CVE-2021-35095 — HIGH (8.4)

Vulnerability Description

Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qualcomm	Ar8035 Firmware	-
Qualcomm	Ar8035	-
Qualcomm	Qca8081 Firmware	-
Qualcomm	Qca8081	-
Qualcomm	Qca8337 Firmware	-
Qualcomm	Qca8337	-
Qualcomm	Sd 8 Gen1 5G Firmware	-
Qualcomm	Sm8475	-
Qualcomm	Sdx65 Firmware	-
Qualcomm	Sdx65	-
Qualcomm	Wcd9380 Firmware	-
Qualcomm	Wcd9380	-
Qualcomm	Wcn6855 Firmware	-
Qualcomm	Wcn6855	-
Qualcomm	Wcn6856 Firmware	-
Qualcomm	Wcn6856	-
Qualcomm	Wsa8830 Firmware	-
Qualcomm	Wsa8830	-
Qualcomm	Wsa8835 Firmware	-
Qualcomm	Wsa8835	-

Related Weaknesses (CWE)

CWE-502

References

https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletinPatchVendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletinPatchVendor Advisory

FAQ

What is CVE-2021-35095?

CVE-2021-35095 is a vulnerability with a CVSS score of 8.4 (HIGH). Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobil...

How severe is CVE-2021-35095?

CVE-2021-35095 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-35095?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Ar8035 Firmware, Qualcomm Ar8035, Qualcomm Qca8081 Firmware, Qualcomm Qca8081, Qualcomm Qca8337 Firmware.