CVE-2021-35126 — HIGH (8.4)

Vulnerability Description

Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qualcomm	Qam8295P Firmware	-
Qualcomm	Qam8295P	-
Qualcomm	Qca6391 Firmware	-
Qualcomm	Qca6391	-
Qualcomm	Qca6696 Firmware	-
Qualcomm	Qca6696	-
Qualcomm	Qcm6490 Firmware	-
Qualcomm	Qcm6490	-
Qualcomm	Qcs6490 Firmware	-
Qualcomm	Qcs6490	-
Qualcomm	Sa8295P Firmware	-
Qualcomm	Sa8295P	-
Qualcomm	Sd 8 Gen1 5G Firmware	-
Qualcomm	Sm8475	-
Qualcomm	Sd 8Cx Gen3 Firmware	-
Qualcomm	Sd 8Cx Gen3	-
Qualcomm	Sd778G Firmware	-
Qualcomm	Sd778G	-
Qualcomm	Sd780G Firmware	-
Qualcomm	Sd780G	-

Related Weaknesses (CWE)

CWE-129

References

https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletinVendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletinVendor Advisory

FAQ

What is CVE-2021-35126?

CVE-2021-35126 is a vulnerability with a CVSS score of 8.4 (HIGH). Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

How severe is CVE-2021-35126?

CVE-2021-35126 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-35126?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Qam8295P Firmware, Qualcomm Qam8295P, Qualcomm Qca6391 Firmware, Qualcomm Qca6391, Qualcomm Qca6696 Firmware.