CVE-2021-1969
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Improper validation of kernel buffer address while copying information back to user buffer can lead to kernel memory information exposure to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, FSM10055, FSM10056, MDM9150, QCA6391, QCA6420, QCA6430, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCM6125, QCS405, QCS410, QCS610, QCS6125, SA6145P, SA6150P, SA6155, SA6155P, SA8145P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8C, SD 8CX, SD665, SD675, SD678, SD720G, SD855, SDA429W, SDX55, SDX55M, SM6250, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCN3610, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WSA8810, WSA8815 | affected |
Weaknesses
- Information Exposure in Neural Processing
ADP Enrichment
CVE Program Container
Additional References
- https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin
- http://packetstormsecurity.com/files/172856/Qualcomm-NPU-Use-After-Free-Information-Leak.html
References
- https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin
- http://packetstormsecurity.com/files/172856/Qualcomm-NPU-Use-After-Free-Information-Leak.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.