Information disclosure in Qualcomm products - CVE-2021-35080
Published: May 12, 2022 / Updated: May 12, 2022
Vulnerability identifier: #VU63108
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-35080
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Qualcomm
Affected software:
QCM2290
QCM4290
QCS2290
QCS4290
SD460
SD480
SD662
SD680
SD695
SM4125
SW5100
SW5100P
WCD9370
WCD9375
WCD9385
WCN3910
WCN3950
WCN3980
WCN3988
WCN3991
WCN3998
WSA8810
WSA8815
WSA8830
WSA8835
QCM2290
QCM4290
QCS2290
QCS4290
SD460
SD480
SD662
SD680
SD695
SM4125
SW5100
SW5100P
WCD9370
WCD9375
WCD9385
WCN3910
WCN3950
WCN3980
WCN3988
WCN3991
WCN3998
WSA8810
WSA8815
WSA8830
WSA8835
Detailed vulnerability description
The vulnerability allows a local appliction to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in KERNEL component. A local appliction can gain unauthorized access to sensitive information on the system.
How to mitigate CVE-2021-35080
Install updates from vendor's website.