PT-2021-5096 · Qualcomm · Qualcomm Snapdragon Industrial Iot+5
Published
2021-11-01
·
Updated
2021-11-16
·
CVE-2021-1979
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Qualcomm Snapdragon Auto versions prior to the fixed version
Qualcomm Snapdragon Compute versions prior to the fixed version
Qualcomm Snapdragon Connectivity versions prior to the fixed version
Qualcomm Snapdragon Consumer IOT versions prior to the fixed version
Qualcomm Snapdragon Industrial IOT versions prior to the fixed version
Qualcomm Snapdragon Mobile versions prior to the fixed version
Description
The issue is caused by a buffer overflow due to improper validation of the FTM command payload. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations
For Qualcomm Snapdragon Auto, update to a version that includes the fix for this issue.
For Qualcomm Snapdragon Compute, update to a version that includes the fix for this issue.
For Qualcomm Snapdragon Connectivity, update to a version that includes the fix for this issue.
For Qualcomm Snapdragon Consumer IOT, update to a version that includes the fix for this issue.
For Qualcomm Snapdragon Industrial IOT, update to a version that includes the fix for this issue.
For Qualcomm Snapdragon Mobile, update to a version that includes the fix for this issue.
Fix
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qualcomm Snapdragon Auto
Qualcomm Snapdragon Compute
Qualcomm Snapdragon Connectivity
Qualcomm Snapdragon Consumer Iot
Qualcomm Snapdragon Industrial Iot
Qualcomm Snapdragon Mobile