#VU61874 Buffer overflow in Qualcomm products - CVE-2021-35129
Published: April 5, 2022 / Updated: April 5, 2022
Vulnerability identifier: #VU61874
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-35129
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
AR8035
IPQ5010
IPQ5018
IPQ5028
QCA2062
QCA2064
QCA2065
QCA2066
QCA6391
QCA8081
QCA8337
QCC710
QCM6490
QCN6023
QCN6024
QCN6100
QCN6102
QCN6112
QCN6122
QCN9000
QCN9012
QCN9022
QCN9024
QCN9070
QCN9072
QCN9074
QCN9100
QCS6490
SD8Gen15G
SD8cxGen3
SD8885G
SDX65
WCD9370
WCD9375
WCD9380
WCD9385
WCN6750
WCN6850
WCN6851
WCN6855
WCN6856
WSA8830
WSA8835
QCN6132
SD888
AR8035
IPQ5010
IPQ5018
IPQ5028
QCA2062
QCA2064
QCA2065
QCA2066
QCA6391
QCA8081
QCA8337
QCC710
QCM6490
QCN6023
QCN6024
QCN6100
QCN6102
QCN6112
QCN6122
QCN9000
QCN9012
QCN9022
QCN9024
QCN9070
QCN9072
QCN9074
QCN9100
QCS6490
SD8Gen15G
SD8cxGen3
SD8885G
SDX65
WCD9370
WCD9375
WCD9380
WCD9385
WCN6750
WCN6850
WCN6851
WCN6855
WCN6856
WSA8830
WSA8835
QCN6132
SD888
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a boundary error within the BT Controller. A local application can trigger memory corruption and escalate privileges on the system.
Remediation
Install updates from vendor's website.