CVE-2021-1892

high-risk

Published 2021-04-07

Memory corruption due to improper input validation while processing IO control which is nonstandard in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Wired Infrastructure and Networking

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.4/10 High

LOCAL / LOW complexity

Affected Products (20)

Aqt1000 Firmware

Pm8005 Firmware

Pm855 Firmware

Pm855P Firmware

Pm8998 Firmware

Pmi8998 Firmware

Qat3550 Firmware

Qca1062 Firmware

Qca1064 Firmware

Qca2066 Firmware

Qca6164 Firmware

Qca6174 Firmware

Qca6174A Firmware

Qca6310 Firmware

Qca6335 Firmware

Qca6391 Firmware

Qca6420 Firmware

Qca6430 Firmware

Qca6595Au Firmware

Qca9377 Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

/ 100

high-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 26/34 · High