CVE-2021-1901

Name of the Vulnerable Software and Affected Versions: Snapdragon Consumer IOT (affected versions not specified) Snapdragon Industrial IOT (affected versions not specified) Snapdragon Mobile (affected versions not specified) Snapdragon Voice & Music (affected versions not specified) Snapdragon Wearables (affected versions not specified)

Description: The issue is related to a possible buffer over-read due to a lack of length check while flashing meta images. This affects various Snapdragon products, including Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables.

Recommendations: For Snapdragon Consumer IOT, restrict access to meta image flashing until a fix is available. For Snapdragon Industrial IOT, consider disabling meta image flashing functionality as a temporary workaround. For Snapdragon Mobile, avoid using meta image flashing until the issue is resolved. For Snapdragon Voice & Music, limit access to meta image flashing to minimize the risk of exploitation. For Snapdragon Wearables, as a temporary measure, refrain from flashing meta images until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.