Reachable Assertion in Qualcomm Hardware solutions

#VU64039 Reachable Assertion in Qualcomm Hardware solutions

Published: 2022-06-07

Vulnerability identifier: #VU64039

Vulnerability risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35101

CWE-ID: CWE-617

Exploitation vector: Local

Exploit availability: No

Vendor: Qualcomm

Description

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of writes to virtual GICR control in Kernel. A local attacker can cause assertion failure in the hypervisor and perform a denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

AQT1000: All versions

QCA6390: All versions

QCA6391: All versions

QCA6420: All versions

QCA6421: All versions

QCA6426: All versions

QCA6430: All versions

QCA6431: All versions

QCA6436: All versions

SA8540P: All versions

SA9000P: All versions

SD 8CX: All versions

SD 8cx Gen2: All versions

SD865 5G: All versions

SD870: All versions

SD888 5G: All versions

SDX55M: All versions

SDXR2 5G: All versions

WCD9340: All versions

WCD9341: All versions

WCD9380: All versions

WCN3998: All versions

WSA8810: All versions

WSA8815: All versions

External links
http://docs.qualcomm.com/product/publicresources/securitybulletin/june-2022-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Qualcomm chipsets