Buffer overflow in Qualcomm Hardware solutions

#VU61832 Buffer overflow in Qualcomm Hardware solutions

Published: 2022-04-04

Vulnerability identifier: #VU61832

Vulnerability risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-30327

CWE-ID: CWE-119

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
APQ8097
Mobile applications / Mobile firmware & hardware
IPQ6000
Mobile applications / Mobile firmware & hardware
IPQ6005
Mobile applications / Mobile firmware & hardware
IPQ6010
Mobile applications / Mobile firmware & hardware
IPQ6018
Mobile applications / Mobile firmware & hardware
IPQ6028
Mobile applications / Mobile firmware & hardware
MDM9205
Mobile applications / Mobile firmware & hardware
MSM8997
Mobile applications / Mobile firmware & hardware
QCA6595
Mobile applications / Mobile firmware & hardware
QCA6595AU
Mobile applications / Mobile firmware & hardware
QCN7605W
Mobile applications / Mobile firmware & hardware
QCN7606
Mobile applications / Mobile firmware & hardware
QCN7606W
Mobile applications / Mobile firmware & hardware
QCS401
Mobile applications / Mobile firmware & hardware
QCS402
Mobile applications / Mobile firmware & hardware
QCS403
Mobile applications / Mobile firmware & hardware
QCS404
Mobile applications / Mobile firmware & hardware
QCS407
Mobile applications / Mobile firmware & hardware
SA2145P
Mobile applications / Mobile firmware & hardware
SA2150P
Mobile applications / Mobile firmware & hardware
SA4150P
Mobile applications / Mobile firmware & hardware
SA4155P
Mobile applications / Mobile firmware & hardware
SA415M
Mobile applications / Mobile firmware & hardware
SA4250P
Mobile applications / Mobile firmware & hardware
SA515M
Mobile applications / Mobile firmware & hardware
SA6115
Mobile applications / Mobile firmware & hardware
SA6115P
Mobile applications / Mobile firmware & hardware
SA6125
Mobile applications / Mobile firmware & hardware
SA6125P
Mobile applications / Mobile firmware & hardware
SA6145
Mobile applications / Mobile firmware & hardware
SA6145P
Mobile applications / Mobile firmware & hardware
SA615x
Mobile applications / Mobile firmware & hardware
SA615xP
Mobile applications / Mobile firmware & hardware
SA8150P
Mobile applications / Mobile firmware & hardware
SA8155
Mobile applications / Mobile firmware & hardware
SA8155P
Mobile applications / Mobile firmware & hardware
SA8195P
Mobile applications / Mobile firmware & hardware
SC7180
Mobile applications / Mobile firmware & hardware
SC7180P
Mobile applications / Mobile firmware & hardware
SC8180XP
Mobile applications / Mobile firmware & hardware
SDA658
Mobile applications / Mobile firmware & hardware
SDA670
Mobile applications / Mobile firmware & hardware
SDA830
Mobile applications / Mobile firmware & hardware
SDM640
Mobile applications / Mobile firmware & hardware
SDM658
Mobile applications / Mobile firmware & hardware
SDM712
Mobile applications / Mobile firmware & hardware
SDM830
Mobile applications / Mobile firmware & hardware
SDM850
Mobile applications / Mobile firmware & hardware
SDPX55M
Mobile applications / Mobile firmware & hardware
SDX24M
Mobile applications / Mobile firmware & hardware
SM4250
Mobile applications / Mobile firmware & hardware
SM6125
Mobile applications / Mobile firmware & hardware
SM6150P
Mobile applications / Mobile firmware & hardware
SM6250
Mobile applications / Mobile firmware & hardware
SM6250P
Mobile applications / Mobile firmware & hardware
SM7125
Mobile applications / Mobile firmware & hardware
SM7150P
Mobile applications / Mobile firmware & hardware
SM7250
Mobile applications / Mobile firmware & hardware
SM7250P
Mobile applications / Mobile firmware & hardware
SM8150P
Mobile applications / Mobile firmware & hardware
SXR2130P
Mobile applications / Mobile firmware & hardware
APQ8098
Hardware solutions / Firmware
MSM8998
Hardware solutions / Firmware
QCN7605
Hardware solutions / Firmware
QCS405
Hardware solutions / Firmware
SC8180X
Hardware solutions / Firmware
SDA660
Hardware solutions / Firmware
SDA845
Hardware solutions / Firmware
SDM660
Hardware solutions / Firmware
SDM670
Hardware solutions / Firmware
SDM710
Hardware solutions / Firmware
SDM845
Hardware solutions / Firmware
SDX24
Hardware solutions / Firmware
SDX55
Hardware solutions / Firmware
SM6150
Hardware solutions / Firmware
SM7150
Hardware solutions / Firmware
SM8150
Hardware solutions / Firmware
SM8250
Hardware solutions / Firmware
SXR2130
Hardware solutions / Firmware

Vendor: Qualcomm

Description

The vulnerability allows an attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the EDL Sahara protocol implementation. An attacker with physical access to device can trigger memory corruption and execute arbitrary code on the target system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

APQ8097: All versions

APQ8098: All versions

IPQ6000: All versions

IPQ6005: All versions

IPQ6010: All versions

IPQ6018: All versions

IPQ6028: All versions

MDM9205: All versions

MSM8997: All versions

MSM8998: All versions

QCA6595: All versions

QCA6595AU: All versions

QCN7605: All versions

QCN7605W: All versions

QCN7606: All versions

QCN7606W: All versions

QCS401: All versions

QCS402: All versions

QCS403: All versions

QCS404: All versions

QCS405: All versions

QCS407: All versions

SA2145P: All versions

SA2150P: All versions

SA4150P: All versions

SA4155P: All versions

SA415M: All versions

SA4250P: All versions

SA515M: All versions

SA6115: All versions

SA6115P: All versions

SA6125: All versions

SA6125P: All versions

SA6145: All versions

SA6145P: All versions

SA615x: All versions

SA615xP: All versions

SA8150P: All versions

SA8155: All versions

SA8155P: All versions

SA8195P: All versions

SC7180: All versions

SC7180P: All versions

SC8180X: All versions

SC8180XP: All versions

SDA658: All versions

SDA660: All versions

SDA670: All versions

SDA830: All versions

SDA845: All versions

SDM640: All versions

SDM658: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM712: All versions

SDM830: All versions

SDM845: All versions

SDM850: All versions

SDPX55M: All versions

SDX24: All versions

SDX24M: All versions

SDX55: All versions

SM4250: All versions

SM6125: All versions

SM6150: All versions

SM6150P: All versions

SM6250: All versions

SM6250P: All versions

SM7125: All versions

SM7150: All versions

SM7150P: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SXR2130: All versions

SXR2130P: All versions

External links
http://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Qualcomm chipsets