CVE-2021-1965

critical-risk

Published 2021-07-13

Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Do I need to act?

27.5% chance of exploitation in next 30 days

EPSS score — higher than 73% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Aqt1000 Firmware

Ar9380 Firmware

Csr8811 Firmware

Ipq4018 Firmware

Ipq4019 Firmware

Ipq4028 Firmware

Ipq4029 Firmware

Ipq5010 Firmware

Ipq5018 Firmware

Ipq5028 Firmware

Ipq6000 Firmware

Ipq6005 Firmware

Ipq6010 Firmware

Ipq6018 Firmware

Ipq6028 Firmware

Ipq8064 Firmware

Ipq8065 Firmware

Ipq8068 Firmware

Ipq8070 Firmware

Ipq8070A Firmware

Affected Vendors

Qualcomm

References (2)

Patch https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 15/34 · Moderate

Exposure 31/34 · Critical