Multiple vulnerabilities in Qualcomm chipsets

1) Use-after-free

EUVDB-ID: #VU51882

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11234

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Data HLOS when sending a socket event message to a user application. A malicious application can pass invalid information, if socket is freed by another thread, trigger a use-after-free error and escalate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8009W: All versions

APQ8017: All versions

APQ8053: All versions

APQ8064AU: All versions

APQ8096AU: All versions

AQT1000: All versions

AR8031: All versions

AR8035: All versions

AR8151: All versions

CSR6030: All versions

CSRA6620: All versions

CSRA6640: All versions

MDM9206: All versions

MDM9250: All versions

MDM9607: All versions

MDM9628: All versions

MDM9640: All versions

MDM9650: All versions

MDM9655: All versions

MSM8108: All versions

MSM8208: All versions

MSM8209: All versions

MSM8608: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8953: All versions

MSM8996AU: All versions

PM215: All versions

PM3003A: All versions

PM439: All versions

PM6125: All versions

PM6150: All versions

PM640A: All versions

PM640L: All versions

PM640P: All versions

PM660: All versions

PM660A: All versions

PM660L: All versions

PM670: All versions

PM670A: All versions

PM670L: All versions

PM7150A: All versions

PM7150L: All versions

PM7250: All versions

PM7250B: All versions

PM8004: All versions

PM8005: All versions

PM8008: All versions

PM8009: All versions

PM8150: All versions

PM8150A: All versions

PM8150B: All versions

PM8150C: All versions

PM8150L: All versions

PM8250: All versions

PM855: All versions

PM855A: All versions

PM855B: All versions

PM855L: All versions

PM855P: All versions

PM8909: All versions

PM8916: All versions

PM8937: All versions

PM8953: All versions

PM8996: All versions

PM8998: All versions

PMC1000H: All versions

PMD9607: All versions

PMD9645: All versions

PMD9655: All versions

PME605: All versions

PMI632: All versions

PMI8937: All versions

PMI8952: All versions

PMI8994: All versions

PMI8996: All versions

PMI8998: All versions

PMK8001: All versions

PMK8002: All versions

PMM855AU: All versions

PMM8996AU: All versions

PMR525: All versions

PMW3100: All versions

PMX20: All versions

PMX24: All versions

PMX50: All versions

PMX55: All versions

QAT3514: All versions

QAT3516: All versions

QAT3518: All versions

QAT3519: All versions

QAT3522: All versions

QAT3550: All versions

QAT3555: All versions

QAT5515: All versions

QAT5516: All versions

QAT5522: All versions

QAT5533: All versions

QBT1000: All versions

QBT1500: All versions

QBT2000: All versions

QCA4020: All versions

QCA6174: All versions

QCA6174A: All versions

QCA6175A: All versions

QCA6310: All versions

QCA6320: All versions

QCA6335: All versions

QCA6390: All versions

QCA6391: All versions

QCA6420: All versions

QCA6421: All versions

QCA6426: All versions

QCA6430: All versions

QCA6431: All versions

QCA6436: All versions

QCA6564A: All versions

QCA6564AU: All versions

QCA6574: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6584: All versions

QCA6584AU: All versions

QCA6595: All versions

QCA6595AU: All versions

QCA6696: All versions

QCA8337: All versions

QCA9367: All versions

QCA9377: All versions

QCA9379: All versions

QCC1110: All versions

QCN7605: All versions

QCN7606: All versions

QCS405: All versions

QCS603: All versions

QCS605: All versions

QDM2301: All versions

QDM2302: All versions

QDM2305: All versions

QDM3301: All versions

QDM5620: All versions

QDM5621: All versions

QDM5650: All versions

QDM5652: All versions

QDM5670: All versions

QDM5671: All versions

QDM5677: All versions

QDM5679: All versions

QET4100: All versions

QET4101: All versions

QET4200AQ: All versions

QET5100: All versions

QET5100M: All versions

QET6110: All versions

QFE2080FC: All versions

QFE2081FC: All versions

QFE2082FC: All versions

QFE2101: All versions

QFE2520: All versions

QFE2550: All versions

QFE3100: All versions

QFE3320: All versions

QFE3340: All versions

QFE3440FC: All versions

QFE4301: All versions

QFE4302: All versions

QFE4303: All versions

QFE4305: All versions

QFE4308: All versions

QFE4309: All versions

QFE4320: All versions

QFE4373FC: All versions

QFE4455FC: All versions

QFE4465FC: All versions

QFS2530: All versions

QFS2580: All versions

QLN1020: All versions

QLN1021AQ: All versions

QLN1030: All versions

QLN1031: All versions

QLN1035BD: All versions

QLN1036AQ: All versions

QLN4642: All versions

QLN4650: All versions

QLN5020: All versions

QLN5030: All versions

QLN5040: All versions

QPA2625: All versions

QPA4340: All versions

QPA4360: All versions

QPA4361: All versions

QPA5373: All versions

QPA5460: All versions

QPA5580: All versions

QPA6560: All versions

QPA8673: All versions

QPA8686: All versions

QPA8801: All versions

QPA8802: All versions

QPA8803: All versions

QPA8821: All versions

QPA8842: All versions

QPM4650: All versions

QPM5541: All versions

QPM5577: All versions

QPM5579: All versions

QPM5621: All versions

QPM5658: All versions

QPM5670: All versions

QPM5677: All versions

QPM5679: All versions

QPM6325: All versions

QPM6375: All versions

QPM6582: All versions

QPM6585: All versions

QPM8830: All versions

QPM8895: All versions

QSM7250: All versions

QSW6310: All versions

QSW8573: All versions

QSW8574: All versions

QTC410S: All versions

QTC800H: All versions

QTC800S: All versions

QTC800T: All versions

QTC801S: All versions

QTM525: All versions

Qualcomm215: All versions

RGR7640AU: All versions

RSW8577: All versions

SA2150P: All versions

SA515M: All versions

SA6155: All versions

SA6155P: All versions

SA8155: All versions

SA8155P: All versions

SD636: All versions

SD675: All versions

SD8C: All versions

SD8CX: All versions

SD205: All versions

SD210: All versions

SD429: All versions

SD439: All versions

SD450: All versions

SD632: All versions

SD660: All versions

SD665: All versions

SD670: All versions

SD678: All versions

SD710: All versions

SD712: All versions

SD730: All versions

SD765: All versions

SD765G: All versions

SD768G: All versions

SD820: All versions

SD821: All versions

SD835: All versions

SD845: All versions

SD855: All versions

SD8655G: All versions

SD870: All versions

SDM429W: All versions

SDM630: All versions

SDM830: All versions

SDR051: All versions

SDR052: All versions

SDR660: All versions

SDR660G: All versions

SDR8150: All versions

SDR8250: All versions

SDR845: All versions

SDR865: All versions

SDW2500: All versions

SDW3100: All versions

SDX20: All versions

SDX20M: All versions

SDX24: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SDXR1: All versions

SDXR25G: All versions

SM7250P: All versions

SMB1350: All versions

SMB1351: All versions

SMB1355: All versions

SMB1357: All versions

SMB1358: All versions

SMB1360: All versions

SMB1380: All versions

SMB1381: All versions

SMB1390: All versions

SMB1395: All versions

SMB231: All versions

SMB2351: All versions

SMB358S: All versions

SMR525: All versions

SMR526: All versions

WCD9326: All versions

WCD9330: All versions

WCD9335: All versions

WCD9340: All versions

WCD9341: All versions

WCD9360: All versions

WCD9370: All versions

WCD9371: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCN3610: All versions

WCN3615: All versions

WCN3620: All versions

WCN3660: All versions

WCN3660B: All versions

WCN3680: All versions

WCN3680B: All versions

WCN3950: All versions

WCN3980: All versions

WCN3990: All versions

WCN3991: All versions

WCN3998: All versions

WCN3999: All versions

WGR7640: All versions

WHS9410: All versions

WSA8810: All versions

WSA8815: All versions

WTR2955: All versions

WTR2965: All versions

WTR3905: All versions

WTR3925: All versions

WTR3950: All versions

WTR4605: All versions

WTR4905: All versions

WTR5975: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin
http://source.codeaurora.org/quic/la/kernel/msm-4.19/commit/?id=76a699e746c9b3a1494597a6756ff21fc84b48e4
http://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=82561910f1048593dced3f44243494596972586b

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Double Free

EUVDB-ID: #VU51883

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11246

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in Digital Rights Management when the device moves to suspend mode during secure playback. A malicious application can can trigger a double free error and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8017: All versions

APQ8037: All versions

APQ8053: All versions

AQT1000: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

PM215: All versions

PM3003A: All versions

PM4125: All versions

PM439: All versions

PM456: All versions

PM6125: All versions

PM6150: All versions

PM6150A: All versions

PM6150L: All versions

PM6250: All versions

PM6350: All versions

PM660: All versions

PM660A: All versions

PM660L: All versions

PM7150A: All versions

PM7150L: All versions

PM7250: All versions

PM7250B: All versions

PM7350C: All versions

PM8004: All versions

PM8005: All versions

PM8008: All versions

PM8009: All versions

PM8150A: All versions

PM8150B: All versions

PM8150C: All versions

PM8150L: All versions

PM8250: All versions

PM8350: All versions

PM8350B: All versions

PM8350BH: All versions

PM8350BHS: All versions

PM8350C: All versions

PM855: All versions

PM855B: All versions

PM855L: All versions

PM855P: All versions

PM8909: All versions

PM8937: All versions

PM8940: All versions

PM8953: All versions

PM8998: All versions

PMI632: All versions

PMI8937: All versions

PMI8952: All versions

PMI8998: All versions

PMK7350: All versions

PMK8002: All versions

PMK8003: All versions

PMK8350: All versions

PMM6155AU: All versions

PMM8155AU: All versions

PMM8195AU: All versions

PMM855AU: All versions

PMR525: All versions

PMR735A: All versions

PMR735B: All versions

PMX50: All versions

PMX55: All versions

QAT3514: All versions

QAT3516: All versions

QAT3518: All versions

QAT3519: All versions

QAT3522: All versions

QAT3550: All versions

QAT3555: All versions

QAT5515: All versions

QAT5516: All versions

QAT5522: All versions

QAT5533: All versions

QAT5568: All versions

QBT1500: All versions

QBT2000: All versions

QCA6310: All versions

QCA6320: All versions

QCA6335: All versions

QCA6390: All versions

QCA6391: All versions

QCA6420: All versions

QCA6421: All versions

QCA6426: All versions

QCA6430: All versions

QCA6431: All versions

QCA6436: All versions

QCA6564A: All versions

QCA6564AU: All versions

QCA6574: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6595: All versions

QCA6595AU: All versions

QCA6696: All versions

QCM2290: All versions

QCM4290: All versions

QCM6125: All versions

QCS2290: All versions

QCS4290: All versions

QCS6125: All versions

QDM2301: All versions

QDM2302: All versions

QDM2305: All versions

QDM2307: All versions

QDM2308: All versions

QDM2310: All versions

QDM3301: All versions

QDM3302: All versions

QDM4643: All versions

QDM4650: All versions

QDM5579: All versions

QDM5620: All versions

QDM5621: All versions

QDM5650: All versions

QDM5652: All versions

QDM5670: All versions

QDM5671: All versions

QDM5677: All versions

QDM5679: All versions

QET4100: All versions

QET4101: All versions

QET5100: All versions

QET5100M: All versions

QET6100: All versions

QET6110: All versions

QFE2101: All versions

QFE2520: All versions

QFE2550: All versions

QFE3340: All versions

QFE4301: All versions

QFE4302: All versions

QFE4303: All versions

QFE4305: All versions

QFE4308: All versions

QFE4309: All versions

QFE4320: All versions

QFE4373FC: All versions

QFS2530: All versions

QFS2580: All versions

QFS2608: All versions

QFS2630: All versions

QLN1020: All versions

QLN1030: All versions

QLN4640: All versions

QLN4642: All versions

QLN4650: All versions

QLN5020: All versions

QLN5030: All versions

QLN5040: All versions

QPA2625: All versions

QPA4340: All versions

QPA4360: All versions

QPA4361: All versions

QPA5373: All versions

QPA5461: All versions

QPA5580: All versions

QPA5581: All versions

QPA6560: All versions

QPA8673: All versions

QPA8675: All versions

QPA8686: All versions

QPA8801: All versions

QPA8802: All versions

QPA8803: All versions

QPA8821: All versions

QPA8842: All versions

QPM2630: All versions

QPM4621: All versions

QPM4630: All versions

QPM4640: All versions

QPM4641: All versions

QPM4650: All versions

QPM5620: All versions

QPM5621: All versions

QPM5641: All versions

QPM5657: All versions

QPM5658: All versions

QPM5670: All versions

QPM5677: All versions

QPM5679: All versions

QPM5870: All versions

QPM5875: All versions

QPM6582: All versions

QPM6585: All versions

QPM6621: All versions

QPM6670: All versions

QPM8820: All versions

QPM8830: All versions

QPM8870: All versions

QPM8895: All versions

QSM7250: All versions

QSW6310: All versions

QSW8573: All versions

QSW8574: All versions

QTC410S: All versions

QTC800H: All versions

QTC800S: All versions

QTC801S: All versions

QTM525: All versions

Qualcomm215: All versions

RSW8577: All versions

SA6145P: All versions

SA6150P: All versions

SA6155: All versions

SA6155P: All versions

SA8150P: All versions

SA8155: All versions

SA8155P: All versions

SA8195P: All versions

SD675: All versions

SD205: All versions

SD210: All versions

SD429: All versions

SD439: All versions

SD450: All versions

SD460: All versions

SD632: All versions

SD660: All versions

SD662: All versions

SD665: All versions

SD670: All versions

SD678: All versions

SD6905G: All versions

SD710: All versions

SD720G: All versions

SD730: All versions

SD750G: All versions

SD765: All versions

SD765G: All versions

SD768G: All versions

SD835: All versions

SD845: All versions

SD855: All versions

SD8655G: All versions

SD870: All versions

SD8885G: All versions

SDM630: All versions

SDR051: All versions

SDR052: All versions

SDR425: All versions

SDR660: All versions

SDR660G: All versions

SDR675: All versions

SDR735: All versions

SDR735G: All versions

SDR8150: All versions

SDR8250: All versions

SDR865: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SDXR1: All versions

SDXR25G: All versions

SM4125: All versions

SM6250: All versions

SM6250P: All versions

SM7250P: All versions

SM7350: All versions

SMB1351: All versions

SMB1354: All versions

SMB1355: All versions

SMB1358: All versions

SMB1380: All versions

SMB1381: All versions

SMB1390: All versions

SMB1394: All versions

SMB1395: All versions

SMB1396: All versions

SMB1398: All versions

SMR525: All versions

SMR526: All versions

SMR545: All versions

SMR546: All versions

WCD9326: All versions

WCD9335: All versions

WCD9340: All versions

WCD9341: All versions

WCD9370: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCN3610: All versions

WCN3615: All versions

WCN3660B: All versions

WCN3680: All versions

WCN3680B: All versions

WCN3910: All versions

WCN3950: All versions

WCN3980: All versions

WCN3988: All versions

WCN3990: All versions

WCN3991: All versions

WCN3998: All versions

WCN6740: All versions

WCN6750: All versions

WCN6850: All versions

WCN6851: All versions

WCN6856: All versions

WGR7640: All versions

WSA8810: All versions

WSA8815: All versions

WSA8830: All versions

WSA8835: All versions

WTR2955: All versions

WTR2965: All versions

WTR3925: All versions

WTR4905: All versions

WTR5975: All versions

WTR6955: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Buffer overflow

EUVDB-ID: #VU51884

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1892

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error while processing nonstandard IO control in WLAN. A malicious application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AQT1000: All versions

PM8005: All versions

PM855: All versions

PM855P: All versions

PM8998: All versions

PMI8998: All versions

QAT3550: All versions

QCA1062: All versions

QCA1064: All versions

QCA2066: All versions

QCA6164: All versions

QCA6174: All versions

QCA6174A: All versions

QCA6310: All versions

QCA6335: All versions

QCA6391: All versions

QCA6420: All versions

QCA6430: All versions

QCA6595AU: All versions

QCA9377: All versions

QCN7605: All versions

QCN7606: All versions

QET4100: All versions

QFE2081FC: All versions

QFE2082FC: All versions

QFE3100: All versions

QFE3440FC: All versions

QFE4455FC: All versions

QLN1035BD: All versions

SD8C: All versions

SD8CX: All versions

SD835: All versions

SD845: All versions

SD850: All versions

SDR8150: All versions

SMB1350: All versions

SMB1351: All versions

SMB1380: All versions

SMB1381: All versions

SMB1390: All versions

SMB2351: All versions

WCD9335: All versions

WCD9340: All versions

WCD9341: All versions

WCN3990: All versions

WCN3998: All versions

WCN6850: All versions

WCN6851: All versions

WCN6855: All versions

WCN6856: All versions

WGR7640: All versions

WSA8810: All versions

WSA8815: All versions

WTR5975: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Double Free

EUVDB-ID: #VU51885

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11231

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in GPS HLOS Driver. Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption. A malicious application can trigger double free error and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8017: All versions

APQ8053: All versions

AQT1000: All versions

MSM8917: All versions

MSM8953: All versions

PM215: All versions

PM3003A: All versions

PM439: All versions

PM6125: All versions

PM6150: All versions

PM6150L: All versions

PM7150A: All versions

PM7150L: All versions

PM7250: All versions

PM7250B: All versions

PM7350C: All versions

PM8008: All versions

PM8009: All versions

PM8150A: All versions

PM8150B: All versions

PM8150C: All versions

PM8150L: All versions

PM8250: All versions

PM8350: All versions

PM8350B: All versions

PM8350BH: All versions

PM8350BHS: All versions

PM8350C: All versions

PM855: All versions

PM855B: All versions

PM855L: All versions

PM8937: All versions

PM8953: All versions

PMI632: All versions

PMI8937: All versions

PMI8952: All versions

PMK7350: All versions

PMK8002: All versions

PMK8350: All versions

PMR525: All versions

PMR735A: All versions

PMR735B: All versions

PMX55: All versions

QAT3514: All versions

QAT3516: All versions

QAT3518: All versions

QAT3519: All versions

QAT3522: All versions

QAT3555: All versions

QAT5515: All versions

QAT5516: All versions

QAT5522: All versions

QAT5533: All versions

QAT5568: All versions

QBT1500: All versions

QBT2000: All versions

QCA6390: All versions

QCA6391: All versions

QCA6421: All versions

QCA6426: All versions

QCA6431: All versions

QCA6436: All versions

QCM4290: All versions

QCM6125: All versions

QCS4290: All versions

QCS610: All versions

QCS6125: All versions

QDM2301: All versions

QDM2302: All versions

QDM2305: All versions

QDM2307: All versions

QDM2308: All versions

QDM2310: All versions

QDM3301: All versions

QDM3302: All versions

QDM4643: All versions

QDM4650: All versions

QDM5579: All versions

QDM5620: All versions

QDM5621: All versions

QDM5650: All versions

QDM5652: All versions

QDM5670: All versions

QDM5671: All versions

QDM5677: All versions

QDM5679: All versions

QET4101: All versions

QET5100: All versions

QET5100M: All versions

QET6100: All versions

QET6110: All versions

QFE2101: All versions

QFE2550: All versions

QFE4301: All versions

QFE4302: All versions

QFE4303: All versions

QFE4305: All versions

QFE4308: All versions

QFE4309: All versions

QFE4320: All versions

QFE4373FC: All versions

QFS2530: All versions

QFS2580: All versions

QFS2608: All versions

QFS2630: All versions

QLN4642: All versions

QLN4650: All versions

QLN5020: All versions

QLN5030: All versions

QLN5040: All versions

QPA2625: All versions

QPA4360: All versions

QPA4361: All versions

QPA5461: All versions

QPA5580: All versions

QPA5581: All versions

QPA6560: All versions

QPA8673: All versions

QPA8686: All versions

QPA8801: All versions

QPA8802: All versions

QPA8803: All versions

QPA8821: All versions

QPA8842: All versions

QPM4621: All versions

QPM4630: All versions

QPM4640: All versions

QPM4641: All versions

QPM4650: All versions

QPM5621: All versions

QPM5641: All versions

QPM5658: All versions

QPM5670: All versions

QPM5677: All versions

QPM5679: All versions

QPM5870: All versions

QPM5875: All versions

QPM6582: All versions

QPM6585: All versions

QPM6621: All versions

QPM6670: All versions

QPM8820: All versions

QPM8830: All versions

QPM8870: All versions

QPM8895: All versions

QSM7250: All versions

QSW6310: All versions

QSW8573: All versions

QSW8574: All versions

QTC800H: All versions

QTC801S: All versions

QTM525: All versions

Qualcomm215: All versions

SD429: All versions

SD439: All versions

SD632: All versions

SD665: All versions

SD765: All versions

SD765G: All versions

SD768G: All versions

SD855: All versions

SD8655G: All versions

SD870: All versions

SD8885G: All versions

SDR660: All versions

SDR735: All versions

SDR735G: All versions

SDR8150: All versions

SDR8250: All versions

SDR865: All versions

SDX55: All versions

SDX55M: All versions

SDXR25G: All versions

SM7250P: All versions

SM7350: All versions

SMB1355: All versions

SMB1358: All versions

SMB1381: All versions

SMB1390: All versions

SMB1394: All versions

SMB1395: All versions

SMB1396: All versions

SMB1398: All versions

SMR525: All versions

SMR526: All versions

SMR545: All versions

SMR546: All versions

WCD9326: All versions

WCD9341: All versions

WCD9370: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCN3615: All versions

WCN3660B: All versions

WCN3680: All versions

WCN3680B: All versions

WCN3950: All versions

WCN3980: All versions

WCN3988: All versions

WCN3990: All versions

WCN3991: All versions

WCN3998: All versions

WCN6740: All versions

WCN6850: All versions

WCN6851: All versions

WCN6856: All versions

WGR7640: All versions

WSA8810: All versions

WSA8815: All versions

WSA8830: All versions

WSA8835: All versions

WTR2955: All versions

WTR2965: All versions

WTR3925: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin
http://source.codeaurora.org/quic/le/platform/hardware/qcom/gps/commit/?id=a06bbe8aa633e00c195866a8416ac9181c1fb652

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Buffer overflow

EUVDB-ID: #VU51886

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11210

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error in RPM region due to improper XPU configuration. A malicious application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AR8035: All versions

PM4125: All versions

PM4250: All versions

PM6125: All versions

PM6150A: All versions

PM6150L: All versions

PM6350: All versions

PM7250B: All versions

PM8008: All versions

PMD9655: All versions

PMI632: All versions

PMK8003: All versions

QAT3519: All versions

QAT3522: All versions

QAT3555: All versions

QAT5515: All versions

QAT5516: All versions

QCA6390: All versions

QCA9984: All versions

QCM2290: All versions

QCM4290: All versions

QCS2290: All versions

QCS405: All versions

QCS4290: All versions

QDM2301: All versions

QDM2302: All versions

QET4101: All versions

QET6105: All versions

QPA4360: All versions

QPA4361: All versions

QPA6560: All versions

QPA8673: All versions

QSW6310: All versions

QSW8573: All versions

QSW8574: All versions

QTC410S: All versions

QTM525: All versions

SD460: All versions

SD480: All versions

SD662: All versions

SD665: All versions

SDR425: All versions

SDR660: All versions

SDR735: All versions

SDR735G: All versions

SM4125: All versions

SMB1351: All versions

SMB1354: All versions

SMB1355: All versions

SMB1396: All versions

SMR526: All versions

WCD9370: All versions

WCD9375: All versions

WCD9385: All versions

WCN3910: All versions

WCN3950: All versions

WCN3980: All versions

WCN3988: All versions

WCN3991: All versions

WCN3998: All versions

WCN3999: All versions

WCN6850: All versions

WGR7640: All versions

WSA8810: All versions

WSA8815: All versions

WTR2965: All versions

WTR3925: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU51887

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11191

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing SDP packets in Data Modem. A remote attacker can send specially crafted SDP packets to the system, trigger out-of-bounds read error and read contents of memory on the system or crash it.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8009W: All versions

APQ8017: All versions

APQ8037: All versions

APQ8053: All versions

APQ8084: All versions

APQ8096AU: All versions

AQT1000: All versions

AR6003: All versions

AR8035: All versions

AR8151: All versions

CSR6030: All versions

CSR8811: All versions

CSRB31024: All versions

IPQ6000: All versions

IPQ6005: All versions

IPQ6010: All versions

IPQ6018: All versions

IPQ6028: All versions

IPQ8070A: All versions

IPQ8071A: All versions

IPQ8072A: All versions

IPQ8074: All versions

IPQ8074A: All versions

IPQ8076: All versions

IPQ8076A: All versions

IPQ8078: All versions

IPQ8078A: All versions

IPQ8173: All versions

IPQ8174: All versions

MDM8207: All versions

MDM8215: All versions

MDM8215M: All versions

MDM8615M: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9207: All versions

MDM9215: All versions

MDM9230: All versions

MDM9250: All versions

MDM9310: All versions

MDM9330: All versions

MDM9607: All versions

MDM9615: All versions

MDM9628: All versions

MDM9630: All versions

MDM9635M: All versions

MDM9640: All versions

MDM9645: All versions

MDM9650: All versions

MDM9655: All versions

MSM8108: All versions

MSM8208: All versions

MSM8209: All versions

MSM8608: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8976: All versions

MSM8976SG: All versions

MSM8996AU: All versions

PM215: All versions

PM3003A: All versions

PM4125: All versions

PM4250: All versions

PM439: All versions

PM456: All versions

PM6125: All versions

PM6150: All versions

PM6150A: All versions

PM6150L: All versions

PM6250: All versions

PM640A: All versions

PM640L: All versions

PM640P: All versions

PM660: All versions

PM660A: All versions

PM660L: All versions

PM670: All versions

PM670L: All versions

PM7150A: All versions

PM7150L: All versions

PM7250: All versions

PM7250B: All versions

PM8004: All versions

PM8005: All versions

PM8008: All versions

PM8009: All versions

PM8018: All versions

PM8150: All versions

PM8150A: All versions

PM8150B: All versions

PM8150C: All versions

PM8150L: All versions

PM8250: All versions

PM8350: All versions

PM8350B: All versions

PM8350BH: All versions

PM8350C: All versions

PM855: All versions

PM855A: All versions

PM855B: All versions

PM855L: All versions

PM855P: All versions

PM8909: All versions

PM8916: All versions

PM8937: All versions

PM8940: All versions

PM8952: All versions

PM8953: All versions

PM8956: All versions

PM8998: All versions

PMC1000H: All versions

PMD9607: All versions

PMD9635: All versions

PMD9645: All versions

PMD9655: All versions

PMD9655AU: All versions

PME605: All versions

PMI632: All versions

PMI8937: All versions

PMI8940: All versions

PMI8952: All versions

PMI8998: All versions

PMK8002: All versions

PMK8350: All versions

PMM855AU: All versions

PMM8996AU: All versions

PMP8074: All versions

PMR525: All versions

PMR735A: All versions

PMR735B: All versions

PMW3100: All versions

PMX20: All versions

PMX24: All versions

PMX50: All versions

PMX55: All versions

QAT3514: All versions

QAT3516: All versions

QAT3518: All versions

QAT3519: All versions

QAT3522: All versions

QAT3550: All versions

QAT3555: All versions

QAT5515: All versions

QAT5516: All versions

QAT5522: All versions

QAT5533: All versions

QAT5568: All versions

QBT1000: All versions

QBT1500: All versions

QBT2000: All versions

QCA1990: All versions

QCA2066: All versions

QCA4004: All versions

QCA4020: All versions

QCA4024: All versions

QCA6174: All versions

QCA6174A: All versions

QCA6310: All versions

QCA6320: All versions

QCA6335: All versions

QCA6390: All versions

QCA6391: All versions

QCA6420: All versions

QCA6421: All versions

QCA6426: All versions

QCA6430: All versions

QCA6431: All versions

QCA6436: All versions

QCA6564A: All versions

QCA6564AU: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6584: All versions

QCA6584AU: All versions

QCA6595: All versions

QCA6595AU: All versions

QCA6694: All versions

QCA6694AU: All versions

QCA6696: All versions

QCA8072: All versions

QCA8075: All versions

QCA8081: All versions

QCA8337: All versions

QCA9367: All versions

QCA9377: All versions

QCA9379: All versions

QCA9889: All versions

QCC1110: All versions

QCM2290: All versions

QCM4290: All versions

QCM6125: All versions

QCN5021: All versions

QCN5022: All versions

QCN5024: All versions

QCN5052: All versions

QCN5054: All versions

QCN5121: All versions

QCN5122: All versions

QCN5124: All versions

QCN5152: All versions

QCN5154: All versions

QCN5164: All versions

QCN5550: All versions

QCN9000: All versions

QCN9074: All versions

QCS2290: All versions

QCS410: All versions

QCS4290: All versions

QCS603: All versions

QCS605: All versions

QCS610: All versions

QCS6125: All versions

QDM2301: All versions

QDM2302: All versions

QDM2305: All versions

QDM2307: All versions

QDM2308: All versions

QDM2310: All versions

QDM3301: All versions

QDM4643: All versions

QDM4650: All versions

QDM5620: All versions

QDM5621: All versions

QDM5650: All versions

QDM5652: All versions

QDM5670: All versions

QDM5671: All versions

QDM5677: All versions

QDM5679: All versions

QET4100: All versions

QET4101: All versions

QET4200AQ: All versions

QET5100: All versions

QET5100M: All versions

QET6100: All versions

QET6110: All versions

QFE1035: All versions

QFE1040: All versions

QFE1045: All versions

QFE2080FC: All versions

QFE2081FC: All versions

QFE2082FC: All versions

QFE2101: All versions

QFE2340: All versions

QFE2520: All versions

QFE2550: All versions

QFE3100: All versions

QFE3320: All versions

QFE3335: All versions

QFE3340: All versions

QFE3345: All versions

QFE3440FC: All versions

QFE4301: All versions

QFE4302: All versions

QFE4303: All versions

QFE4305: All versions

QFE4308: All versions

QFE4309: All versions

QFE4320: All versions

QFE4373FC: All versions

QFE4455FC: All versions

QFE4465FC: All versions

QFS2530: All versions

QFS2580: All versions

QFS2608: All versions

QFS2630: All versions

QLN1020: All versions

QLN1021AQ: All versions

QLN1030: All versions

QLN1031: All versions

QLN1035BD: All versions

QLN1036AQ: All versions

QLN4640: All versions

QLN4642: All versions

QLN4650: All versions

QLN5020: All versions

QLN5030: All versions

QLN5040: All versions

QPA2625: All versions

QPA4340: All versions

QPA4360: All versions

QPA4361: All versions

QPA5373: All versions

QPA5460: All versions

QPA5461: All versions

QPA5580: All versions

QPA5581: All versions

QPA6560: All versions

QPA8673: All versions

QPA8675: All versions

QPA8686: All versions

QPA8801: All versions

QPA8802: All versions

QPA8803: All versions

QPA8821: All versions

QPA8842: All versions

QPM2630: All versions

QPM4621: All versions

QPM4630: All versions

QPM4640: All versions

QPM4641: All versions

QPM4650: All versions

QPM5541: All versions

QPM5577: All versions

QPM5579: All versions

QPM5621: All versions

QPM5641: All versions

QPM5658: All versions

QPM5670: All versions

QPM5677: All versions

QPM5679: All versions

QPM5870: All versions

QPM5875: All versions

QPM6325: All versions

QPM6375: All versions

QPM6582: All versions

QPM6585: All versions

QPM6621: All versions

QPM6670: All versions

QPM8820: All versions

QPM8830: All versions

QPM8870: All versions

QPM8895: All versions

QSM7250: All versions

QSM8350: All versions

QSW6310: All versions

QSW8573: All versions

QSW8574: All versions

QTC410S: All versions

QTC800H: All versions

QTC800S: All versions

QTC800T: All versions

QTC801S: All versions

QTM525: All versions

QTM527: All versions

Qualcomm215: All versions

RGR7640AU: All versions

RSW8577: All versions

SA415M: All versions

SA515M: All versions

SA8155: All versions

SA8155P: All versions

SC8180X+SDX55: All versions

SD455: All versions

SD636: All versions

SD675: All versions

SD8C: All versions

SD8CX: All versions

SD205: All versions

SD210: All versions

SD429: All versions

SD439: All versions

SD450: All versions

SD460: All versions

SD632: All versions

SD660: All versions

SD662: All versions

SD665: All versions

SD670: All versions

SD678: All versions

SD710: All versions

SD712: All versions

SD720G: All versions

SD730: All versions

SD765: All versions

SD765G: All versions

SD768G: All versions

SD835: All versions

SD845: All versions

SD850: All versions

SD855: All versions

SD8655G: All versions

SD870: All versions

SD8885G: All versions

SDA429W: All versions

SDM429W: All versions

SDM630: All versions

SDR051: All versions

SDR052: All versions

SDR105: All versions

SDR425: All versions

SDR660: All versions

SDR660G: All versions

SDR675: All versions

SDR735: All versions

SDR735G: All versions

SDR8150: All versions

SDR8250: All versions

SDR845: All versions

SDR865: All versions

SDW2500: All versions

SDW3100: All versions

SDX20: All versions

SDX24: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SDXR1: All versions

SDXR25G: All versions

SM4125: All versions

SM6250: All versions

SM6250P: All versions

SM7250P: All versions

SMB1351: All versions

SMB1354: All versions

SMB1355: All versions

SMB1357: All versions

SMB1358: All versions

SMB1360: All versions

SMB1380: All versions

SMB1381: All versions

SMB1390: All versions

SMB1395: All versions

SMB1398: All versions

SMB231: All versions

SMB2351: All versions

SMB358: All versions

SMB358S: All versions

SMR525: All versions

SMR526: All versions

SMR545: All versions

SMR546: All versions

WCD9306: All versions

WCD9326: All versions

WCD9330: All versions

WCD9335: All versions

WCD9340: All versions

WCD9341: All versions

WCD9360: All versions

WCD9370: All versions

WCD9371: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCN3610: All versions

WCN3615: All versions

WCN3620: All versions

WCN3660: All versions

WCN3660B: All versions

WCN3680: All versions

WCN3680B: All versions

WCN3910: All versions

WCN3950: All versions

WCN3980: All versions

WCN3988: All versions

WCN3990: All versions

WCN3991: All versions

WCN3998: All versions

WCN6750: All versions

WCN6850: All versions

WCN6851: All versions

WCN6855: All versions

WCN6856: All versions

WGR7640: All versions

WHS9410: All versions

WSA8810: All versions

WSA8815: All versions

WSA8830: All versions

WSA8835: All versions

WTR1605: All versions

WTR1605L: All versions

WTR2955: All versions

WTR2965: All versions

WTR3905: All versions

WTR3925: All versions

WTR4605: All versions

WTR4905: All versions

WTR5975: All versions

WTR6955: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU51888

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11236

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to invalid value of total dimension in the non-histogram type KPI in Modem. A malicious application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CSRB31024: All versions

PM3003A: All versions

PM6150A: All versions

PM6150L: All versions

PM6350: All versions

PM7150A: All versions

PM7150L: All versions

PM7250: All versions

PM7250B: All versions

PM8008: All versions

PM8009: All versions

PM8150A: All versions

PM8150B: All versions

PM8150C: All versions

PM8150L: All versions

PM8250: All versions

PM8350: All versions

PM8350B: All versions

PM8350BH: All versions

PM8350C: All versions

PM855: All versions

PM855B: All versions

PM855L: All versions

PMK8002: All versions

PMK8003: All versions

PMK8350: All versions

PMR525: All versions

PMR735A: All versions

PMR735B: All versions

PMX24: All versions

PMX55: All versions

PMX60: All versions

QAT3516: All versions

QAT3518: All versions

QAT3519: All versions

QAT3555: All versions

QAT5515: All versions

QAT5516: All versions

QAT5522: All versions

QAT5533: All versions

QAT5568: All versions

QBT2000: All versions

QCA6390: All versions

QCA6391: All versions

QCA6421: All versions

QCA6426: All versions

QCA6431: All versions

QCA6436: All versions

QCA6564AU: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6584AU: All versions

QCA6595AU: All versions

QCA6696: All versions

QCA8337: All versions

QDM2301: All versions

QDM2305: All versions

QDM2307: All versions

QDM2308: All versions

QDM2310: All versions

QDM3301: All versions

QDM4643: All versions

QDM4650: All versions

QDM5620: All versions

QDM5621: All versions

QDM5650: All versions

QDM5652: All versions

QDM5670: All versions

QDM5671: All versions

QDM5677: All versions

QDM5679: All versions

QET4101: All versions

QET5100: All versions

QET5100M: All versions

QET6100: All versions

QET6110: All versions

QFS2530: All versions

QFS2580: All versions

QFS2608: All versions

QFS2630: All versions

QLN1021AQ: All versions

QLN1031: All versions

QLN1036AQ: All versions

QLN4642: All versions

QLN4650: All versions

QLN5020: All versions

QLN5030: All versions

QLN5040: All versions

QPA2625: All versions

QPA5461: All versions

QPA5580: All versions

QPA5581: All versions

QPA6560: All versions

QPA8673: All versions

QPA8686: All versions

QPA8801: All versions

QPA8802: All versions

QPA8803: All versions

QPA8821: All versions

QPA8842: All versions

QPM4621: All versions

QPM4630: All versions

QPM4640: All versions

QPM4641: All versions

QPM4650: All versions

QPM5620: All versions

QPM5621: All versions

QPM5641: All versions

QPM5657: All versions

QPM5658: All versions

QPM5670: All versions

QPM5677: All versions

QPM5679: All versions

QPM5870: All versions

QPM5875: All versions

QPM6582: All versions

QPM6585: All versions

QPM6621: All versions

QPM6670: All versions

QPM8820: All versions

QPM8830: All versions

QPM8870: All versions

QPM8895: All versions

QSM7250: All versions

QTC800H: All versions

QTC801S: All versions

QTM525: All versions

QTM527: All versions

SA415M: All versions

SD480: All versions

SD6905G: All versions

SD750G: All versions

SD765: All versions

SD765G: All versions

SD768G: All versions

SD855: All versions

SD8655G: All versions

SD870: All versions

SD8885G: All versions

SDR735: All versions

SDR735G: All versions

SDR8150: All versions

SDR8250: All versions

SDR865: All versions

SDX55: All versions

SDX55M: All versions

SDXR25G: All versions

SM7250P: All versions

SMB1355: All versions

SMB1381: All versions

SMB1390: All versions

SMB1395: All versions

SMB1396: All versions

SMB1398: All versions

SMR525: All versions

SMR526: All versions

WCD9341: All versions

WCD9370: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCN3988: All versions

WCN3991: All versions

WCN3998: All versions

WCN6850: All versions

WCN6851: All versions

WSA8810: All versions

WSA8815: All versions

WSA8830: All versions

WSA8835: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Buffer overflow

EUVDB-ID: #VU51889

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11237

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in Modem when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it. A malicious application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

CSRB31024: All versions

PM3003A: All versions

PM456: All versions

PM6150: All versions

PM6150A: All versions

PM6150L: All versions

PM6250: All versions

PM6350: All versions

PM7150A: All versions

PM7150L: All versions

PM7250: All versions

PM7250B: All versions

PM8008: All versions

PM8009: All versions

PM8150A: All versions

PM8150B: All versions

PM8150C: All versions

PM8150L: All versions

PM8250: All versions

PM855: All versions

PM855B: All versions

PM855L: All versions

PMI632: All versions

PMK8002: All versions

PMK8003: All versions

PMR525: All versions

PMR735A: All versions

PMR735B: All versions

PMX24: All versions

PMX55: All versions

QAT3516: All versions

QAT3518: All versions

QAT3519: All versions

QAT3555: All versions

QAT5515: All versions

QAT5516: All versions

QAT5522: All versions

QAT5533: All versions

QBT1500: All versions

QBT2000: All versions

QCA6390: All versions

QCA6391: All versions

QCA6421: All versions

QCA6426: All versions

QCA6431: All versions

QCA6436: All versions

QCA6564AU: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6584AU: All versions

QCA6595AU: All versions

QCA6696: All versions

QCA8337: All versions

QDM2301: All versions

QDM2305: All versions

QDM2307: All versions

QDM2308: All versions

QDM2310: All versions

QDM3301: All versions

QDM5620: All versions

QDM5621: All versions

QDM5650: All versions

QDM5652: All versions

QDM5670: All versions

QDM5671: All versions

QDM5677: All versions

QDM5679: All versions

QET4100: All versions

QET4101: All versions

QET5100: All versions

QET6100: All versions

QET6110: All versions

QFS2530: All versions

QFS2580: All versions

QLN1021AQ: All versions

QLN1031: All versions

QLN1036AQ: All versions

QLN4640: All versions

QLN4642: All versions

QLN4650: All versions

QLN5020: All versions

QLN5030: All versions

QLN5040: All versions

QPA2625: All versions

QPA5580: All versions

QPA5581: All versions

QPA6560: All versions

QPA8673: All versions

QPA8675: All versions

QPA8686: All versions

QPA8801: All versions

QPA8802: All versions

QPA8803: All versions

QPA8821: All versions

QPA8842: All versions

QPM4650: All versions

QPM5620: All versions

QPM5621: All versions

QPM5657: All versions

QPM5658: All versions

QPM5670: All versions

QPM5677: All versions

QPM5679: All versions

QPM6582: All versions

QPM6585: All versions

QPM8820: All versions

QPM8830: All versions

QPM8870: All versions

QPM8895: All versions

QSM7250: All versions

QTC800H: All versions

QTC801S: All versions

QTM525: All versions

QTM527: All versions

SA415M: All versions

SD675: All versions

SD480: All versions

SD678: All versions

SD6905G: All versions

SD720G: All versions

SD730: All versions

SD750G: All versions

SD765: All versions

SD765G: All versions

SD768G: All versions

SD855: All versions

SD8655G: All versions

SD870: All versions

SDR660: All versions

SDR675: All versions

SDR735: All versions

SDR735G: All versions

SDR8150: All versions

SDR8250: All versions

SDR865: All versions

SDX55: All versions

SDX55M: All versions

SDXR25G: All versions

SM6250: All versions

SM6250P: All versions

SM7250P: All versions

SMB1355: All versions

SMB1381: All versions

SMB1390: All versions

SMB1395: All versions

SMB1396: All versions

SMR525: All versions

SMR526: All versions

WCD9341: All versions

WCD9370: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCN3950: All versions

WCN3980: All versions

WCN3988: All versions

WCN3990: All versions

WCN3991: All versions

WCN3998: All versions

WCN6850: All versions

WCN6851: All versions

WSA8810: All versions

WSA8815: All versions

WSA8830: All versions

WSA8835: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use of Out-of-range Pointer Offset

EUVDB-ID: #VU51890

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11242

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect argument into address range validation api used in SDI to capture requested contents. A local user can gain access to secure memory and elevate privileges on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

PM660: All versions

PM660A: All versions

PM660L: All versions

PM855A: All versions

PMM855AU: All versions

QAT3514: All versions

QAT3522: All versions

QAT3550: All versions

QCA6564A: All versions

QCA6564AU: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6595: All versions

QCA6595AU: All versions

QET4100: All versions

QET4101: All versions

QET4200AQ: All versions

QLN1021AQ: All versions

QLN1031: All versions

QLN1036AQ: All versions

QPA4340: All versions

QPA4360: All versions

QPA5460: All versions

QTC800H: All versions

QTC800S: All versions

RSW8577: All versions

SD455: All versions

SD636: All versions

SD660: All versions

SDM630: All versions

SDR660: All versions

SMB1351: All versions

WCD9335: All versions

WCD9340: All versions

WCD9341: All versions

WCN3950: All versions

WCN3980: All versions

WCN3990: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Detection of Error Condition Without Action

EUVDB-ID: #VU51891

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11243

CWE-ID: N/A

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists in LTE module due to RRC sends a connection establishment success to NAS even though connection setup validation returns failure. A remote attacker can perform a denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AQT1000: All versions

AR8035: All versions

FSM10055: All versions

FSM10056: All versions

PM3003A: All versions

PM7150A: All versions

PM7150L: All versions

PM7250: All versions

PM7250B: All versions

PM8004: All versions

PM8008: All versions

PM8009: All versions

PM8150: All versions

PM8150A: All versions

PM8150B: All versions

PM8150C: All versions

PM8150L: All versions

PM8250: All versions

PM855: All versions

PM855B: All versions

PM855L: All versions

PM855P: All versions

PMC1000H: All versions

PMK8002: All versions

PMR525: All versions

PMX50: All versions

PMX55: All versions

QAT3516: All versions

QAT3518: All versions

QAT3519: All versions

QAT3555: All versions

QAT5515: All versions

QAT5522: All versions

QAT5533: All versions

QBT2000: All versions

QCA6390: All versions

QCA6391: All versions

QCA6420: All versions

QCA6421: All versions

QCA6426: All versions

QCA6430: All versions

QCA6431: All versions

QCA6436: All versions

QCA6595AU: All versions

QCA6696: All versions

QCA8337: All versions

QDM2301: All versions

QDM2305: All versions

QDM3301: All versions

QDM5620: All versions

QDM5621: All versions

QDM5650: All versions

QDM5652: All versions

QDM5670: All versions

QDM5671: All versions

QDM5677: All versions

QDM5679: All versions

QET4101: All versions

QET5100: All versions

QET6110: All versions

QFS2530: All versions

QFS2580: All versions

QLN4642: All versions

QLN4650: All versions

QLN5020: All versions

QLN5030: All versions

QLN5040: All versions

QPA2625: All versions

QPA5580: All versions

QPA6560: All versions

QPA8673: All versions

QPA8686: All versions

QPA8801: All versions

QPA8802: All versions

QPA8803: All versions

QPA8821: All versions

QPA8842: All versions

QPM4650: All versions

QPM5541: All versions

QPM5577: All versions

QPM5579: All versions

QPM5620: All versions

QPM5621: All versions

QPM5657: All versions

QPM5658: All versions

QPM5670: All versions

QPM5677: All versions

QPM5679: All versions

QPM6325: All versions

QPM6375: All versions

QPM6582: All versions

QPM6585: All versions

QPM8820: All versions

QPM8830: All versions

QPM8895: All versions

QSM7250: All versions

QTC800H: All versions

QTC801S: All versions

QTM525: All versions

QTM527: All versions

SA515M: All versions

SD8C: All versions

SD8CX: All versions

SD765: All versions

SD765G: All versions

SD768G: All versions

SD855: All versions

SD8655G: All versions

SD870: All versions

SDR051: All versions

SDR052: All versions

SDR8150: All versions

SDR8250: All versions

SDR865: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SDXR25G: All versions

SM7250P: All versions

SMB1355: All versions

SMB1381: All versions

SMB1390: All versions

SMB1395: All versions

SMB2351: All versions

SMR525: All versions

SMR526: All versions

WCD9340: All versions

WCD9341: All versions

WCD9380: All versions

WCD9385: All versions

WCN3991: All versions

WCN3998: All versions

WCN6750: All versions

WCN6850: All versions

WCN6851: All versions

WSA8810: All versions

WSA8815: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Integer overflow

EUVDB-ID: #VU51892

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11245

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system

The vulnerability exists due to unintended reads and writes by NS EL2 in access control driver. A malicious application can trigger integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AQT1000: All versions

AR8035: All versions

PM3003A: All versions

PM4125: All versions

PM4250: All versions

PM6125: All versions

PM6150: All versions

PM6150A: All versions

PM6150L: All versions

PM6350: All versions

PM640A: All versions

PM640L: All versions

PM640P: All versions

PM7150A: All versions

PM7150L: All versions

PM7250: All versions

PM7250B: All versions

PM8004: All versions

PM8005: All versions

PM8008: All versions

PM8009: All versions

PM8150A: All versions

PM8150B: All versions

PM8150C: All versions

PM8150L: All versions

PM8250: All versions

PM8350: All versions

PM855: All versions

PM855B: All versions

PM855L: All versions

PM855P: All versions

PM8998: All versions

PMD9655: All versions

PMI632: All versions

PMI8998: All versions

PMK8002: All versions

PMK8003: All versions

PMM8195AU: All versions

PMM855AU: All versions

PMR525: All versions

PMR735A: All versions

PMR735B: All versions

PMX24: All versions

PMX55: All versions

QAT3516: All versions

QAT3518: All versions

QAT3519: All versions

QAT3522: All versions

QAT3550: All versions

QAT3555: All versions

QAT5515: All versions

QAT5516: All versions

QAT5522: All versions

QAT5533: All versions

QBT1500: All versions

QBT2000: All versions

QCA6390: All versions

QCA6391: All versions

QCA6420: All versions

QCA6421: All versions

QCA6426: All versions

QCA6430: All versions

QCA6431: All versions

QCA6436: All versions

QCA6574AU: All versions

QCA6595: All versions

QCA9984: All versions

QCM2290: All versions

QCM4290: All versions

QCS2290: All versions

QCS405: All versions

QCS4290: All versions

QDM2301: All versions

QDM2305: All versions

QDM2307: All versions

QDM2308: All versions

QDM2310: All versions

QDM3301: All versions

QDM5620: All versions

QDM5621: All versions

QDM5650: All versions

QDM5652: All versions

QDM5670: All versions

QDM5671: All versions

QDM5677: All versions

QDM5679: All versions

QET4101: All versions

QET5100: All versions

QET6100: All versions

QET6105: All versions

QET6110: All versions

QFS2530: All versions

QFS2580: All versions

QLN4642: All versions

QLN4650: All versions

QLN5020: All versions

QLN5030: All versions

QLN5040: All versions

QPA2625: All versions

QPA4360: All versions

QPA5460: All versions

QPA5580: All versions

QPA5581: All versions

QPA6560: All versions

QPA8673: All versions

QPA8686: All versions

QPA8801: All versions

QPA8802: All versions

QPA8803: All versions

QPA8821: All versions

QPA8842: All versions

QPM4650: All versions

QPM5620: All versions

QPM5621: All versions

QPM5657: All versions

QPM5658: All versions

QPM5670: All versions

QPM5677: All versions

QPM5679: All versions

QPM6582: All versions

QPM6585: All versions

QPM8820: All versions

QPM8830: All versions

QPM8870: All versions

QPM8895: All versions

QSM7250: All versions

QSM8250: All versions

QSW8574: All versions

QTC410S: All versions

QTC800H: All versions

QTC800S: All versions

QTC801S: All versions

QTM525: All versions

SA6155P: All versions

SA8195P: All versions

SD8C: All versions

SD8CX: All versions

SD460: All versions

SD480: All versions

SD662: All versions

SD675: All versions

SD6905G: All versions

SD750G: All versions

SD765: All versions

SD765G: All versions

SD768G: All versions

SD855: All versions

SD8655G: All versions

SD870: All versions

SD8885G: All versions

SDM830: All versions

SDR425: All versions

SDR660: All versions

SDR660G: All versions

SDR735: All versions

SDR735G: All versions

SDR8150: All versions

SDR8250: All versions

SDR865: All versions

SDX24: All versions

SDX55: All versions

SDX55M: All versions

SDXR25G: All versions

SM4125: All versions

SM7250P: All versions

SMB1351: All versions

SMB1354: All versions

SMB1355: All versions

SMB1390: All versions

SMB1395: All versions

SMB1396: All versions

SMR525: All versions

SMR526: All versions

SMR545: All versions

SMR546: All versions

WCD9340: All versions

WCD9341: All versions

WCD9360: All versions

WCD9370: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCN3910: All versions

WCN3950: All versions

WCN3980: All versions

WCN3988: All versions

WCN3990: All versions

WCN3991: All versions

WCN3998: All versions

WCN3999: All versions

WCN6750: All versions

WCN6850: All versions

WCN6851: All versions

WGR7640: All versions

WHS9410: All versions

WSA8810: All versions

WSA8815: All versions

WSA8830: All versions

WSA8835: All versions

WTR2965: All versions

WTR3925: All versions

WTR5975: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU51893

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11247

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition while unpacking data in Data Modem. A remote attacker can send specially crafted packets to the system, trigger out-of-bounds read error and read contents of memory on the system or crash it.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8009W: All versions

APQ8017: All versions

APQ8037: All versions

APQ8053: All versions

APQ8084: All versions

APQ8096AU: All versions

AQT1000: All versions

AR6003: All versions

AR8035: All versions

AR8151: All versions

CSR6030: All versions

CSRB31024: All versions

MDM8207: All versions

MDM8215: All versions

MDM8215M: All versions

MDM8615M: All versions

MDM9150: All versions

MDM9206: All versions

MDM9207: All versions

MDM9215: All versions

MDM9230: All versions

MDM9250: All versions

MDM9310: All versions

MDM9330: All versions

MDM9607: All versions

MDM9615: All versions

MDM9615M: All versions

MDM9628: All versions

MDM9630: All versions

MDM9635M: All versions

MDM9640: All versions

MDM9645: All versions

MDM9650: All versions

MDM9655: All versions

MSM8108: All versions

MSM8208: All versions

MSM8209: All versions

MSM8608: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8976: All versions

MSM8976SG: All versions

MSM8996AU: All versions

PM215: All versions

PM3003A: All versions

PM4125: All versions

PM4250: All versions

PM439: All versions

PM456: All versions

PM6125: All versions

PM6150: All versions

PM6150A: All versions

PM6150L: All versions

PM6250: All versions

PM640A: All versions

PM640L: All versions

PM640P: All versions

PM660: All versions

PM660A: All versions

PM660L: All versions

PM670: All versions

PM670L: All versions

PM7150A: All versions

PM7150L: All versions

PM7250: All versions

PM7250B: All versions

PM8004: All versions

PM8005: All versions

PM8008: All versions

PM8009: All versions

PM8018: All versions

PM8150: All versions

PM8150A: All versions

PM8150B: All versions

PM8150C: All versions

PM8150L: All versions

PM8250: All versions

PM855: All versions

PM855A: All versions

PM855B: All versions

PM855L: All versions

PM855P: All versions

PM8909: All versions

PM8916: All versions

PM8937: All versions

PM8940: All versions

PM8952: All versions

PM8953: All versions

PM8956: All versions

PM8996: All versions

PM8998: All versions

PMC1000H: All versions

PMD9607: All versions

PMD9635: All versions

PMD9645: All versions

PMD9655: All versions

PMD9655AU: All versions

PME605: All versions

PMI632: All versions

PMI8937: All versions

PMI8940: All versions

PMI8952: All versions

PMI8994: All versions

PMI8996: All versions

PMI8998: All versions

PMK8001: All versions

PMK8002: All versions

PMM855AU: All versions

PMM8996AU: All versions

PMR525: All versions

PMR735A: All versions

PMW3100: All versions

PMX24: All versions

PMX50: All versions

PMX55: All versions

QAT3514: All versions

QAT3516: All versions

QAT3518: All versions

QAT3519: All versions

QAT3522: All versions

QAT3550: All versions

QAT3555: All versions

QAT5515: All versions

QAT5516: All versions

QAT5522: All versions

QAT5533: All versions

QBT1000: All versions

QBT1500: All versions

QBT2000: All versions

QCA4020: All versions

QCA6174: All versions

QCA6174A: All versions

QCA6310: All versions

QCA6320: All versions

QCA6335: All versions

QCA6390: All versions

QCA6391: All versions

QCA6420: All versions

QCA6421: All versions

QCA6426: All versions

QCA6430: All versions

QCA6431: All versions

QCA6436: All versions

QCA6564A: All versions

QCA6564AU: All versions

QCA6574: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6584: All versions

QCA6584AU: All versions

QCA6595: All versions

QCA6595AU: All versions

QCA6694: All versions

QCA6694AU: All versions

QCA6696: All versions

QCA8337: All versions

QCA9367: All versions

QCA9377: All versions

QCA9379: All versions

QCC1110: All versions

QCC112: All versions

QCM2290: All versions

QCM4290: All versions

QCM6125: All versions

QCS2290: All versions

QCS410: All versions

QCS4290: All versions

QCS603: All versions

QCS605: All versions

QCS610: All versions

QCS6125: All versions

QDM2301: All versions

QDM2302: All versions

QDM2305: All versions

QDM2307: All versions

QDM2308: All versions

QDM2310: All versions

QDM3301: All versions

QDM5620: All versions

QDM5621: All versions

QDM5650: All versions

QDM5652: All versions

QDM5670: All versions

QDM5671: All versions

QDM5677: All versions

QDM5679: All versions

QET4100: All versions

QET4101: All versions

QET4200AQ: All versions

QET5100: All versions

QET5100M: All versions

QET6110: All versions

QFE1035: All versions

QFE1040: All versions

QFE1045: All versions

QFE2080FC: All versions

QFE2081FC: All versions

QFE2082FC: All versions

QFE2101: All versions

QFE2340: All versions

QFE2520: All versions

QFE2550: All versions

QFE3100: All versions

QFE3320: All versions

QFE3335: All versions

QFE3340: All versions

QFE3345: All versions

QFE3440FC: All versions

QFE4301: All versions

QFE4302: All versions

QFE4303: All versions

QFE4305: All versions

QFE4308: All versions

QFE4309: All versions

QFE4320: All versions

QFE4373FC: All versions

QFE4455FC: All versions

QFE4465FC: All versions

QFS2530: All versions

QFS2580: All versions

QLN1020: All versions

QLN1021AQ: All versions

QLN1030: All versions

QLN1031: All versions

QLN1035BD: All versions

QLN1036AQ: All versions

QLN4640: All versions

QLN4642: All versions

QLN4650: All versions

QLN5020: All versions

QLN5030: All versions

QLN5040: All versions

QPA2625: All versions

QPA4340: All versions

QPA4360: All versions

QPA4361: All versions

QPA5373: All versions

QPA5460: All versions

QPA5580: All versions

QPA6560: All versions

QPA8673: All versions

QPA8675: All versions

QPA8686: All versions

QPA8801: All versions

QPA8802: All versions

QPA8803: All versions

QPA8821: All versions

QPA8842: All versions

QPM2630: All versions

QPM4650: All versions

QPM5541: All versions

QPM5577: All versions

QPM5579: All versions

QPM5621: All versions

QPM5658: All versions

QPM5670: All versions

QPM5677: All versions

QPM5679: All versions

QPM6325: All versions

QPM6375: All versions

QPM6582: All versions

QPM6585: All versions

QPM8820: All versions

QPM8830: All versions

QPM8870: All versions

QPM8895: All versions

QSM7250: All versions

QSW6310: All versions

QSW8573: All versions

QSW8574: All versions

QTC410S: All versions

QTC800H: All versions

QTC800S: All versions

QTC800T: All versions

QTC801S: All versions

QTM525: All versions

QTM527: All versions

Qualcomm215: All versions

RGR7640AU: All versions

RSW8577: All versions

SA415M: All versions

SA515M: All versions

SA8155: All versions

SA8155P: All versions

SC8180X+SDX55: All versions

SD455: All versions

SD636: All versions

SD675: All versions

SD8C: All versions

SD8CX: All versions

SD205: All versions

SD210: All versions

SD429: All versions

SD439: All versions

SD450: All versions

SD460: All versions

SD632: All versions

SD660: All versions

SD662: All versions

SD665: All versions

SD670: All versions

SD678: All versions

SD710: All versions

SD712: All versions

SD720G: All versions

SD730: All versions

SD765: All versions

SD765G: All versions

SD768G: All versions

SD820: All versions

SD821: All versions

SD835: All versions

SD845: All versions

SD850: All versions

SD855: All versions

SD8655G: All versions

SD870: All versions

SDM630: All versions

SDR051: All versions

SDR052: All versions

SDR425: All versions

SDR660: All versions

SDR660G: All versions

SDR675: All versions

SDR8150: All versions

SDR8250: All versions

SDR845: All versions

SDR865: All versions

SDW2500: All versions

SDW3100: All versions

SDX24: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SDXR1: All versions

SDXR25G: All versions

SM4125: All versions

SM6250: All versions

SM6250P: All versions

SM7250P: All versions

SMB1350: All versions

SMB1351: All versions

SMB1354: All versions

SMB1355: All versions

SMB1358: All versions

SMB1360: All versions

SMB1380: All versions

SMB1381: All versions

SMB1390: All versions

SMB1395: All versions

SMB231: All versions

SMB2351: All versions

SMB358: All versions

SMB358S: All versions

SMR525: All versions

SMR526: All versions

WCD9306: All versions

WCD9326: All versions

WCD9330: All versions

WCD9335: All versions

WCD9340: All versions

WCD9341: All versions

WCD9360: All versions

WCD9370: All versions

WCD9371: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCN3610: All versions

WCN3615: All versions

WCN3620: All versions

WCN3660: All versions

WCN3660B: All versions

WCN3680: All versions

WCN3680B: All versions

WCN3910: All versions

WCN3950: All versions

WCN3980: All versions

WCN3988: All versions

WCN3990: All versions

WCN3991: All versions

WCN3998: All versions

WCN6750: All versions

WCN6850: All versions

WGR7640: All versions

WHS9410: All versions

WSA8810: All versions

WSA8815: All versions

WTR1605: All versions

WTR1605L: All versions

WTR2955: All versions

WTR2965: All versions

WTR3905: All versions

WTR3925: All versions

WTR3950: All versions

WTR4605: All versions

WTR4905: All versions

WTR5975: All versions

WTR6955: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Out-of-bounds read

EUVDB-ID: #VU51894

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11251

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing DTMF payload in Data Modem. A remote attacker can send specially crafted data to the system, trigger out-of-bounds read error and read contents of memory on the system or crash it.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8009W: All versions

APQ8017: All versions

APQ8037: All versions

APQ8053: All versions

APQ8096AU: All versions

AQT1000: All versions

AR6003: All versions

AR8151: All versions

CSR6030: All versions

CSRB31024: All versions

MDM8207: All versions

MDM8215: All versions

MDM8215M: All versions

MDM8615M: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9207: All versions

MDM9215: All versions

MDM9230: All versions

MDM9250: All versions

MDM9310: All versions

MDM9330: All versions

MDM9607: All versions

MDM9615: All versions

MDM9628: All versions

MDM9630: All versions

MDM9640: All versions

MDM9650: All versions

MDM9655: All versions

MSM8108: All versions

MSM8208: All versions

MSM8209: All versions

MSM8608: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8976: All versions

MSM8976SG: All versions

MSM8996AU: All versions

PM215: All versions

PM3003A: All versions

PM4125: All versions

PM4250: All versions

PM439: All versions

PM456: All versions

PM6125: All versions

PM6150: All versions

PM6150A: All versions

PM6150L: All versions

PM6250: All versions

PM640A: All versions

PM640L: All versions

PM640P: All versions

PM660: All versions

PM660A: All versions

PM660L: All versions

PM670: All versions

PM670L: All versions

PM7150A: All versions

PM7150L: All versions

PM7250: All versions

PM7250B: All versions

PM8004: All versions

PM8005: All versions

PM8008: All versions

PM8009: All versions

PM8018: All versions

PM8150: All versions

PM8150A: All versions

PM8150B: All versions

PM8150C: All versions

PM8150L: All versions

PM8250: All versions

PM855: All versions

PM855A: All versions

PM855B: All versions

PM855L: All versions

PM855P: All versions

PM8909: All versions

PM8916: All versions

PM8937: All versions

PM8940: All versions

PM8952: All versions

PM8953: All versions

PM8956: All versions

PM8996: All versions

PM8998: All versions

PMC1000H: All versions

PMD9607: All versions

PMD9635: All versions

PMD9645: All versions

PMD9655: All versions

PMD9655AU: All versions

PME605: All versions

PMI632: All versions

PMI8937: All versions

PMI8940: All versions

PMI8952: All versions

PMI8994: All versions

PMI8996: All versions

PMI8998: All versions

PMK8001: All versions

PMK8002: All versions

PMM855AU: All versions

PMM8996AU: All versions

PMR525: All versions

PMR735A: All versions

PMW3100: All versions

PMX20: All versions

PMX24: All versions

PMX50: All versions

PMX55: All versions

QAT3514: All versions

QAT3516: All versions

QAT3518: All versions

QAT3519: All versions

QAT3522: All versions

QAT3550: All versions

QAT3555: All versions

QAT5515: All versions

QAT5516: All versions

QAT5522: All versions

QAT5533: All versions

QBT1000: All versions

QBT1500: All versions

QBT2000: All versions

QCA4004: All versions

QCA4020: All versions

QCA6174: All versions

QCA6174A: All versions

QCA6310: All versions

QCA6320: All versions

QCA6335: All versions

QCA6390: All versions

QCA6391: All versions

QCA6420: All versions

QCA6421: All versions

QCA6426: All versions

QCA6430: All versions

QCA6431: All versions

QCA6436: All versions

QCA6564A: All versions

QCA6564AU: All versions

QCA6574: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6584: All versions

QCA6584AU: All versions

QCA6595: All versions

QCA6595AU: All versions

QCA6694: All versions

QCA6694AU: All versions

QCA6696: All versions

QCA8337: All versions

QCA9367: All versions

QCA9377: All versions

QCA9379: All versions

QCC1110: All versions

QCC112: All versions

QCM2290: All versions

QCM4290: All versions

QCM6125: All versions

QCS2290: All versions

QCS410: All versions

QCS4290: All versions

QCS603: All versions

QCS605: All versions

QCS610: All versions

QCS6125: All versions

QDM2301: All versions

QDM2302: All versions

QDM2305: All versions

QDM2307: All versions

QDM2308: All versions

QDM2310: All versions

QDM3301: All versions

QDM5620: All versions

QDM5621: All versions

QDM5650: All versions

QDM5652: All versions

QDM5670: All versions

QDM5671: All versions

QDM5677: All versions

QDM5679: All versions

QET4100: All versions

QET4101: All versions

QET4200AQ: All versions

QET5100: All versions

QET5100M: All versions

QET6110: All versions

QFE1035: All versions

QFE1040: All versions

QFE1045: All versions

QFE2080FC: All versions

QFE2081FC: All versions

QFE2082FC: All versions

QFE2101: All versions

QFE2340: All versions

QFE2520: All versions

QFE2550: All versions

QFE3100: All versions

QFE3320: All versions

QFE3335: All versions

QFE3340: All versions

QFE3345: All versions

QFE3440FC: All versions

QFE4301: All versions

QFE4302: All versions

QFE4303: All versions

QFE4305: All versions

QFE4308: All versions

QFE4309: All versions

QFE4320: All versions

QFE4373FC: All versions

QFE4455FC: All versions

QFE4465FC: All versions

QFS2530: All versions

QFS2580: All versions

QLN1020: All versions

QLN1021AQ: All versions

QLN1030: All versions

QLN1031: All versions

QLN1035BD: All versions

QLN1036AQ: All versions

QLN4640: All versions

QLN4642: All versions

QLN4650: All versions

QLN5020: All versions

QLN5030: All versions

QLN5040: All versions

QPA2625: All versions

QPA4340: All versions

QPA4360: All versions

QPA4361: All versions

QPA5373: All versions

QPA5460: All versions

QPA5580: All versions

QPA6560: All versions

QPA8673: All versions

QPA8675: All versions

QPA8686: All versions

QPA8801: All versions

QPA8802: All versions

QPA8803: All versions

QPA8821: All versions

QPA8842: All versions

QPM2630: All versions

QPM4650: All versions

QPM5621: All versions

QPM5658: All versions

QPM5670: All versions

QPM5677: All versions

QPM5679: All versions

QPM6582: All versions

QPM6585: All versions

QPM8820: All versions

QPM8830: All versions

QPM8870: All versions

QPM8895: All versions

QSM7250: All versions

QSW6310: All versions

QSW8573: All versions

QSW8574: All versions

QTC410S: All versions

QTC800H: All versions

QTC800S: All versions

QTC800T: All versions

QTC801S: All versions

QTM525: All versions

QTM527: All versions

Qualcomm215: All versions

RGR7640AU: All versions

RSW8577: All versions

SA415M: All versions

SA515M: All versions

SA8155: All versions

SA8155P: All versions

SC8180X+SDX55: All versions

SD455: All versions

SD636: All versions

SD675: All versions

SD8C: All versions

SD8CX: All versions

SD205: All versions

SD210: All versions

SD429: All versions

SD439: All versions

SD450: All versions

SD460: All versions

SD632: All versions

SD660: All versions

SD662: All versions

SD665: All versions

SD670: All versions

SD678: All versions

SD710: All versions

SD712: All versions

SD720G: All versions

SD730: All versions

SD765: All versions

SD765G: All versions

SD768G: All versions

SD820: All versions

SD821: All versions

SD835: All versions

SD845: All versions

SD850: All versions

SD855: All versions

SD8655G: All versions

SD870: All versions

SDA429W: All versions

SDM429W: All versions

SDM630: All versions

SDR051: All versions

SDR052: All versions

SDR105: All versions

SDR425: All versions

SDR660: All versions

SDR660G: All versions

SDR675: All versions

SDR8150: All versions

SDR8250: All versions

SDR845: All versions

SDR865: All versions

SDW2500: All versions

SDW3100: All versions

SDX20: All versions

SDX24: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SDXR1: All versions

SDXR25G: All versions

SM4125: All versions

SM6250: All versions

SM6250P: All versions

SM7250P: All versions

SMB1350: All versions

SMB1351: All versions

SMB1354: All versions

SMB1355: All versions

SMB1357: All versions

SMB1358: All versions

SMB1360: All versions

SMB1380: All versions

SMB1381: All versions

SMB1390: All versions

SMB231: All versions

SMB2351: All versions

SMB358: All versions

SMB358S: All versions

SMR525: All versions

SMR526: All versions

WCD9306: All versions

WCD9326: All versions

WCD9330: All versions

WCD9335: All versions

WCD9340: All versions

WCD9341: All versions

WCD9360: All versions

WCD9370: All versions

WCD9371: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCN3610: All versions

WCN3615: All versions

WCN3620: All versions

WCN3660: All versions

WCN3660B: All versions

WCN3680: All versions

WCN3680B: All versions

WCN3910: All versions

WCN3950: All versions

WCN3980: All versions

WCN3988: All versions

WCN3990: All versions

WCN3991: All versions

WCN3998: All versions

WCN6850: All versions

WCN6851: All versions

WGR7640: All versions

WHS9410: All versions

WSA8810: All versions

WSA8815: All versions

WTR1605: All versions

WTR1605L: All versions

WTR2955: All versions

WTR2965: All versions

WTR3905: All versions

WTR3925: All versions

WTR3950: All versions

WTR4605: All versions

WTR4905: All versions

WTR5975: All versions

WTR6955: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper access control

EUVDB-ID: #VU51895

Risk: Low

CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11252

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper access restrictions during trustzone initialization, as xPU get disabled when memory dumps are enabled. A local user can gain access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AQT1000: All versions

AR8031: All versions

AR8035: All versions

CSR8811: All versions

CSRA6620: All versions

CSRA6640: All versions

CSRB31024: All versions

FSM10055: All versions

FSM10056: All versions

IPQ6000: All versions

IPQ6005: All versions

IPQ6010: All versions

IPQ6018: All versions

IPQ6028: All versions

MDM9205: All versions

PM3003A: All versions

PM4125: All versions

PM4250: All versions

PM456: All versions

PM6125: All versions

PM6150: All versions

PM6150A: All versions

PM6150L: All versions

PM6250: All versions

PM6350: All versions

PM640A: All versions

PM640L: All versions

PM640P: All versions

PM660: All versions

PM660L: All versions

PM670: All versions

PM670A: All versions

PM670L: All versions

PM7150A: All versions

PM7150L: All versions

PM7250: All versions

PM7250B: All versions

PM8004: All versions

PM8005: All versions

PM8008: All versions

PM8009: All versions

PM8150: All versions

PM8150A: All versions

PM8150B: All versions

PM8150C: All versions

PM8150L: All versions

PM8250: All versions

PM8350: All versions

PM855: All versions

PM855B: All versions

PM855L: All versions

PM855P: All versions

PM8998: All versions

PMC1000H: All versions

PMD9655: All versions

PME605: All versions

PMI632: All versions

PMI8998: All versions

PMK8002: All versions

PMK8003: All versions

PMM6155AU: All versions

PMM8155AU: All versions

PMM8195AU: All versions

PMM855AU: All versions

PMR525: All versions

PMR735A: All versions

PMR735B: All versions

PMX24: All versions

PMX50: All versions

PMX55: All versions

QAT3516: All versions

QAT3518: All versions

QAT3519: All versions

QAT3522: All versions

QAT3550: All versions

QAT3555: All versions

QAT5515: All versions

QAT5516: All versions

QAT5522: All versions

QAT5533: All versions

QBT1500: All versions

QBT2000: All versions

QCA4004: All versions

QCA6174A: All versions

QCA6175A: All versions

QCA6390: All versions

QCA6391: All versions

QCA6420: All versions

QCA6421: All versions

QCA6426: All versions

QCA6430: All versions

QCA6431: All versions

QCA6436: All versions

QCA6564: All versions

QCA6564A: All versions

QCA6564AU: All versions

QCA6574: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6584AU: All versions

QCA6595: All versions

QCA6595AU: All versions

QCA6696: All versions

QCA8072: All versions

QCA8075: All versions

QCA8081: All versions

QCA8337: All versions

QCA9377: All versions

QCA9984: All versions

QCM2290: All versions

QCM4290: All versions

QCM6125: All versions

QCN5021: All versions

QCN5022: All versions

QCN5052: All versions

QCN5121: All versions

QCN5122: All versions

QCN5152: All versions

QCN9000: All versions

QCN9074: All versions

QCS2290: All versions

QCS405: All versions

QCS410: All versions

QCS4290: All versions

QCS603: All versions

QCS605: All versions

QCS610: All versions

QCS6125: All versions

QDM2301: All versions

QDM2302: All versions

QDM2305: All versions

QDM2307: All versions

QDM2308: All versions

QDM2310: All versions

QDM3301: All versions

QDM5620: All versions

QDM5621: All versions

QDM5650: All versions

QDM5652: All versions

QDM5670: All versions

QDM5671: All versions

QDM5677: All versions

QDM5679: All versions

QET4100: All versions

QET4101: All versions

QET4200AQ: All versions

QET5100: All versions

QET5100M: All versions

QET6100: All versions

QET6105: All versions

QET6110: All versions

QFS2530: All versions

QFS2580: All versions

QLN1021AQ: All versions

QLN1031: All versions

QLN1036AQ: All versions

QLN4640: All versions

QLN4642: All versions

QLN4650: All versions

QLN5020: All versions

QLN5030: All versions

QLN5040: All versions

QPA2625: All versions

QPA4360: All versions

QPA4361: All versions

QPA5460: All versions

QPA5580: All versions

QPA5581: All versions

QPA6560: All versions

QPA8673: All versions

QPA8675: All versions

QPA8686: All versions

QPA8688: All versions

QPA8801: All versions

QPA8802: All versions

QPA8803: All versions

QPA8821: All versions

QPA8842: All versions

QPM4650: All versions

QPM5541: All versions

QPM5577: All versions

QPM5579: All versions

QPM5620: All versions

QPM5621: All versions

QPM5657: All versions

QPM5658: All versions

QPM5670: All versions

QPM5677: All versions

QPM5679: All versions

QPM6325: All versions

QPM6375: All versions

QPM6582: All versions

QPM6585: All versions

QPM8820: All versions

QPM8830: All versions

QPM8870: All versions

QPM8895: All versions

QSM7250: All versions

QSM8250: All versions

QSW6310: All versions

QSW8573: All versions

QSW8574: All versions

QTC410S: All versions

QTC800H: All versions

QTC800S: All versions

QTC801S: All versions

QTM525: All versions

QTM527: All versions

SA2150P: All versions

SA415M: All versions

SA515M: All versions

SA6145P: All versions

SA6150P: All versions

SA6155: All versions

SA6155P: All versions

SA8150P: All versions

SA8155: All versions

SA8155P: All versions

SA8195P: All versions

SC8180X+SDX55: All versions

SD675: All versions

SD8C: All versions

SD8CX: All versions

SD460: All versions

SD480: All versions

SD662: All versions

SD665: All versions

SD670: All versions

SD678: All versions

SD6905G: All versions

SD710: All versions

SD712: All versions

SD720G: All versions

SD730: All versions

SD750G: All versions

SD765: All versions

SD765G: All versions

SD768G: All versions

SD7c: All versions

SD855: All versions

SD8655G: All versions

SD870: All versions

SD8885G: All versions

SDM830: All versions

SDR051: All versions

SDR052: All versions

SDR105: All versions

SDR425: All versions

SDR660: All versions

SDR660G: All versions

SDR675: All versions

SDR735: All versions

SDR735G: All versions

SDR8150: All versions

SDR8250: All versions

SDR865: All versions

SDX24: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SDXR1: All versions

SDXR25G: All versions

SM4125: All versions

SM6250: All versions

SM6250P: All versions

SM7250P: All versions

SMB1351: All versions

SMB1354: All versions

SMB1355: All versions

SMB1381: All versions

SMB1390: All versions

SMB1395: All versions

SMB1396: All versions

SMB231: All versions

SMB2351: All versions

SMR525: All versions

SMR526: All versions

SMR545: All versions

SMR546: All versions

WCD9306: All versions

WCD9326: All versions

WCD9335: All versions

WCD9340: All versions

WCD9341: All versions

WCD9360: All versions

WCD9370: All versions

WCD9371: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCN3910: All versions

WCN3950: All versions

WCN3980: All versions

WCN3988: All versions

WCN3990: All versions

WCN3991: All versions

WCN3998: All versions

WCN3999: All versions

WCN6750: All versions

WCN6850: All versions

WCN6851: All versions

WGR7640: All versions

WHS9410: All versions

WSA8810: All versions

WSA8815: All versions

WSA8830: All versions

WSA8835: All versions

WTR2965: All versions

WTR3925: All versions

WTR5975: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Memory leak

EUVDB-ID: #VU51896

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11255

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak when processing RTCP packets containing multiple SDES reports in Data Modem. A remote attacker can send specially crafted RTCP packets to the system and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8037: All versions

APQ8053: All versions

AQT1000: All versions

CSRB31024: All versions

MDM8207: All versions

MDM9205: All versions

MDM9206: All versions

MDM9207: All versions

MDM9250: All versions

MDM9607: All versions

MDM9628: All versions

MDM9640: All versions

MDM9650: All versions

MDM9655: All versions

MSM8108: All versions

MSM8208: All versions

MSM8209: All versions

MSM8608: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8976: All versions

MSM8976SG: All versions

MSM8996AU: All versions

PM215: All versions

PM3003A: All versions

PM4125: All versions

PM4250: All versions

PM439: All versions

PM456: All versions

PM6125: All versions

PM6150: All versions

PM6150A: All versions

PM6150L: All versions

PM6250: All versions

PM640A: All versions

PM640L: All versions

PM640P: All versions

PM660: All versions

PM660A: All versions

PM660L: All versions

PM670: All versions

PM670L: All versions

PM7150A: All versions

PM7150L: All versions

PM7250: All versions

PM7250B: All versions

PM8004: All versions

PM8005: All versions

PM8008: All versions

PM8009: All versions

PM8150: All versions

PM8150A: All versions

PM8150B: All versions

PM8150C: All versions

PM8150L: All versions

PM8250: All versions

PM8350: All versions

PM855: All versions

PM855A: All versions

PM855B: All versions

PM855L: All versions

PM855P: All versions

PM8909: All versions

PM8916: All versions

PM8937: All versions

PM8940: All versions

PM8952: All versions

PM8953: All versions

PM8956: All versions

PM8998: All versions

PMC1000H: All versions

PMD9607: All versions

PMD9645: All versions

PMD9655: All versions

PMD9655AU: All versions

PME605: All versions

PMI632: All versions

PMI8937: All versions

PMI8940: All versions

PMI8952: All versions

PMI8998: All versions

PMK8002: All versions

PMM855AU: All versions

PMM8996AU: All versions

PMR525: All versions

PMR735A: All versions

PMX20: All versions

PMX24: All versions

PMX50: All versions

PMX55: All versions

QAT3514: All versions

QAT3516: All versions

QAT3518: All versions

QAT3519: All versions

QAT3522: All versions

QAT3550: All versions

QAT3555: All versions

QAT5515: All versions

QAT5516: All versions

QAT5522: All versions

QAT5533: All versions

QBT1500: All versions

QBT2000: All versions

QCA4004: All versions

QCA6174A: All versions

QCA6310: All versions

QCA6335: All versions

QCA6390: All versions

QCA6391: All versions

QCA6420: All versions

QCA6421: All versions

QCA6426: All versions

QCA6430: All versions

QCA6431: All versions

QCA6436: All versions

QCA6564A: All versions

QCA6564AU: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6584AU: All versions

QCA6595: All versions

QCA6595AU: All versions

QCA6696: All versions

QCA8337: All versions

QCA9367: All versions

QCA9377: All versions

QCA9379: All versions

QCM2290: All versions

QCM4290: All versions

QCM6125: All versions

QCS2290: All versions

QCS410: All versions

QCS4290: All versions

QCS603: All versions

QCS605: All versions

QCS610: All versions

QCS6125: All versions

QDM2301: All versions

QDM2302: All versions

QDM2305: All versions

QDM2307: All versions

QDM2308: All versions

QDM2310: All versions

QDM3301: All versions

QDM5620: All versions

QDM5621: All versions

QDM5650: All versions

QDM5652: All versions

QDM5670: All versions

QDM5671: All versions

QDM5677: All versions

QDM5679: All versions

QET4100: All versions

QET4101: All versions

QET4200AQ: All versions

QET5100: All versions

QET5100M: All versions

QET6110: All versions

QFE2101: All versions

QFE2520: All versions

QFE2550: All versions

QFE3320: All versions

QFE3340: All versions

QFE4301: All versions

QFE4302: All versions

QFE4303: All versions

QFE4305: All versions

QFE4308: All versions

QFE4309: All versions

QFE4320: All versions

QFE4373FC: All versions

QFS2530: All versions

QFS2580: All versions

QLN1020: All versions

QLN1021AQ: All versions

QLN1030: All versions

QLN1031: All versions

QLN1036AQ: All versions

QLN4640: All versions

QLN4642: All versions

QLN4650: All versions

QLN5020: All versions

QLN5030: All versions

QLN5040: All versions

QPA2625: All versions

QPA4340: All versions

QPA4360: All versions

QPA4361: All versions

QPA5373: All versions

QPA5460: All versions

QPA5580: All versions

QPA6560: All versions

QPA8673: All versions

QPA8675: All versions

QPA8686: All versions

QPA8801: All versions

QPA8802: All versions

QPA8803: All versions

QPA8821: All versions

QPA8842: All versions

QPM2630: All versions

QPM4650: All versions

QPM5621: All versions

QPM5658: All versions

QPM5670: All versions

QPM5677: All versions

QPM5679: All versions

QPM6582: All versions

QPM6585: All versions

QPM8820: All versions

QPM8830: All versions

QPM8870: All versions

QPM8895: All versions

QSM7250: All versions

QSW6310: All versions

QSW8573: All versions

QSW8574: All versions

QTC410S: All versions

QTC800H: All versions

QTC800S: All versions

QTC801S: All versions

QTM525: All versions

QTM527: All versions

Qualcomm215: All versions

RSW8577: All versions

SA415M: All versions

SA515M: All versions

SA8155: All versions

SA8155P: All versions

SC8180X+SDX55: All versions

SD455: All versions

SD636: All versions

SD675: All versions

SD8C: All versions

SD8CX: All versions

SD205: All versions

SD210: All versions

SD429: All versions

SD439: All versions

SD450: All versions

SD460: All versions

SD632: All versions

SD660: All versions

SD662: All versions

SD665: All versions

SD670: All versions

SD678: All versions

SD710: All versions

SD712: All versions

SD720G: All versions

SD730: All versions

SD765: All versions

SD765G: All versions

SD768G: All versions

SD845: All versions

SD850: All versions

SD855: All versions

SD8655G: All versions

SD870: All versions

SD8885G: All versions

SDM630: All versions

SDR051: All versions

SDR052: All versions

SDR105: All versions

SDR425: All versions

SDR660: All versions

SDR660G: All versions

SDR675: All versions

SDR735: All versions

SDR8150: All versions

SDR8250: All versions

SDR845: All versions

SDR865: All versions

SDX20: All versions

SDX24: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SDXR1: All versions

SDXR25G: All versions

SM4125: All versions

SM6250: All versions

SM6250P: All versions

SM7250P: All versions

SMB1351: All versions

SMB1354: All versions

SMB1355: All versions

SMB1357: All versions

SMB1358: All versions

SMB1360: All versions

SMB1380: All versions

SMB1381: All versions

SMB1390: All versions

SMB231: All versions

SMB2351: All versions

SMB358: All versions

SMB358S: All versions

SMR525: All versions

SMR526: All versions

SMR545: All versions

SMR546: All versions

WCD9306: All versions

WCD9326: All versions

WCD9330: All versions

WCD9335: All versions

WCD9340: All versions

WCD9341: All versions

WCD9360: All versions

WCD9370: All versions

WCD9371: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCN3610: All versions

WCN3615: All versions

WCN3660: All versions

WCN3660B: All versions

WCN3680: All versions

WCN3680B: All versions

WCN3910: All versions

WCN3950: All versions

WCN3980: All versions

WCN3988: All versions

WCN3990: All versions

WCN3991: All versions

WCN3998: All versions

WCN6850: All versions

WGR7640: All versions

WHS9410: All versions

WSA8810: All versions

WSA8815: All versions

WTR2955: All versions

WTR2965: All versions

WTR3905: All versions

WTR3925: All versions

WTR4605: All versions

WTR4905: All versions

WTR5975: All versions

WTR6955: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.