#VU61879 Buffer overflow in Qualcomm products - CVE-2021-35123
Published: April 5, 2022
Vulnerability identifier: #VU61879
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-35123
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
AQT1000
QCA6390
QCA6391
SD8Gen15G
SD480
SD660
SD778G
SD780G
SD8655G
SD870
SD8885G
SDX55M
SM6375
SM7325P
WCD9335
WCD9370
WCD9375
WCD9380
WCD9385
WCN3980
WCN3988
WCN3991
WCN3998
WCN6740
WCN6750
WCN6850
WCN6851
WCN6855
WCN6856
WSA8830
WSA8835
SD855
AQT1000
QCA6390
QCA6391
SD8Gen15G
SD480
SD660
SD778G
SD780G
SD8655G
SD870
SD8885G
SDX55M
SM6375
SM7325P
WCD9335
WCD9370
WCD9375
WCD9380
WCD9385
WCN3980
WCN3988
WCN3991
WCN3998
WCN6740
WCN6750
WCN6850
WCN6851
WCN6855
WCN6856
WSA8830
WSA8835
SD855
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary within the Bluetooth HOST component when processing GATT multi notifications. An attacker with physical access to device can send specially crafted packets to the device, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.