Buffer overflow in Qualcomm Hardware solutions

#VU51884 Buffer overflow in Qualcomm Hardware solutions

Published: 2021-04-05

Vulnerability identifier: #VU51884

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1892

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
AQT1000
Mobile applications / Mobile firmware & hardware
PM8005
Mobile applications / Mobile firmware & hardware
PM855
Mobile applications / Mobile firmware & hardware
PM855P
Mobile applications / Mobile firmware & hardware
PM8998
Mobile applications / Mobile firmware & hardware
PMI8998
Mobile applications / Mobile firmware & hardware
QAT3550
Mobile applications / Mobile firmware & hardware
QCA1062
Mobile applications / Mobile firmware & hardware
QCA1064
Mobile applications / Mobile firmware & hardware
QCA2066
Mobile applications / Mobile firmware & hardware
QCA6164
Mobile applications / Mobile firmware & hardware
QCA6174
Mobile applications / Mobile firmware & hardware
QCA6310
Mobile applications / Mobile firmware & hardware
QCA6335
Mobile applications / Mobile firmware & hardware
QCA6391
Mobile applications / Mobile firmware & hardware
QCA6420
Mobile applications / Mobile firmware & hardware
QCA6430
Mobile applications / Mobile firmware & hardware
QCA6595AU
Mobile applications / Mobile firmware & hardware
QCN7606
Mobile applications / Mobile firmware & hardware
QET4100
Mobile applications / Mobile firmware & hardware
QFE2081FC
Mobile applications / Mobile firmware & hardware
QFE2082FC
Mobile applications / Mobile firmware & hardware
QFE3100
Mobile applications / Mobile firmware & hardware
QFE3440FC
Mobile applications / Mobile firmware & hardware
QFE4455FC
Mobile applications / Mobile firmware & hardware
QLN1035BD
Mobile applications / Mobile firmware & hardware
SD8C
Mobile applications / Mobile firmware & hardware
SD8CX
Mobile applications / Mobile firmware & hardware
SDR8150
Mobile applications / Mobile firmware & hardware
SMB1350
Mobile applications / Mobile firmware & hardware
SMB1351
Mobile applications / Mobile firmware & hardware
SMB1380
Mobile applications / Mobile firmware & hardware
SMB1381
Mobile applications / Mobile firmware & hardware
SMB1390
Mobile applications / Mobile firmware & hardware
SMB2351
Mobile applications / Mobile firmware & hardware
WCD9335
Mobile applications / Mobile firmware & hardware
WCD9340
Mobile applications / Mobile firmware & hardware
WCD9341
Mobile applications / Mobile firmware & hardware
WCN3990
Mobile applications / Mobile firmware & hardware
WCN3998
Mobile applications / Mobile firmware & hardware
WCN6850
Mobile applications / Mobile firmware & hardware
WCN6851
Mobile applications / Mobile firmware & hardware
WCN6855
Mobile applications / Mobile firmware & hardware
WCN6856
Mobile applications / Mobile firmware & hardware
WGR7640
Mobile applications / Mobile firmware & hardware
WSA8810
Mobile applications / Mobile firmware & hardware
WSA8815
Mobile applications / Mobile firmware & hardware
WTR5975
Mobile applications / Mobile firmware & hardware
QCA6174A
Hardware solutions / Firmware
QCA9377
Hardware solutions / Firmware
QCN7605
Hardware solutions / Firmware
SD835
Hardware solutions / Firmware
SD845
Hardware solutions / Firmware
SD850
Hardware solutions / Firmware

Vendor: Qualcomm

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error while processing nonstandard IO control in WLAN. A malicious application can trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

AQT1000: All versions

PM8005: All versions

PM855: All versions

PM855P: All versions

PM8998: All versions

PMI8998: All versions

QAT3550: All versions

QCA1062: All versions

QCA1064: All versions

QCA2066: All versions

QCA6164: All versions

QCA6174: All versions

QCA6174A: All versions

QCA6310: All versions

QCA6335: All versions

QCA6391: All versions

QCA6420: All versions

QCA6430: All versions

QCA6595AU: All versions

QCA9377: All versions

QCN7605: All versions

QCN7606: All versions

QET4100: All versions

QFE2081FC: All versions

QFE2082FC: All versions

QFE3100: All versions

QFE3440FC: All versions

QFE4455FC: All versions

QLN1035BD: All versions

SD8C: All versions

SD8CX: All versions

SD835: All versions

SD845: All versions

SD850: All versions

SDR8150: All versions

SMB1350: All versions

SMB1351: All versions

SMB1380: All versions

SMB1381: All versions

SMB1390: All versions

SMB2351: All versions

WCD9335: All versions

WCD9340: All versions

WCD9341: All versions

WCN3990: All versions

WCN3998: All versions

WCN6850: All versions

WCN6851: All versions

WCN6855: All versions

WCN6856: All versions

WGR7640: All versions

WSA8810: All versions

WSA8815: All versions

WTR5975: All versions

External links
http://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Qualcomm chipsets