CVE-2021-35134 — HIGH (8.4)

Vulnerability Description

Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qualcomm	Qca6391 Firmware	-
Qualcomm	Qca6391	-
Qualcomm	Qcm6490 Firmware	-
Qualcomm	Qcm6490	-
Qualcomm	Qcs6490 Firmware	-
Qualcomm	Qcs6490	-
Qualcomm	Qsm8350 Firmware	-
Qualcomm	Qsm8350	-
Qualcomm	Sd 8 Gen1 5G Firmware	-
Qualcomm	Sm8475	-
Qualcomm	Sd778G Firmware	-
Qualcomm	Sd778G	-
Qualcomm	Sd780G Firmware	-
Qualcomm	Sd780G	-
Qualcomm	Sd888 Firmware	-
Qualcomm	Sd888	-
Qualcomm	Sd888 5G Firmware	-
Qualcomm	Sd888 5G	-
Qualcomm	Sm7315 Firmware	-
Qualcomm	Sm7315	-

Related Weaknesses (CWE)

CWE-131

References

https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletinVendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/august-2022-bulletinVendor Advisory

FAQ

What is CVE-2021-35134?

CVE-2021-35134 is a vulnerability with a CVSS score of 8.4 (HIGH). Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon ...

How severe is CVE-2021-35134?

CVE-2021-35134 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-35134?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Qca6391 Firmware, Qualcomm Qca6391, Qualcomm Qcm6490 Firmware, Qualcomm Qcm6490, Qualcomm Qcs6490 Firmware.