD7c, SD845, SD850, SD855, SD865 5G, SD870,
SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1,
SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM8450, SM8450P, WCD9306,
WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380,
WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950,
WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856,
WSA8810, WSA8815, WSA8830, WSA8835
CVE-2021-30269
CVE ID CVE-2021-30269 Title NULL Pointer Dereference in Kernel Description
Possible null pointer dereference due to lack of TLB validation for user
provided address Technology Area KERNEL Vulnerability Type CWE-476 NULL Pointer
Dereference Access Vector Local Security Rating High CVSS Rating High CVSS Score
7.3 CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Date Reported
Internal Customer Notified Date 06/07/2021 Affected Chipsets* AR8031, AR8035,
CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9150, MDM9205, QCA2066,
QCA4004, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A,
QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8081, QCA8337,
QCA9377, QCA9984, QCM2290, QCM4290, QCM6490, QCN7605, QCN7606, QCS2290, QCS405,
QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCS8155, QCX315, QRB5165,
QRB5165N, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P,
SA8150P, SA8155, SA8155P, SA8195P, SA8540P, SA9000P, SC8280XP, SD 675, SD 8CX,
SD460, SD480, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G,
SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD865 5G, SD870, SD888,
SD888 5G, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P,
SM6375, SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9306, WCD9360, WCD9370,
WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3988, WCN3991, WCN3999, WCN6740,
WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835
CVE-2021-30270
CVE ID CVE-2021-30270 Title NULL Pointer Dereference in Kernel Description
Possible null pointer dereference in thread profile trap handler due to lack of
thread ID validation before dereferencing it Technology Area KERNEL
Vulnerability Type CWE-476 NULL Pointer Dereference Access Vector Local Security
Rating High CVSS Rating High CVSS Score 7.3 CVSS String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Date Reported Internal Customer
Notified Date 06/07/2021 Affected Chipsets* APQ8009W, APQ8017, APQ8064AU,
APQ8096AU, AR6003, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, FSM10055,
FSM10056, IPQ8070, IPQ8070A, IPQ8071, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A,
IPQ8076A, IPQ8078, IPQ8078A, MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9150,
MDM9205, MDM9206, MDM9207, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615,
MDM9615M, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA2066, QCA4004,
QCA6174A, QCA6390, QCA6391, QCA6426, QCA6428, QCA6436, QCA6438, QCA6564,
QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU,
QCA6595AU, QCA6696, QCA8081, QCA9367, QCA9377, QCA9889, QCA9984, QCM2290,
QCM4290, QCM6490, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610,
QCS6490, QCX315, QRB5165, QRB5165N, QSM8250, QSW8573, SA415M, SA6145P, SA6150P,
SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8CX,
SD205, SD210, SD429, SD460, SD480, SD662, SD665, SD675, SD678, SD690 5G, SD720G,
SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD865 5G,
SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55,
SDX55M, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315,
SM7325P, WCD9306, WCD9330, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620,
WCN3910, WCN3950, WCN3988, WCN3991, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851,
WCN6855, WCN6856, WSA8830, WSA8835
CVE-2021-30271
CVE ID CVE-2021-30271 Title NULL Pointer Dereference in Kernel Description
Possible null pointer dereference in trap handler due to lack of thread ID
validation before dereferencing it Technology Area KERNEL Vulnerability Type
CWE-476 NULL Pointer Dereference Access Vector Local Security Rating High CVSS
Rating High CVSS Score 7.3 CVSS String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Date Reported Internal Customer
Notified Date 06/07/2021 Affected Chipsets* APQ8009W, APQ8017, APQ8096AU,
AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056,
IPQ5010, IPQ5018, IPQ5028, IPQ6010, IPQ6018, IPQ6028, IPQ8070A, IPQ8071A,
IPQ8072A, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174,
MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628,
MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA2062,
QCA2064, QCA2065, QCA2066, QCA4004, QCA4024, QCA6174A, QCA6390, QCA6391,
QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU,
QCA6595AU, QCA6696, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9888,
QCA9889, QCA9984, QCN5022, QCN5024, QCN5052, QCN5122, QCN5124, QCN5152, QCN5154,
QCN5164, QCN6023, QCN6024, QCN6122, QCN6132, QCN7605, QCN7606, QCN9022, QCN9024,
QCN9070, QCN9072, QCN9074, QCS405, QCS410, QCS603, QCS605, QCS610, QCX315,
QSW8573, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P,
SA8155, SA8155P, SA8195P, SC8280XP, SD 675, SD 8CX, SD205, SD210, SD429, SD460,
SD480, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765,
SD765G, SD768G, SD7c, SD850, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W,
SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SM6225, SM6250,
SM6250P, SM6375, SM7250P, SM8450, SM8450P, WCD9306, WCD9330, WCD9370, WCD9375,
WCD9380, WCD9385, WCN3610, WCN3620, WCN3950, WCN3988, WCN3991, WCN3999, WCN6850,
WCN6851, WCN6855, WCN6856, WSA8830, WSA8835
CVE-2021-30272
CVE ID CVE-2021-30272 Title NULL Pointer Dereference in Kernel Description
Possible null pointer dereference in thread cache operation handler due to lack
of validation of user provided input Technology Area KERNEL Vulnerability Type
CWE-476 NULL Pointer Dereference Access Vector Local Security Rating High CVSS
Rating High CVSS Score 7.3 CVSS String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H Date Reported Internal Customer
Notified Date 06/07/2021 Affected Chipsets* APQ8009W, APQ8017, APQ8096AU,
AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056,
IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8070,
IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076,
IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8207, MDM9150, MDM9205,
MDM9206, MDM9207, MDM9607, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8996AU,
PMP8074, QCA1062, QCA1064, QCA4004, QCA4024, QCA6174A, QCA6390, QCA6391,
QCA6426, QCA6428, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574,
QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA8072, QCA8075,
QCA8081, QCA8337, QCA9367, QCA9377, QCA9888, QCA9889, QCA9984, QCM2290, QCM4290,
QCM6490, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122,
QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN6122, QCN6132,
QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074,
QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490,
QCX315, QRB5165, QRB5165N, QSW8573, SA415M, SA515M, SA6145P, SA6150P, SA6155,
SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SC8280XP, SD 675, SD 8CX,
SD205, SD210, SD429, SD460, SD480, SD662, SD665, SD675, SD678, SD690 5G, SD720G,
SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD7c, SD850, SD865 5G,
SD870, SD888, SD888 5G, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55,
SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P,
SM7315, SM7325P, SM8450, SM8450P, WCD9306, WCD9330, WCD9370, WCD9375, WCD9380,
WCD9385, WCN3610, WCN3620, WCN3910, WCN3950, WCN3988, WCN3991, WCN3999, WCN6740,
WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835
CVE-2021-30273
CVE ID CVE-2021-30273 Title Reachable Assertion in Data Modem Description
Possible assertion due to improper handling of IPV6 packet with invalid length
in destination options header Technology Area Data Modem Vulnerability Type
CWE-617 Reachable Assertion Access Vector Remote Security Rating High CVSS
Rating High CVSS Score 7.5 CVSS String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Date Reported Internal Customer
Notified Date 06/07/2021 Affected Chipsets* APQ8009W, APQ8096AU, AR6003,
CSRB31024, MDM8207, MDM9205, MDM9206, MDM9207, MDM9215, MDM9250, MDM9607,
MDM9615, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA4004, QCA6174A,
QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU,
QCA6595AU, QCA6696, QCA9367, QCA9377, QCS410, QCS610, QET4101, QSW8573, SA415M,
SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P, SA8195P, SD 675, SD 8CX,
SD205, SD210, SD429, SD665, SD675, SD678, SD720G, SD730, SDA429W, SDM429W,
SDW2500, SDX20, SDX24, SM6250, SM6250P, WCD9306, WCD9330, WCD9335, WCD9340,
WCD9370, WCD9375, WCD9380, WCN3610, WCN3620, WCN3660B, WCN3950, WCN3980,
WCN3988, WCN3990, WCN3991
CVE-2021-30274
CVE ID CVE-2021-30274 Title Integer Overflow or Wraparound in Core Description
Possible integer overflow in access control initialization interface due to lack
and size and address validation Technology Area Core Vulnerability Type CWE-190
Integer Overflow or Wraparound Access Vector Local Security Rating High CVSS
Rating High CVSS Score 8.4 CVSS String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Date Reported Internal Customer
Notified Date 06/07/2021 Affected Chipsets* AR8031, AR8035, CSR8811, CSRA6620,
CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018,
IPQ6028, MDM9150, MDM9205, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6426,
QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU,
QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290,
QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024,
QCN9000, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCS2290, QCS405, QCS410,
QCS4290, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, QSM8250, SA415M, SA515M,
SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P,
SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G,
SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD7c, SD865 5G, SD870,
SD888 5G, SDX24, SDX55, SDX55M, SDX57M, SDXR2 5G, SM6225, SM6250, SM6250P,
SM6375, SM7250P, SM7325P, WCD9306, WCD9335, WCD9340, WCD9370, WCD9375, WCD9380,
WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3999, WCN6750,
WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835
CVE-2021-30278
CVE ID CVE-2021-30278 Title Improper Input Validation in Core Description
Improper input validation in TrustZone memory transfer interface can lead to
information disclosure Technology Area Core Vulnerability Type CWE-20 Improper
Input Validation Access Vector Local Security Rating High CVSS Rating High CVSS
Score 7.1 CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Date Reported
Internal Customer Notified Date 06/07/2021 Affected Chipsets* AR8031, AR8035,
CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6005,
IPQ6010, IPQ6018, IPQ6028, MDM9150, MDM9205, QCA4004, QCA6174A, QCA6390,
QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A,
QCA6574AU, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377,
QCA9984, QCM2290, QCM4290, QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122,
QCN5152, QCN6023, QCN6024, QCN9000, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074,
QCS2290, QCS405, QCS410, QCS4290, QCS610, QCS6490, QCX315, QRB5165, QRB5165N,
QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P,
SA8155, SA8155P, SA8195P, SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665,
SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G,
SD7c, SD850, SD865 5G, SD870, SD888 5G, SDX24, SDX55, SDX55M, SDXR2 5G, SM6225,
SM6250, SM6250P, SM6375, SM7250P, SM7325P, WCD9306, WCD9335, WCD9340, WCD9370,
WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991,
WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835
CVE-2021-30279
CVE ID CVE-2021-30279 Title Improper Access Control in Core Description Possible
access control violation while setting current permission for VMIDs due to
improper permission masking Technology Area Core Vulnerability Type CWE-284
Improper Access Control Access Vector Local Security Rating High CVSS Rating
High CVSS Score 7.8 CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal Customer Notified Date 06/07/2021 Affected Chipsets*
AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA8337, QCA9984, QCM2290, QCM4290,
QCM6490, QCS2290, QCS405, QCS4290, QCS6490, QCX315, QRB5165, QRB5165N, QSM8250,
SD460, SD480, SD660, SD662, SD690 5G, SD750G, SD765, SD765G, SD768G, SD778G,
SD865 5G, SD870, SD888 5G, SDX55, SDX55M, SDX57M, SDXR2 5G, SM6225, SM6375,
SM7250P, SM7325P, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910,
WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850,
WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
CVE-2021-30282
CVE ID CVE-2021-30282 Title Improper Validation of Array Index in Core
Description Possible out of bound write in RAM partition table due to improper
validation on number of partitions provided Technology Area Core Vulnerability
Type CWE-129 Improper Validation of Array Index Access Vector Local Security
Rating High CVSS Rating High CVSS Score 8.4 CVSS String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Date Reported Internal Customer
Notified Date 06/07/2021 Affected Chipsets* AR8031, AR8035, CSR8811, CSRA6620,
CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018,
IPQ6028, MDM9150, MDM9205, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6426,
QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595AU,
QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290,
QCM6490, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN6023, QCN6024,
QCN9000, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCS2290, QCS405, QCS410,
QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, QSM8250,
SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155,
SA8155P, SA8195P, SD 675, SD 8CX, SD460, SD480, SD662, SD665, SD675, SD678,
SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD7c, SD865 5G,
SD870, SD888 5G, SDX24, SDX55, SDX55M, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P,
SM6375, SM7250P, SM7325P, WCD9306, WCD9335, WCD9340, WCD9370, WCD9375, WCD9380,
WCD9385, WCN3910, WCN3950, WCN3988, WCN3991, WCN3999, WCN6750, WCN6850, WCN6851,
WCN6855, WCN6856, WSA8830, WSA8835
CVE-2021-30283
CVE ID CVE-2021-30283 Title Detection of Error Condition Without Action in
Kernel Description Possible denial of service due to improper handling of debug
register trap from user applications Technology Area KERNEL Vulnerability Type
CWE-390 Detection of Error Condition Without Action Access Vector Local Security
Rating High CVSS Rating High CVSS Score 7.1 CVSS String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H Date Reported Internal Customer
Notified Date 06/07/2021 Affected Chipsets* QCA6391, QCM6490, QCS6490, QRB5165,
QRB5165N, SD778G, SD888 5G, SM7325P, WCD9370, WCD9375, WCD9380, WCD9385,
WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835
CVE-2021-30289
CVE ID CVE-2021-30289 Title Detection of Error Condition Without Action in Modem
Description Possible buffer overflow due to lack of range check while processing
a DIAG command for COEX management Technology Area MCS Vulnerability Type
CWE-390 Detection of Error Condition Without Action Access Vector Local Security
Rating High CVSS Rating High CVSS Score 7.8 CVSS String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Date Reported 03/01/2021 Customer
Notified Date 06/07/2021 Affected Chipsets* APQ8009W, APQ8017, APQ8096AU,
AQT1000, CSRB31024, FSM10055, FSM10056, MDM8207, MDM9150, MDM9205, MDM9206,
MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8996AU,
QCA4004, QCA6174A, QCA6420, QCA6430, QCA6564A, QCA6564AU, QCA6574, QCA6574A,
QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA9367, QCA9377, QCM2290,
QCM4290, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QET4101, QSW8573,
Qualcomm215, SA415M, SA6145P, SA6150P, SA6155P, SA8145P, SA8150P, SA8155P,
SA8195P, SD 675, SD 8CX, SD205, SD210, SD429, SD460, SD660, SD662, SD665, SD675,
SD678, SD720G, SD730, SD7c, SD845, SD850, SD855, SDA429W, SDM429W, SDW2500,
SDX12, SDX20, SDX24, SDXR1, SM6225, SM6250, SM6250P, WCD9306, WCD9326, WCD9330,
WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCN3610, WCN3615, WCN3620,
WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991,
WCN3998, WSA8810, WSA8815
CVE-2021-30293
CVE ID CVE-2021-30293 Title Reachable Assertion in Modem Description Possible
assertion due to lack of input validation in PUSCH configuration Technology Area
Modem Vulnerability Type CWE-617 Reachable Assertion Access Vector Remote
Security Rating High CVSS Rating High CVSS Score 7.5 CVSS String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Date Reported Internal Customer
Notified Date 06/07/2021 Affected Chipsets* AR6003, AR8035, CSRB31024, FSM10055,
MDM9215, MDM9607, MDM9615, MDM9628, MDM9640, MDM9650, MSM8996AU, QCA6174A,
QCA6390, QCA6391, QCA6426, QCA6436, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU,
QCA6584AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCS410, QCS603,
QCS605, QCS610, QCX315, QRB5165, QRB5165N, QSM8250, SA415M, SD 675, SD205,
SD210, SD480, SD675, SD678, SD690 5G, SD730, SD750G, SD765, SD765G, SD768G,
SD865 5G, SD870, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6375, SM7250P, SM8450,
SM8450P, WCD9340, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3950, WCN3988,
WCN3991, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830,
WSA8835
CVE-2021-30303
CVE ID CVE-2021-30303 Title Stack-based Buffer Overflow in WLAN Description
Possible buffer overflow due to lack of buffer length check when segmented WMI
command is received Technology Area WLAN HAL Vulnerability Type CWE-121
Stack-based Buffer Overflow Access Vector Local Security Rating High CVSS Rating
High CVSS Score 7.8 CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported 02/13/2021 Customer Notified Date 09/06/2021 Affected Chipsets*
APQ8009, APQ8017, APQ8064AU, APQ8096AU, AQT1000, AR7420, AR8031, AR8035, AR9380,
CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4019, IPQ4028, IPQ4029,
IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064,
IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072,
IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173,
IPQ8174, MDM9206, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8996AU,
PMP8074, QCA1023, QCA2062, QCA2064, QCA2065, QCA2066, QCA4024, QCA4531,
QCA6174A, QCA6175A, QCA6320, QCA6390, QCA6391, QCA6420, QCA6426, QCA6428,
QCA6430, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A,
QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA7500, QCA7520, QCA7550,
QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9378, QCA9379, QCA9531,
QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889,
QCA9896, QCA9898, QCA9980, QCA9984, QCA9985, QCA9986, QCA9987, QCA9988, QCA9990,
QCA9992, QCA9994, QCM2290, QCM4290, QCM6490, QCN5021, QCN5022, QCN5024, QCN5052,
QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5501,
QCN5502, QCN5550, QCN6023, QCN6024, QCN6122, QCN6132, QCN7605, QCN7606, QCN9000,
QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405,
QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QRB5165, QRB5165N,
SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155,
SA8155P, SA8195P, SC8280XP, SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665,
SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G,
SD780G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX12,
SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P,
SM6375, SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9326, WCD9330, WCD9335,
WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610,
WCN3660B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998,
WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815,
WSA8830, WSA8835
CVE-2021-30336
CVE ID CVE-2021-30336 Title Buffer Over-read in DSP Services Description
Possible out of bound read due to lack of domain input validation while
processing APK close session request Technology Area DSP Service Vulnerability
Type CWE-126 Buffer Over-read Access Vector Local Security Rating High CVSS
Rating High CVSS Score 8.4 CVSS String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Date Reported Internal Customer
Notified Date 09/06/2021 Affected Chipsets* QCA6390, QCA6391, QCA6574, QCA6574A,
QCA6574AU, QCA6595AU, QCA6696, QCM2290, QCM4290, QCM6490, QCS2290, QCS4290,
QCS6490, Qualcomm215, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P,
SA8155, SA8155P, SA8195P, SD 675, SD460, SD480, SD662, SD665, SD675, SD678,
SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G, SD865
5G, SD870, SD888, SD888 5G, SDA429W, SDX55M, SDXR1, SM6225, SM6250, SM6375,
SM7250P, SM7315, SM7325P, SM8450, SM8450P, WCD9370, WCD9375, WCD9380, WCD9385,
WCN3610, WCN3660B, WCN3910, WCN3950, WCN3988, WCN3991, WCN6740, WCN6750,
WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835
CVE-2021-30348
CVE ID CVE-2021-30348 Title Uncontrolled Resource Consumption in Bluetooth
Description Improper validation of LLM utility timers availability can lead to
denial of service Technology Area BT Controller Vulnerability Type CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion') Access Vector Remote
Security Rating Medium CVSS Rating Medium CVSS Score 6.5 CVSS String
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Date Reported 05/24/2021 Customer
Notified Date 10/04/2021 Affected Chipsets* APQ8009, APQ8017, APQ8064AU,
APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MDM9250,
MDM9607, MDM9628, MDM9640, MDM9650, MSM8996AU, QCA1062, QCA1064, QCA2062,
QCA2064, QCA2065, QCA2066, QCA6174A, QCA6175A, QCA6390, QCA6391, QCA6420,
QCA6426, QCA6430, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A,
QCA6574AU, QCA6584, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9377, QCA9379,
QCA9886, QCM2290, QCM4290, QCM6490, QCN7605, QCN7606, QCS2290, QCS405, QCS410,
QCS4290, QCS603, QCS605, QCS610, QCS6490, QCX315, QRB5165, QRB5165N, SA415M,
SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P,
SA8195P, SC8280XP, SD 675, SD 8CX, SD460, SD480, SD660, SD662, SD665, SD675,
SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD778G, SD780G,
SD7c, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDX55, SDX55M,
SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM7315,
SM7325P, SM8450, SM8450P, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370,
WCD9375, WCD9380, WCD9385, WCN3610, WCN3660B, WCN3910, WCN3950, WCN3980,
WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851,
WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835
CVE-2021-35093
CVE ID CVE-2021-35093 Title Memory Corruption in Bluetooth Controller Firmware
Description Possible memory corruption in BT controller when it receives an
oversized LMP packet over 2-DH1 link and leads to denial of service Technology
Area Bluetooth Vulnerability Type CWE-120: Buffer Copy without Checking Size of
Input ('Classic Buffer Overflow') Access Vector Remote Security Rating Medium
CVSS Rating Medium CVSS Score 6.5 CVSS String
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Date Reported 05/24/2021 Customer
Notified Date 12/06/2021 Affected Chipsets* CSR8510 A10, CSR8811 A12
*The list of affected chipsets may not be complete. For latest information,
device OEMs can contact QTI directly at www.qualcomm.com/support.
OPEN SOURCE SOFTWARE ISSUES
THE TABLES BELOW SUMMARIZE SECURITY VULNERABILITIES THAT WERE ADDRESSED THROUGH
OPEN SOURCE SOFTWARE
This table lists high impact security vulnerabilities. Patches have been
released for affected products. OEMs have been notified and strongly recommended
to release patches on end devices.
Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2021-30262 High High Data Network Stack & Connectivity 01/28/2021
CVE-2021-30335 High High DSP Service 05/27/2021 CVE-2021-30337 High High DSP
Service 06/08/2021
This table lists moderate security vulnerabilities. OEMs have been notified and
encouraged to patch these issues.
Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2021-30298 Medium Medium Core Services 01/07/2021
CVE-2021-30262
CVE ID CVE-2021-30262 Title Use After Free in Modem Description Improper
validation of a socket state when socket events are being sent to clients can
lead to invalid access of memory Technology Area Data Network Stack &
Connectivity Vulnerability Type CWE-416 Use After Free Access Vector Local
Security Rating High CVSS Rating High CVSS Score 8.4 CVSS String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Date Reported 01/28/2021 Customer
Notified Date 06/07/2021 Affected Chipsets* APQ8009W, AQT1000, AR8031, AR8035,
CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9150, MDM9640, MSM8909W,
QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A, QCA6564AU,
QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA8337, QCA9377, QCS405,
QCS410, QCS603, QCS605, QCS610, QET4101, QRB5165, QRB5165N, QSM8250, QSW8573,
Qualcomm215, SA415M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P,
SA8155, SA8155P, SA8195P, SD 675, SD205, SD210, SD429, SD460, SD660, SD662,
SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G,
SD845, SD855, SD865 5G, SD870, SDA429W, SDM429W, SDX24, SDX55, SDX55M, SDXR1,
SDXR2 5G, SM6225, SM6250, SM6250P, SM7250P, WCD9326, WCD9335, WCD9340, WCD9341,
WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3660B, WCN3680B,
WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6850, WCN6851,
WSA8810, WSA8815, WSA8830, WSA8835 Patch**
* https://source.codeaurora.org/quic/le/kernel/msm-4.19/commit/?id=b84b5c3c6a17b3f74e29cecfdb2967ba7875cf70
CVE-2021-30335
CVE ID CVE-2021-30335 Title Reachable Assertion in DSP Services Description
Possible assertion in QOS request due to improper validation when multiple add
or update request are received simultaneously Technology Area DSP Service
Vulnerability Type CWE-617 Reachable Assertion Access Vector Local Security
Rating High CVSS Rating High CVSS Score 8.4 CVSS String
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Date Reported 05/27/2021 Customer
Notified Date 09/06/2021 Affected Chipsets* APQ8009W, AQT1000, AR8031, AR8035,
AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ4018,
IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6005, IPQ6010,
IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071,
IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078,
IPQ8078A, IPQ8173, IPQ8174, MDM9150, MSM8909W, PMP8074, QCA4024, QCA6174A,
QCA6390, QCA6391, QCA6428, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574,
QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA7500, QCA8072, QCA8075, QCA8081,
QCA8337, QCA9377, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984,
QCA9985, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCN5021, QCN5022, QCN5024,
QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164,
QCN5550, QCN6023, QCN6024, QCN6122, QCN6132, QCN9000, QCN9012, QCN9022, QCN9024,
QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603,
QCS605, QCS610, QCX315, QET4101, QRB5165, QRB5165N, QSM8250, QSW8573,
Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8145P,
SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD205, SD210, SD429, SD665, SD675,
SD678, SD690 5G, SD720G, SD730, SD750G, SD845, SD855, SD865 5G, SD870, SDA429W,
SDM429W, SDX24, SDX55, SDXR1, SM6250, SM6250P, WCD9326, WCD9335, WCD9340,
WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620,
WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991,
WCN3998, WCN3999, WSA8810, WSA8815, WSA8830, WSA8835 Patch**
* https://source.codeaurora.org/quic/qsdk/oss/kernel/linux-msm/commit/?id=4c3953facbf392f9b2558e7d916623f84232c1b9
CVE-2021-30337
CVE ID CVE-2021-30337 Title Use After Free in DSP Services Description Possible
use after free when process shell memory is freed using IOCTL call and process
initialization is in progress Technology Area DSP Service Vulnerability Type
CWE-416 Use After Free Access Vector Local Security Rating High CVSS Rating High
CVSS Score 8.4 CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Date
Reported 06/08/2021 Customer Notified Date 09/06/2021 Affected Chipsets*
APQ8009, APQ8009W, APQ8017, APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR8811,
CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ4018, IPQ4019, IPQ4028,
IPQ4029, IPQ5010, IPQ5018, IPQ5028, IPQ6000, IPQ6010, IPQ6018, IPQ6028, IPQ8064,
IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A,
IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174,
MDM9150, MDM9206, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8909W,
MSM8996AU, PMP8074, QCA4024, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6428,
QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU,
QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA7500, QCA8072, QCA8075, QCA8081,
QCA8337, QCA9367, QCA9377, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980,
QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6490, QCN5021,
QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5122, QCN5124, QCN5152, QCN5154,
QCN5164, QCN5550, QCN6023, QCN6024, QCN6122, QCN6132, QCN9000, QCN9012, QCN9022,
QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290,
QCS603, QCS605, QCS610, QCS6490, QCX315, QET4101, QRB5165, QRB5165N, QSM8250,
QSW8573, Qualcomm215, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P,
SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD205, SD210, SD429, SD460,
SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765,
SD765G, SD768G, SD845, SD855, SD865 5G, SD870, SDA429W, SDM429W, SDW2500, SDX12,
SDX20, SDX24, SDX55, SDX55M, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM7250P,
SM8450, SM8450P, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370,
WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B,
WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750,
WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835 Patch**
* https://source.codeaurora.org/quic/le/kernel/msm-4.19/commit/?id=efeb2341ecd33833e0b7c20885d6aca1dc76d4bb
CVE-2021-30298
CVE ID CVE-2021-30298 Title Buffer Copy Without Checking Size of Input in DIAG
Services Description Possible out of bound access due to improper validation of
item size and DIAG memory pools data while switching between USB and PCIE
interface Technology Area Core Services Vulnerability Type CWE-120 Buffer Copy
Without Checking Size of Input ('Classic Buffer Overflow') Access Vector Local
Security Rating Medium CVSS Rating Medium CVSS Score 6.7 CVSS String
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Date Reported 01/07/2021 Customer
Notified Date 06/07/2021 Affected Chipsets* AR8031, AR8035, CSRA6620, CSRA6640,
FSM10055, FSM10056, IPQ8072A, IPQ8074A, IPQ8076A, MDM9150, QCA6390, QCA6391,
QCA6574AU, QCA6595AU, QCA6696, QCA8337, QCN9000, QCN9074, QCS405, QCS410,
QCS610, QRB5165, QRB5165N, Qualcomm215, SA8155P, SD205, SD210, SD460, SD662,
SD665, SD765, SD765G, SD768G, SD865 5G, SD870, SDA429W, SDX55, SDX55M, SM7250P,
WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620,
WCN3660B, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WCN6850,
WCN6851, WSA8810, WSA8815, WSA8830, WSA8835 Patch**
* https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=5cdb717eb842ab5d4fdde5117d8194571cd3ba86
* https://source.codeaurora.org/quic/le/kernel/msm-4.19/commit/?id=c59bd17c7f7d51c43844cf3051338ba6cc5db08c
* The list of affected chipsets may not be complete. For latest information,
device OEMs can contact QTI directly at www.qualcomm.com/support.
** Data is generated only at the time of bulletin creation
INDUSTRY COORDINATION
Security ratings of issues included in Android security bulletins and these
bulletins match in the most common scenarios but may differ in some cases due to
one of the following reasons:
* Consideration of security protections such as SELinux not enforced on some
platforms
* Differences in assessment of some specific scenarios that involves local
denial of service or privilege escalation vulnerabilities in the high level
OS kernel
VERSION HISTORY
Version Date Comments 1.0 December 6, 2021 Bulletin Published
All Qualcomm products mentioned herein are products of Qualcomm Technologies,
Inc. and/or its subsidiaries.
Qualcomm is a trademark of Qualcomm Incorporated, registered in the United
States and other countries. Other product and brand names may be trademarks or
registered trademarks of their respective owners.
This technical data may be subject to U.S. and international export, re-export,
or transfer (“export”) laws. Diversion contrary to U.S. and international law is
strictly prohibited.
Qualcomm Technologies, Inc.
5775 Morehouse Drive
San Diego, CA 92121
U.S.A.
© 2019 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.
Language
About QualcommCareersOfficesContact UsSupportEmail Subscriptions
Terms of UsePrivacyCookies Policy
Cookies Settings
©2022 Qualcomm Technologies, Inc. and/or its affiliated companies.
References to "Qualcomm" may mean Qualcomm Incorporated, or subsidiaries or
business units within the Qualcomm corporate structure, as applicable.
Qualcomm Incorporated includes Qualcomm's licensing business, QTL, and the vast
majority of its patent portfolio. Qualcomm Technologies, Inc., a wholly-owned
subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries,
substantially all of Qualcomm's engineering, research and development functions,
and substantially all of its products and services businesses. Qualcomm products
referenced on this page are products of Qualcomm Technologies, Inc. and/or its
subsidiaries.
Materials that are as of a specific date, including but not limited to press
releases, presentations, blog posts and webcasts, may have been superseded by
subsequent events or disclosures.
Nothing in these materials is an offer to sell any of the components or devices
referenced herein.
PRIVACY PREFERENCE CENTER
We respect your privacy right and preference. Please select and accept your
preference as described below. You can click on the different category headings
to learn more about each option. Blocking some types of cookies may impact your
experience of our website and the services we may be able to offer. For more
details, please click our Privacy Policy.
Allow all
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
BACK BUTTON PERFORMANCE COOKIES
Vendor Search Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Confirm my choices
QUALCOMM COOKIES
Qualcomm website uses cookies and similar technologies to enhance site
navigation, for site analytics, and to show you content tailored to your
interests. You can find more details on our Privacy Policy. By clicking “Accept
All Cookies,” you agree to our use of cookies and similar technologies
accordingly.
By clicking the close button in the upper-right corner, you agree to continue to
view our website without accepting cookies that are not necessary for the
website to function.
Accept all cookies
Cookies Settings