CVE-2021-30351

Name of the Vulnerable Software and Affected Versions Snapdragon Auto (affected versions not specified) Snapdragon Compute (affected versions not specified) Snapdragon Connectivity (affected versions not specified) Snapdragon Consumer IOT (affected versions not specified) Snapdragon Industrial IOT (affected versions not specified) Snapdragon Mobile (affected versions not specified) Snapdragon Voice & Music (affected versions not specified) Snapdragon Wearables (affected versions not specified) Snapdragon Wired Infrastructure and Networking (affected versions not specified)

Description An out of bound memory access can occur due to improper validation of the number of frames being passed during music playback. This issue affects various Snapdragon components, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables, and Wired Infrastructure and Networking. The vulnerability may allow a remote attacker to gain unlimited access to memory.

Recommendations For Snapdragon Auto, update to a version that includes proper validation of the number of frames passed during music playback. For Snapdragon Compute, update to a version that includes proper validation of the number of frames passed during music playback. For Snapdragon Connectivity, update to a version that includes proper validation of the number of frames passed during music playback. For Snapdragon Consumer IOT, update to a version that includes proper validation of the number of frames passed during music playback. For Snapdragon Industrial IOT, update to a version that includes proper validation of the number of frames passed during music playback. For Snapdragon Mobile, update to a version that includes proper validation of the number of frames passed during music playback. For Snapdragon Voice & Music, update to a version that includes proper validation of the number of frames passed during music playback. For Snapdragon Wearables, update to a version that includes proper validation of the number of frames passed during music playback. For Snapdragon Wired Infrastructure and Networking, update to a version that includes proper validation of the number of frames passed during music playback. As a temporary workaround, consider disabling music playback functionality until a patch is available. Restrict access to the vulnerable components to minimize the risk of exploitation. Avoid using the affected Snapdragon components for music playback until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.