Cryptographic issues in Qualcomm Mobile applications

#VU64031 Cryptographic issues in Qualcomm Mobile applications

Published: 2022-06-07 | Updated: 2022-08-02

Vulnerability identifier: #VU64031

Vulnerability risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35097

CWE-ID: CWE-310

Exploitation vector: Local

Exploit availability: No

Vendor: Qualcomm

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper order of signature verification and hashing in the signature verification call. An attacker with physical access can bypass authentication on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

WCN3991: All versions

WCN3998: All versions

WCN3999: All versions

WCN6740: All versions

WCN6750: All versions

WCN6850: All versions

WCN6851: All versions

WCN6855: All versions

WCN6856: All versions

WCN7850: All versions

WCN7851: All versions

WSA8810: All versions

WSA8815: All versions

WSA8830: All versions

WSA8835: All versions

External links
http://docs.qualcomm.com/product/publicresources/securitybulletin/august-2022-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Google Android

Multiple vulnerabilities in Qualcomm chipsets