#VU61871 Improper access control in Qualcomm Hardware solutions


Published: 2022-04-05

Vulnerability identifier: #VU61871

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-30349

CWE-ID: CWE-284

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
AQT1000
Mobile applications / Mobile firmware & hardware
AR8031
Mobile applications / Mobile firmware & hardware
AR8035
Mobile applications / Mobile firmware & hardware
CSR8811
Mobile applications / Mobile firmware & hardware
CSRA6620
Mobile applications / Mobile firmware & hardware
CSRA6640
Mobile applications / Mobile firmware & hardware
CSRB31024
Mobile applications / Mobile firmware & hardware
FSM10055
Mobile applications / Mobile firmware & hardware
FSM10056
Mobile applications / Mobile firmware & hardware
IPQ6000
Mobile applications / Mobile firmware & hardware
IPQ6005
Mobile applications / Mobile firmware & hardware
IPQ6010
Mobile applications / Mobile firmware & hardware
IPQ6018
Mobile applications / Mobile firmware & hardware
IPQ6028
Mobile applications / Mobile firmware & hardware
MDM9205
Mobile applications / Mobile firmware & hardware
QCA4004
Mobile applications / Mobile firmware & hardware
QCA4024
Mobile applications / Mobile firmware & hardware
QCA6390
Mobile applications / Mobile firmware & hardware
QCA6391
Mobile applications / Mobile firmware & hardware
QCA6420
Mobile applications / Mobile firmware & hardware
QCA6426
Mobile applications / Mobile firmware & hardware
QCA6430
Mobile applications / Mobile firmware & hardware
QCA6436
Mobile applications / Mobile firmware & hardware
QCA6564
Mobile applications / Mobile firmware & hardware
QCA6564A
Mobile applications / Mobile firmware & hardware
QCA6564AU
Mobile applications / Mobile firmware & hardware
QCA6574
Mobile applications / Mobile firmware & hardware
QCA6574A
Mobile applications / Mobile firmware & hardware
QCA6595AU
Mobile applications / Mobile firmware & hardware
QCA6696
Mobile applications / Mobile firmware & hardware
QCA8072
Mobile applications / Mobile firmware & hardware
QCA8075
Mobile applications / Mobile firmware & hardware
QCA8081
Mobile applications / Mobile firmware & hardware
QCA8337
Mobile applications / Mobile firmware & hardware
QCA9984
Mobile applications / Mobile firmware & hardware
QCM2290
Mobile applications / Mobile firmware & hardware
QCM4290
Mobile applications / Mobile firmware & hardware
QCM6125
Mobile applications / Mobile firmware & hardware
QCM6490
Mobile applications / Mobile firmware & hardware
QCN5021
Mobile applications / Mobile firmware & hardware
QCN5022
Mobile applications / Mobile firmware & hardware
QCN5052
Mobile applications / Mobile firmware & hardware
QCN5121
Mobile applications / Mobile firmware & hardware
QCN5122
Mobile applications / Mobile firmware & hardware
QCN5152
Mobile applications / Mobile firmware & hardware
QCN6023
Mobile applications / Mobile firmware & hardware
QCN6024
Mobile applications / Mobile firmware & hardware
QCN9000
Mobile applications / Mobile firmware & hardware
QCN9011
Mobile applications / Mobile firmware & hardware
QCN9012
Mobile applications / Mobile firmware & hardware
QCN9022
Mobile applications / Mobile firmware & hardware
QCN9024
Mobile applications / Mobile firmware & hardware
QCN9070
Mobile applications / Mobile firmware & hardware
QCN9072
Mobile applications / Mobile firmware & hardware
QCN9074
Mobile applications / Mobile firmware & hardware
QCS2290
Mobile applications / Mobile firmware & hardware
QCS410
Mobile applications / Mobile firmware & hardware
QCS4290
Mobile applications / Mobile firmware & hardware
QCS603
Mobile applications / Mobile firmware & hardware
QCS610
Mobile applications / Mobile firmware & hardware
QCS6125
Mobile applications / Mobile firmware & hardware
QCS6490
Mobile applications / Mobile firmware & hardware
QCX315
Mobile applications / Mobile firmware & hardware
QRB5165
Mobile applications / Mobile firmware & hardware
QRB5165M
Mobile applications / Mobile firmware & hardware
QRB5165N
Mobile applications / Mobile firmware & hardware
QSM8250
Mobile applications / Mobile firmware & hardware
SA4150P
Mobile applications / Mobile firmware & hardware
SA4155P
Mobile applications / Mobile firmware & hardware
SA415M
Mobile applications / Mobile firmware & hardware
SA515M
Mobile applications / Mobile firmware & hardware
SA6145P
Mobile applications / Mobile firmware & hardware
SA6150P
Mobile applications / Mobile firmware & hardware
SA6155
Mobile applications / Mobile firmware & hardware
SA8145P
Mobile applications / Mobile firmware & hardware
SA8150P
Mobile applications / Mobile firmware & hardware
SA8155
Mobile applications / Mobile firmware & hardware
SA8155P
Mobile applications / Mobile firmware & hardware
SA8195P
Mobile applications / Mobile firmware & hardware
SD8cxGen2
Mobile applications / Mobile firmware & hardware
SD8cxGen3
Mobile applications / Mobile firmware & hardware
SD429
Mobile applications / Mobile firmware & hardware
SD460
Mobile applications / Mobile firmware & hardware
SD480
Mobile applications / Mobile firmware & hardware
SD662
Mobile applications / Mobile firmware & hardware
SD680
Mobile applications / Mobile firmware & hardware
SD6905G
Mobile applications / Mobile firmware & hardware
SD750G
Mobile applications / Mobile firmware & hardware
SD765
Mobile applications / Mobile firmware & hardware
SD765G
Mobile applications / Mobile firmware & hardware
SD768G
Mobile applications / Mobile firmware & hardware
SD778G
Mobile applications / Mobile firmware & hardware
SD8655G
Mobile applications / Mobile firmware & hardware
SD870
Mobile applications / Mobile firmware & hardware
SD8885G
Mobile applications / Mobile firmware & hardware
SDA429W
Mobile applications / Mobile firmware & hardware
SDX55M
Mobile applications / Mobile firmware & hardware
SDX57M
Mobile applications / Mobile firmware & hardware
SDXR1
Mobile applications / Mobile firmware & hardware
SDXR25G
Mobile applications / Mobile firmware & hardware
SM6375
Mobile applications / Mobile firmware & hardware
SM7250P
Mobile applications / Mobile firmware & hardware
SM7325P
Mobile applications / Mobile firmware & hardware
SW5100
Mobile applications / Mobile firmware & hardware
SW5100P
Mobile applications / Mobile firmware & hardware
SXR2150P
Mobile applications / Mobile firmware & hardware
WCD9306
Mobile applications / Mobile firmware & hardware
WCD9360
Mobile applications / Mobile firmware & hardware
WCD9370
Mobile applications / Mobile firmware & hardware
WCD9375
Mobile applications / Mobile firmware & hardware
WCD9380
Mobile applications / Mobile firmware & hardware
WCD9385
Mobile applications / Mobile firmware & hardware
WCN3610
Mobile applications / Mobile firmware & hardware
WCN3620
Mobile applications / Mobile firmware & hardware
WCN3660B
Mobile applications / Mobile firmware & hardware
WCN3680B
Mobile applications / Mobile firmware & hardware
WCN3910
Mobile applications / Mobile firmware & hardware
WCN3950
Mobile applications / Mobile firmware & hardware
WCN3988
Mobile applications / Mobile firmware & hardware
WCN3991
Mobile applications / Mobile firmware & hardware
WCN3998
Mobile applications / Mobile firmware & hardware
WCN3999
Mobile applications / Mobile firmware & hardware
WCN6750
Mobile applications / Mobile firmware & hardware
WCN6850
Mobile applications / Mobile firmware & hardware
WCN6851
Mobile applications / Mobile firmware & hardware
WCN6855
Mobile applications / Mobile firmware & hardware
WCN6856
Mobile applications / Mobile firmware & hardware
WSA8830
Mobile applications / Mobile firmware & hardware
WSA8835
Mobile applications / Mobile firmware & hardware
MDM9150
Hardware solutions / Firmware
QCA6174A
Hardware solutions / Firmware
QCA6574AU
Hardware solutions / Firmware
QCA9377
Hardware solutions / Firmware
QCS405
Hardware solutions / Firmware
QCS605
Hardware solutions / Firmware
SA6155P
Hardware solutions / Firmware
SD665
Hardware solutions / Firmware
SD855
Hardware solutions / Firmware
SDM429W
Hardware solutions / Firmware
SDX24
Hardware solutions / Firmware
SDX55
Hardware solutions / Firmware

Vendor: Qualcomm

Description

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to improper access restrictions AC database after memory allocation in core subsystem. A local application can escalate privileges on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

AQT1000: All versions

AR8031: All versions

AR8035: All versions

CSR8811: All versions

CSRA6620: All versions

CSRA6640: All versions

CSRB31024: All versions

FSM10055: All versions

FSM10056: All versions

IPQ6000: All versions

IPQ6005: All versions

IPQ6010: All versions

IPQ6018: All versions

IPQ6028: All versions

MDM9150: All versions

MDM9205: All versions

QCA4004: All versions

QCA4024: All versions

QCA6174A: All versions

QCA6390: All versions

QCA6391: All versions

QCA6420: All versions

QCA6426: All versions

QCA6430: All versions

QCA6436: All versions

QCA6564: All versions

QCA6564A: All versions

QCA6564AU: All versions

QCA6574: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6595AU: All versions

QCA6696: All versions

QCA8072: All versions

QCA8075: All versions

QCA8081: All versions

QCA8337: All versions

QCA9377: All versions

QCA9984: All versions

QCM2290: All versions

QCM4290: All versions

QCM6125: All versions

QCM6490: All versions

QCN5021: All versions

QCN5022: All versions

QCN5052: All versions

QCN5121: All versions

QCN5122: All versions

QCN5152: All versions

QCN6023: All versions

QCN6024: All versions

QCN9000: All versions

QCN9011: All versions

QCN9012: All versions

QCN9022: All versions

QCN9024: All versions

QCN9070: All versions

QCN9072: All versions

QCN9074: All versions

QCS2290: All versions

QCS405: All versions

QCS410: All versions

QCS4290: All versions

QCS603: All versions

QCS605: All versions

QCS610: All versions

QCS6125: All versions

QCS6490: All versions

QCX315: All versions

QRB5165: All versions

QRB5165M: All versions

QRB5165N: All versions

QSM8250: All versions

SA4150P: All versions

SA4155P: All versions

SA415M: All versions

SA515M: All versions

SA6145P: All versions

SA6150P: All versions

SA6155: All versions

SA6155P: All versions

SA8145P: All versions

SA8150P: All versions

SA8155: All versions

SA8155P: All versions

SA8195P: All versions

SD8cxGen2: All versions

SD8cxGen3: All versions

SD429: All versions

SD460: All versions

SD480: All versions

SD662: All versions

SD665: All versions

SD680: All versions

SD6905G: All versions

SD750G: All versions

SD765: All versions

SD765G: All versions

SD768G: All versions

SD778G: All versions

SD855: All versions

SD8655G: All versions

SD870: All versions

SD8885G: All versions

SDA429W: All versions

SDM429W: All versions

SDX24: All versions

SDX55: All versions

SDX55M: All versions

SDX57M: All versions

SDXR1: All versions

SDXR25G: All versions

SM6375: All versions

SM7250P: All versions

SM7325P: All versions

SW5100: All versions

SW5100P: All versions

SXR2150P: All versions

WCD9306: All versions

WCD9360: All versions

WCD9370: All versions

WCD9375: All versions

WCD9380: All versions

WCD9385: All versions

WCN3610: All versions

WCN3620: All versions

WCN3660B: All versions

WCN3680B: All versions

WCN3910: All versions

WCN3950: All versions

WCN3988: All versions

WCN3991: All versions

WCN3998: All versions

WCN3999: All versions

WCN6750: All versions

WCN6850: All versions

WCN6851: All versions

WCN6855: All versions

WCN6856: All versions

WSA8830: All versions

WSA8835: All versions

CPE

External links
http://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability


Multiple vulnerabilities in Google Android
Multiple vulnerabilities in Qualcomm chipsets