CVE-2021-35090

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions (affected versions not specified) Qualcomm Snapdragon Compute versions (affected versions not specified) Qualcomm Snapdragon Connectivity versions (affected versions not specified) Qualcomm Snapdragon Industrial IOT versions (affected versions not specified) Qualcomm Snapdragon Mobile versions (affected versions not specified)

Description The issue is related to a potential hypervisor memory corruption due to a Time-of-Check to Time-of-Use (TOC TOU) race condition when updating address mappings. This is also described as a vulnerability in the kernel of Qualcomm's embedded software, associated with synchronization errors when using a shared resource. Exploitation of this issue may allow an attacker to execute arbitrary code.

Recommendations For Qualcomm Snapdragon Auto, update to a version that includes the fix for the synchronization errors. For Qualcomm Snapdragon Compute, update to a version that includes the fix for the synchronization errors. For Qualcomm Snapdragon Connectivity, update to a version that includes the fix for the synchronization errors. For Qualcomm Snapdragon Industrial IOT, update to a version that includes the fix for the synchronization errors. For Qualcomm Snapdragon Mobile, update to a version that includes the fix for the synchronization errors. As a temporary workaround, consider restricting access to shared resources to minimize the risk of exploitation.