Vulnerability identifier: #VU71899
Vulnerability risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-367
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
APQ8009
Hardware solutions /
Firmware
APQ8017
Hardware solutions /
Firmware
APQ8053
Hardware solutions /
Firmware
APQ8096AU
Hardware solutions /
Firmware
MDM9206
Hardware solutions /
Firmware
MDM9607
Hardware solutions /
Firmware
MDM9640
Hardware solutions /
Firmware
MDM9650
Hardware solutions /
Firmware
MSM8909W
Hardware solutions /
Firmware
MSM8937
Hardware solutions /
Firmware
MSM8996AU
Hardware solutions /
Firmware
QCA6174A
Hardware solutions /
Firmware
QCA6574AU
Hardware solutions /
Firmware
QCA9377
Hardware solutions /
Firmware
QCA9379
Hardware solutions /
Firmware
SD205
Hardware solutions /
Firmware
SD210
Hardware solutions /
Firmware
SDX20
Hardware solutions /
Firmware
APQ8009W
Mobile applications /
Mobile firmware & hardware
APQ8076
Mobile applications /
Mobile firmware & hardware
CSR6030
Mobile applications /
Mobile firmware & hardware
MDM9230
Mobile applications /
Mobile firmware & hardware
MDM9250
Mobile applications /
Mobile firmware & hardware
MDM9330
Mobile applications /
Mobile firmware & hardware
MDM9626
Mobile applications /
Mobile firmware & hardware
MDM9628
Mobile applications /
Mobile firmware & hardware
MDM9630
Mobile applications /
Mobile firmware & hardware
MDM9655
Mobile applications /
Mobile firmware & hardware
PM215
Mobile applications /
Mobile firmware & hardware
PM439
Mobile applications /
Mobile firmware & hardware
PM660
Mobile applications /
Mobile firmware & hardware
PM8004
Mobile applications /
Mobile firmware & hardware
PM8909
Mobile applications /
Mobile firmware & hardware
PM8916
Mobile applications /
Mobile firmware & hardware
PM8937
Mobile applications /
Mobile firmware & hardware
PM8952
Mobile applications /
Mobile firmware & hardware
PM8953
Mobile applications /
Mobile firmware & hardware
PM8956
Mobile applications /
Mobile firmware & hardware
PM8996
Mobile applications /
Mobile firmware & hardware
PMD9607
Mobile applications /
Mobile firmware & hardware
PMD9635
Mobile applications /
Mobile firmware & hardware
PMD9645
Mobile applications /
Mobile firmware & hardware
PMD9655
Mobile applications /
Mobile firmware & hardware
PMI632
Mobile applications /
Mobile firmware & hardware
PMI8937
Mobile applications /
Mobile firmware & hardware
PMI8952
Mobile applications /
Mobile firmware & hardware
PMI8994
Mobile applications /
Mobile firmware & hardware
PMI8996
Mobile applications /
Mobile firmware & hardware
PMK8001
Mobile applications /
Mobile firmware & hardware
PMM8996AU
Mobile applications /
Mobile firmware & hardware
PMX20
Mobile applications /
Mobile firmware & hardware
QCA4020
Mobile applications /
Mobile firmware & hardware
QCA6174
Mobile applications /
Mobile firmware & hardware
QCA6564A
Mobile applications /
Mobile firmware & hardware
QCA6564AU
Mobile applications /
Mobile firmware & hardware
QCA6574A
Mobile applications /
Mobile firmware & hardware
QCA6584
Mobile applications /
Mobile firmware & hardware
QCA9367
Mobile applications /
Mobile firmware & hardware
QCC1110
Mobile applications /
Mobile firmware & hardware
QCC112
Mobile applications /
Mobile firmware & hardware
QET4100
Mobile applications /
Mobile firmware & hardware
QET4101
Mobile applications /
Mobile firmware & hardware
QET4200AQ
Mobile applications /
Mobile firmware & hardware
QFE1035
Mobile applications /
Mobile firmware & hardware
QFE1040
Mobile applications /
Mobile firmware & hardware
QFE1045
Mobile applications /
Mobile firmware & hardware
QFE2340
Mobile applications /
Mobile firmware & hardware
QFE2550
Mobile applications /
Mobile firmware & hardware
QFE3100
Mobile applications /
Mobile firmware & hardware
QFE3320
Mobile applications /
Mobile firmware & hardware
QFE3335
Mobile applications /
Mobile firmware & hardware
QFE3345
Mobile applications /
Mobile firmware & hardware
QLN1021AQ
Mobile applications /
Mobile firmware & hardware
QLN1030
Mobile applications /
Mobile firmware & hardware
QLN1031
Mobile applications /
Mobile firmware & hardware
QLN1036AQ
Mobile applications /
Mobile firmware & hardware
QSW8573
Mobile applications /
Mobile firmware & hardware
QTC801S
Mobile applications /
Mobile firmware & hardware
Qualcomm215
Mobile applications /
Mobile firmware & hardware
RGR7640AU
Mobile applications /
Mobile firmware & hardware
SD439
Mobile applications /
Mobile firmware & hardware
SD820
Mobile applications /
Mobile firmware & hardware
SDW2500
Mobile applications /
Mobile firmware & hardware
SDW3100
Mobile applications /
Mobile firmware & hardware
SDX20M
Mobile applications /
Mobile firmware & hardware
SMB1350
Mobile applications /
Mobile firmware & hardware
SMB1351
Mobile applications /
Mobile firmware & hardware
SMB1355
Mobile applications /
Mobile firmware & hardware
SMB1357
Mobile applications /
Mobile firmware & hardware
SMB1358
Mobile applications /
Mobile firmware & hardware
SMB1360
Mobile applications /
Mobile firmware & hardware
SMB231
Mobile applications /
Mobile firmware & hardware
SMB358S
Mobile applications /
Mobile firmware & hardware
WCD9306
Mobile applications /
Mobile firmware & hardware
WCD9326
Mobile applications /
Mobile firmware & hardware
WCD9330
Mobile applications /
Mobile firmware & hardware
WCD9335
Mobile applications /
Mobile firmware & hardware
WCN3610
Mobile applications /
Mobile firmware & hardware
WCN3615
Mobile applications /
Mobile firmware & hardware
WCN3620
Mobile applications /
Mobile firmware & hardware
WCN3660B
Mobile applications /
Mobile firmware & hardware
WCN3680
Mobile applications /
Mobile firmware & hardware
WCN3680B
Mobile applications /
Mobile firmware & hardware
WGR7640
Mobile applications /
Mobile firmware & hardware
WSA8810
Mobile applications /
Mobile firmware & hardware
WSA8815
Mobile applications /
Mobile firmware & hardware
WTR2955
Mobile applications /
Mobile firmware & hardware
WTR2965
Mobile applications /
Mobile firmware & hardware
WTR3905
Mobile applications /
Mobile firmware & hardware
WTR3925
Mobile applications /
Mobile firmware & hardware
WTR4905
Mobile applications /
Mobile firmware & hardware
WTR5975
Mobile applications /
Mobile firmware & hardware
Vendor: Qualcomm
Description
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation in Boot. A local application can gain access to sensitive information.
Mitigation
Install security update from vendor's website.
Vulnerable software versions
APQ8009: All versions
APQ8009W: All versions
APQ8017: All versions
APQ8053: All versions
APQ8076: All versions
APQ8096AU: All versions
CSR6030: All versions
MDM9206: All versions
MDM9230: All versions
MDM9250: All versions
MDM9330: All versions
MDM9607: All versions
MDM9626: All versions
MDM9628: All versions
MDM9630: All versions
MDM9640: All versions
MDM9650: All versions
MDM9655: All versions
MSM8909W: All versions
MSM8937: All versions
MSM8996AU: All versions
PM215: All versions
PM439: All versions
PM660: All versions
PM8004: All versions
PM8909: All versions
PM8916: All versions
PM8937: All versions
PM8952: All versions
PM8953: All versions
PM8956: All versions
PM8996: All versions
PMD9607: All versions
PMD9635: All versions
PMD9645: All versions
PMD9655: All versions
PMI632: All versions
PMI8937: All versions
PMI8952: All versions
PMI8994: All versions
PMI8996: All versions
PMK8001: All versions
PMM8996AU: All versions
PMX20: All versions
QCA4020: All versions
QCA6174: All versions
QCA6174A: All versions
QCA6564A: All versions
QCA6564AU: All versions
QCA6574A: All versions
QCA6574AU: All versions
QCA6584: All versions
QCA9367: All versions
QCA9377: All versions
QCA9379: All versions
QCC1110: All versions
QCC112: All versions
QET4100: All versions
QET4101: All versions
QET4200AQ: All versions
QFE1035: All versions
QFE1040: All versions
QFE1045: All versions
QFE2340: All versions
QFE2550: All versions
QFE3100: All versions
QFE3320: All versions
QFE3335: All versions
QFE3345: All versions
QLN1021AQ: All versions
QLN1030: All versions
QLN1031: All versions
QLN1036AQ: All versions
QSW8573: All versions
QTC801S: All versions
Qualcomm215: All versions
RGR7640AU: All versions
SD205: All versions
SD210: All versions
SD439: All versions
SD820: All versions
SDW2500: All versions
SDW3100: All versions
SDX20: All versions
SDX20M: All versions
SMB1350: All versions
SMB1351: All versions
SMB1355: All versions
SMB1357: All versions
SMB1358: All versions
SMB1360: All versions
SMB231: All versions
SMB358S: All versions
WCD9306: All versions
WCD9326: All versions
WCD9330: All versions
WCD9335: All versions
WCN3610: All versions
WCN3615: All versions
WCN3620: All versions
WCN3660B: All versions
WCN3680: All versions
WCN3680B: All versions
WGR7640: All versions
WSA8810: All versions
WSA8815: All versions
WTR2955: All versions
WTR2965: All versions
WTR3905: All versions
WTR3925: All versions
WTR4905: All versions
WTR5975: All versions
External links
http://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.