CVE-2021-30298

Summary

Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and NetworkingAR8031, AR8035, CSRA6620, CSRA6640, FSM10055, FSM10056, IPQ8072A, IPQ8074A, IPQ8076A, MDM9150, QCA6390, QCA6391, QCA6574AU, QCA6595AU, QCA6696, QCA8337, QCN9000, QCN9074, QCS405, QCS410, QCS610, QRB5165, QRB5165N, Qualcomm215, SA8155P, SD205, SD210, SD460, SD662, SD665, SD765, SD765G, SD768G, SD865 5G, SD870, SDA429W, SDX55, SDX55M, SM7250P, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3620, WCN3660B, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WCN6850, WCN6851, WSA8810, WSA8815, WSA8830, WSA8835affected

Weaknesses

  • Buffer Copy Without Checking Size of Input in DIAG Services

ADP Enrichment

CVE Program Container

Additional References

References