CVE-2021-30268

Summary

Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon WearablesAPQ8009W, APQ8017, APQ8096AU, AQT1000, AR6003, AR8035, CSRB31024, FSM10055, FSM10056, MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9205, MDM9206, MDM9207, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9615M, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCM2290, QCM4290, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QCX315, QET4101, QSW8573, Qualcomm215, SA415M, SA515M, SD 675, SD 8CX, SD205, SD210, SD429, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM8450, SM8450P, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, ...[truncated*]affected

Weaknesses

  • Buffer Copy Without Checking Size of Input in Modem

ADP Enrichment

CVE Program Container

Additional References

References