#VU64043 Time-of-check Time-of-use (TOCTOU) Race Condition in Qualcomm products - CVE-2021-35111
Published: June 7, 2022
Vulnerability identifier: #VU64043
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-35111
CWE-ID: CWE-367
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
AR8035
QCA6390
QCA6391
QCA8081
QCA8337
SD 8 Gen1 5G
SD765
SD765G
SD768G
SD778G
SD865 5G
SD870
SD888 5G
SDX55M
SDX65
SM7250P
WCD9341
WCD9370
WCD9375
WCD9380
WCD9385
WCN3991
WCN3998
WCN6750
WCN6850
WCN6851
WCN6855
WCN6856
WCN7851
WSA8810
WSA8815
WSA8830
WSA8835
SDX55
SM7450
SM8475
SM8475P
WSA8832
AR8035
QCA6390
QCA6391
QCA8081
QCA8337
SD 8 Gen1 5G
SD765
SD765G
SD768G
SD778G
SD865 5G
SD870
SD888 5G
SDX55M
SDX65
SM7250P
WCD9341
WCD9370
WCD9375
WCD9380
WCD9385
WCN3991
WCN3998
WCN6750
WCN6850
WCN6851
WCN6855
WCN6856
WCN7851
WSA8810
WSA8815
WSA8830
WSA8835
SDX55
SM7450
SM8475
SM8475P
WSA8832
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of tag id while RRC sending tag id to MAC within Modem. A remote attacker can perform a denial of service attack.
Remediation
Install updates from vendor's website.