#VU52822 Integer overflow in Qualcomm products - CVE-2021-1895
Published: May 3, 2021
Vulnerability identifier: #VU52822
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1895
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8009
APQ8053
MDM9206
QCA9377
PM215
PM8909
PM8916
PM8953
PMD9607
PMI8952
QCA9367
Qualcomm215
SMB1358
SMB1360
SMB231
WCD9326
WCD9330
WCN3615
WCN3660B
WCN3680
WCN3680B
WSA8810
WSA8815
WTR2965
APQ8009
APQ8053
MDM9206
QCA9377
PM215
PM8909
PM8916
PM8953
PMD9607
PMI8952
QCA9367
Qualcomm215
SMB1358
SMB1360
SMB231
WCD9326
WCD9330
WCN3615
WCN3660B
WCN3680
WCN3680B
WSA8810
WSA8815
WTR2965
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow during system boot when flushing an image. A local user can execute arbitrary code with elevated privileges.
Remediation
Install updates from vendor's website.