Vulnerability Description
Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Apq8053 Firmware | - |
| Qualcomm | Apq8053 | - |
| Qualcomm | Aqt1000 Firmware | - |
| Qualcomm | Aqt1000 | - |
| Qualcomm | Msm8953 Firmware | - |
| Qualcomm | Msm8953 | - |
| Qualcomm | Qca6390 Firmware | - |
| Qualcomm | Qca6390 | - |
| Qualcomm | Qca6391 Firmware | - |
| Qualcomm | Qca6391 | - |
| Qualcomm | Qca6420 Firmware | - |
| Qualcomm | Qca6420 | - |
| Qualcomm | Qca6426 Firmware | - |
| Qualcomm | Qca6426 | - |
| Qualcomm | Qca6430 Firmware | - |
| Qualcomm | Qca6430 | - |
| Qualcomm | Qca6436 Firmware | - |
| Qualcomm | Qca6436 | - |
| Qualcomm | Qcm4290 Firmware | - |
| Qualcomm | Qcm4290 | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletinVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletinVendor Advisory
FAQ
What is CVE-2021-35079?
CVE-2021-35079 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IO...
How severe is CVE-2021-35079?
CVE-2021-35079 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35079?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Apq8053 Firmware, Qualcomm Apq8053, Qualcomm Aqt1000 Firmware, Qualcomm Aqt1000, Qualcomm Msm8953 Firmware.