#VU57908 Use-after-free in Qualcomm products - CVE-2021-30263
Published: November 3, 2021
Vulnerability identifier: #VU57908
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-30263
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
AQT1000
AR8031
AR8035
CSRA6620
CSRA6640
QCA6391
QCA6420
QCA6430
QCA8337
QCM6125
QCS6125
SD 8C
SD 8CX
SDX55M
WCD9335
WCD9340
WCD9341
WCD9370
WCN3950
WCN3980
WCN3998
WCN3999
WSA8810
WSA8815
QCS405
SD855
SDX55
AQT1000
AR8031
AR8035
CSRA6620
CSRA6640
QCA6391
QCA6420
QCA6430
QCA8337
QCM6125
QCS6125
SD 8C
SD 8CX
SDX55M
WCD9335
WCD9340
WCD9341
WCD9370
WCN3950
WCN3980
WCN3998
WCN3999
WSA8810
WSA8815
QCS405
SD855
SDX55
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to lack of synchronization mechanism when On-Device Logging node open twice concurrently. A local administrator can trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install updates from vendor's website.