CVE-2021-1924

high-risk

Published 2021-11-12

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.0/10 Critical

LOCAL / LOW complexity

Affected Products (20)

Apq8009 Firmware

Apq8009W Firmware

Apq8016 Firmware

Apq8017 Firmware

Apq8037 Firmware

Apq8052 Firmware

Apq8056 Firmware

Apq8062 Firmware

Apq8064Au Firmware

Apq8076 Firmware

Apq8084 Firmware

Apq8096Au Firmware

Ar3012 Firmware

Ar7420 Firmware

Ar8031 Firmware

Ar8035 Firmware

Ar9380 Firmware

Ar9580 Firmware

Csr6030 Firmware

Csr8811 Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/november-2021-bullet...

/ 100

high-risk

Severity 27/34 · High

Exploitability 0/34 · Minimal

Exposure 33/34 · Critical