Main Vulnerability Database Vulnerabilities #VU64032

#VU64032 Cryptographic issues - CVE-2021-35113

Published: June 7, 2022 / Updated: August 2, 2022

Vulnerability identifier: #VU64032

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-35113

CWE-ID: CWE-310

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:

Software vendor:

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper order of signature verification and hashing in the signature verification call. An attacker with physical access can bypass authentication on the system.

Remediation

Install updates from vendor's website.

External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2022-bulletin.html