CVE-2021-1958

moderate-risk

Published 2021-09-09

A race condition in fastrpc kernel driver for dynamic process creation can lead to use after free scenario in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Qca6574A Firmware

Qca6574Au Firmware

Qca6595 Firmware

Qca6595Au Firmware

Qca6696 Firmware

Sa6145P Firmware

Sa6150P Firmware

Sa6155P Firmware

Sa8145P Firmware

Sa8150P Firmware

Sa8155 Firmware

Sa8155P Firmware

Sa8195P Firmware

Sd480 Firmware

Sd778G Firmware

Sd780G Firmware

Sd888 5G Firmware

Sda429W Firmware

Sm7325 Firmware

Wcd9341 Firmware

Affected Vendors

Qualcomm

References (2)

Patch https://www.qualcomm.com/company/product-security/bulletins/september-2021-bulle...

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 24/34 · High