#VU56351 Improper access control in Qualcomm products - CVE-2021-1957
Published: September 6, 2021
Vulnerability identifier: #VU56351
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1957
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8017
QCA6174A
QCA6574AU
SA6155P
SD855
SDX55
QCA6390
QCA6391
QCA6421
QCA6426
QCA6431
QCA6436
QCA6696
QCM6125
QCS610
QCS6125
QRB5165
Qualcomm215
SA6145P
SA6150P
SA8145P
SA8150P
SA8155P
SA8195P
SD8655G
SD870
SDX55M
SDXR25G
WCD9326
WCD9335
WCD9341
WCD9370
WCD9380
WCD9385
WCN3610
WCN3615
WCN3660B
WCN3680
WCN3950
WCN3980
WCN3990
WCN3998
WCN6850
WCN6851
WSA8810
WSA8815
APQ8017
QCA6174A
QCA6574AU
SA6155P
SD855
SDX55
QCA6390
QCA6391
QCA6421
QCA6426
QCA6431
QCA6436
QCA6696
QCM6125
QCS610
QCS6125
QRB5165
Qualcomm215
SA6145P
SA6150P
SA8145P
SA8150P
SA8155P
SA8195P
SD8655G
SD870
SDX55M
SDXR25G
WCD9326
WCD9335
WCD9341
WCD9370
WCD9380
WCD9385
WCN3610
WCN3615
WCN3660B
WCN3680
WCN3950
WCN3980
WCN3990
WCN3998
WCN6850
WCN6851
WSA8810
WSA8815
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due improper Access Control when ACL link encryption is failed and ACL link
is not disconnected during reconnection with paired device. A local user can per form a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.
External links
- https://www.qualcomm.com/company/product-security/bulletins/september-2021-bulletin
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/system/bt/commit/?id=91aad9e40bc8332a0241e88c2e100eff8851cc98
- https://source.codeaurora.org/quic/le/platform/system/bt/commit/?id=0e713342ba8e9f96a0ffcc7accb631e41d10aa0f