Improper Access Control in Qualcomm products - CVE-2021-1932
Published: February 6, 2023
Vulnerability identifier: #VU71908
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1932
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
AQT1000
AR8035
QCA6390
QCA6420
QCA6430
QCA6574A
QCA6595
QCA6595AU
QCA6696
QCA9984
QCM2290
QCM4290
QCS2290
QCS410
QCS4290
QCS610
SA8150P
SA8155
SA8155P
SA8195P
SD 675
SD 8C
SD 8CX
SD460
SD480
SD662
SD678
SD720G
SD7c
SD888 5G
SDM830
SDX50M
SDX55M
SM4125
SM6250
SM6250P
WCD9340
WCD9341
WCD9360
WCD9370
WCD9371
WCD9375
WCD9380
WCD9385
WCN3910
WCN3950
WCN3980
WCN3988
WCN3990
WCN3991
WCN3998
WCN3999
WCN6850
WHS9410
WSA8810
WSA8815
QCA6574AU
QCS405
SA6155P
SD675
SD730
SD855
SDX24
SDX55
AQT1000
AR8035
QCA6390
QCA6420
QCA6430
QCA6574A
QCA6595
QCA6595AU
QCA6696
QCA9984
QCM2290
QCM4290
QCS2290
QCS410
QCS4290
QCS610
SA8150P
SA8155
SA8155P
SA8195P
SD 675
SD 8C
SD 8CX
SD460
SD480
SD662
SD678
SD720G
SD7c
SD888 5G
SDM830
SDX50M
SDX55M
SM4125
SM6250
SM6250P
WCD9340
WCD9341
WCD9360
WCD9370
WCD9371
WCD9375
WCD9380
WCD9385
WCN3910
WCN3950
WCN3980
WCN3988
WCN3990
WCN3991
WCN3998
WCN3999
WCN6850
WHS9410
WSA8810
WSA8815
QCA6574AU
QCS405
SA6155P
SD675
SD730
SD855
SDX24
SDX55
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in QTEE. A local application can execute arbitrary code.
Remediation
Install security update from vendor's website.