Vulnerability identifier: #VU52805
Vulnerability risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
APQ8009
Hardware solutions /
Firmware
MDM9640
Hardware solutions /
Firmware
QCA6174A
Hardware solutions /
Firmware
SD210
Hardware solutions /
Firmware
APQ8016
Mobile applications /
Mobile firmware & hardware
APQ8074
Mobile applications /
Mobile firmware & hardware
APQ8084
Mobile applications /
Mobile firmware & hardware
APQ8094
Mobile applications /
Mobile firmware & hardware
AR6003
Mobile applications /
Mobile firmware & hardware
MDM8215
Mobile applications /
Mobile firmware & hardware
MDM8215M
Mobile applications /
Mobile firmware & hardware
MDM8615M
Mobile applications /
Mobile firmware & hardware
MDM9215
Mobile applications /
Mobile firmware & hardware
MDM9235M
Mobile applications /
Mobile firmware & hardware
MDM9310
Mobile applications /
Mobile firmware & hardware
MDM9609
Mobile applications /
Mobile firmware & hardware
MDM9615
Mobile applications /
Mobile firmware & hardware
MDM9615M
Mobile applications /
Mobile firmware & hardware
MDM9635M
Mobile applications /
Mobile firmware & hardware
MDM9645
Mobile applications /
Mobile firmware & hardware
MSM8108
Mobile applications /
Mobile firmware & hardware
MSM8208
Mobile applications /
Mobile firmware & hardware
MSM8209
Mobile applications /
Mobile firmware & hardware
MSM8216
Mobile applications /
Mobile firmware & hardware
MSM8274
Mobile applications /
Mobile firmware & hardware
MSM8608
Mobile applications /
Mobile firmware & hardware
MSM8674
Mobile applications /
Mobile firmware & hardware
MSM8916
Mobile applications /
Mobile firmware & hardware
MSM8929
Mobile applications /
Mobile firmware & hardware
MSM8939
Mobile applications /
Mobile firmware & hardware
MSM8974
Mobile applications /
Mobile firmware & hardware
MSM8974P
Mobile applications /
Mobile firmware & hardware
MSM8994
Mobile applications /
Mobile firmware & hardware
PM8018
Mobile applications /
Mobile firmware & hardware
PM8841
Mobile applications /
Mobile firmware & hardware
PM8909
Mobile applications /
Mobile firmware & hardware
PM8916
Mobile applications /
Mobile firmware & hardware
PM8941
Mobile applications /
Mobile firmware & hardware
PM8994
Mobile applications /
Mobile firmware & hardware
PMD9635
Mobile applications /
Mobile firmware & hardware
PMD9645
Mobile applications /
Mobile firmware & hardware
PMI8994
Mobile applications /
Mobile firmware & hardware
QCA1990
Mobile applications /
Mobile firmware & hardware
QCA6174
Mobile applications /
Mobile firmware & hardware
QCA6584
Mobile applications /
Mobile firmware & hardware
QFE1035
Mobile applications /
Mobile firmware & hardware
QFE1040
Mobile applications /
Mobile firmware & hardware
QFE1045
Mobile applications /
Mobile firmware & hardware
QFE1100
Mobile applications /
Mobile firmware & hardware
QFE1101
Mobile applications /
Mobile firmware & hardware
QFE1520
Mobile applications /
Mobile firmware & hardware
QFE1550
Mobile applications /
Mobile firmware & hardware
QFE2101
Mobile applications /
Mobile firmware & hardware
QFE2310
Mobile applications /
Mobile firmware & hardware
QFE2320
Mobile applications /
Mobile firmware & hardware
QFE2330
Mobile applications /
Mobile firmware & hardware
QFE2340
Mobile applications /
Mobile firmware & hardware
QFE2520
Mobile applications /
Mobile firmware & hardware
QFE2550
Mobile applications /
Mobile firmware & hardware
QFE2720
Mobile applications /
Mobile firmware & hardware
QFE3100
Mobile applications /
Mobile firmware & hardware
QFE3320
Mobile applications /
Mobile firmware & hardware
QFE3335
Mobile applications /
Mobile firmware & hardware
QFE3340
Mobile applications /
Mobile firmware & hardware
QFE3345
Mobile applications /
Mobile firmware & hardware
SMB1360
Mobile applications /
Mobile firmware & hardware
WCD9306
Mobile applications /
Mobile firmware & hardware
WCD9330
Mobile applications /
Mobile firmware & hardware
WCN3610
Mobile applications /
Mobile firmware & hardware
WCN3620
Mobile applications /
Mobile firmware & hardware
WCN3660
Mobile applications /
Mobile firmware & hardware
WCN3660A
Mobile applications /
Mobile firmware & hardware
WCN3660B
Mobile applications /
Mobile firmware & hardware
WCN3680
Mobile applications /
Mobile firmware & hardware
WCN3680B
Mobile applications /
Mobile firmware & hardware
WFR1620
Mobile applications /
Mobile firmware & hardware
WGR7640
Mobile applications /
Mobile firmware & hardware
WTR1605
Mobile applications /
Mobile firmware & hardware
WTR1605L
Mobile applications /
Mobile firmware & hardware
WTR1625
Mobile applications /
Mobile firmware & hardware
WTR1625L
Mobile applications /
Mobile firmware & hardware
WTR2605
Mobile applications /
Mobile firmware & hardware
WTR2955
Mobile applications /
Mobile firmware & hardware
WTR3925
Mobile applications /
Mobile firmware & hardware
WTR4605
Mobile applications /
Mobile firmware & hardware
WTR4905
Mobile applications /
Mobile firmware & hardware
Vendor: Qualcomm
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in LTE implementation. Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to a remote denial of service.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
APQ8009: All versions
APQ8016: All versions
APQ8074: All versions
APQ8084: All versions
APQ8094: All versions
AR6003: All versions
MDM8215: All versions
MDM8215M: All versions
MDM8615M: All versions
MDM9215: All versions
MDM9235M: All versions
MDM9310: All versions
MDM9609: All versions
MDM9615: All versions
MDM9615M: All versions
MDM9635M: All versions
MDM9640: All versions
MDM9645: All versions
MSM8108: All versions
MSM8208: All versions
MSM8209: All versions
MSM8216: All versions
MSM8274: All versions
MSM8608: All versions
MSM8674: All versions
MSM8916: All versions
MSM8929: All versions
MSM8939: All versions
MSM8974: All versions
MSM8974P: All versions
MSM8994: All versions
PM8018: All versions
PM8841: All versions
PM8909: All versions
PM8916: All versions
PM8941: All versions
PM8994: All versions
PMD9635: All versions
PMD9645: All versions
PMI8994: All versions
QCA1990: All versions
QCA6174: All versions
QCA6174A: All versions
QCA6584: All versions
QFE1035: All versions
QFE1040: All versions
QFE1045: All versions
QFE1100: All versions
QFE1101: All versions
QFE1520: All versions
QFE1550: All versions
QFE2101: All versions
QFE2310: All versions
QFE2320: All versions
QFE2330: All versions
QFE2340: All versions
QFE2520: All versions
QFE2550: All versions
QFE2720: All versions
QFE3100: All versions
QFE3320: All versions
QFE3335: All versions
QFE3340: All versions
QFE3345: All versions
SD210: All versions
SMB1360: All versions
WCD9306: All versions
WCD9330: All versions
WCN3610: All versions
WCN3620: All versions
WCN3660: All versions
WCN3660A: All versions
WCN3660B: All versions
WCN3680: All versions
WCN3680B: All versions
WFR1620: All versions
WGR7640: All versions
WTR1605: All versions
WTR1605L: All versions
WTR1625: All versions
WTR1625L: All versions
WTR2605: All versions
WTR2955: All versions
WTR3925: All versions
WTR4605: All versions
WTR4905: All versions
External links
http://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.