PT-2022-10400 · Qualcomm · Snapdragon Mobile+4
Published
2022-06-14
·
Updated
2022-06-22
·
CVE-2021-35079
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Snapdragon Compute (affected versions not specified)
Snapdragon Connectivity (affected versions not specified)
Snapdragon Consumer IOT (affected versions not specified)
Snapdragon Industrial IOT (affected versions not specified)
Snapdragon Mobile (affected versions not specified)
Description
The issue is related to improper validation of permissions for third-party applications accessing the Telephony service API, which can lead to information disclosure.
Recommendations
For Snapdragon Compute, update to a version that includes proper permission validation for third-party applications accessing the Telephony service API.
For Snapdragon Connectivity, update to a version that includes proper permission validation for third-party applications accessing the Telephony service API.
For Snapdragon Consumer IOT, update to a version that includes proper permission validation for third-party applications accessing the Telephony service API.
For Snapdragon Industrial IOT, update to a version that includes proper permission validation for third-party applications accessing the Telephony service API.
For Snapdragon Mobile, update to a version that includes proper permission validation for third-party applications accessing the Telephony service API.
Fix
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer Iot
Snapdragon Industrial Iot
Snapdragon Mobile