Vulnerability Description
Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Ar8035 Firmware | - |
| Qualcomm | Ar8035 | - |
| Qualcomm | Qca6390 Firmware | - |
| Qualcomm | Qca6390 | - |
| Qualcomm | Qca6391 Firmware | - |
| Qualcomm | Qca6391 | - |
| Qualcomm | Qca6421 Firmware | - |
| Qualcomm | Qca6421 | - |
| Qualcomm | Qca6426 Firmware | - |
| Qualcomm | Qca6426 | - |
| Qualcomm | Qca6431 Firmware | - |
| Qualcomm | Qca6431 | - |
| Qualcomm | Qca6436 Firmware | - |
| Qualcomm | Qca6436 | - |
| Qualcomm | Qca6574A Firmware | - |
| Qualcomm | Qca6574A | - |
| Qualcomm | Qca6574Au Firmware | - |
| Qualcomm | Qca6574Au | - |
| Qualcomm | Qca6595Au Firmware | - |
| Qualcomm | Qca6595Au | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/june-2022-bulletinVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/june-2022-bulletinVendor Advisory
FAQ
What is CVE-2021-35102?
CVE-2021-35102 is a vulnerability with a CVSS score of 7.8 (HIGH). Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile
How severe is CVE-2021-35102?
CVE-2021-35102 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35102?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Ar8035 Firmware, Qualcomm Ar8035, Qualcomm Qca6390 Firmware, Qualcomm Qca6390, Qualcomm Qca6391 Firmware.