CVE-2021-30327

high-risk

Published 2022-06-14

Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute, Snapdragon Auto, Snapdragon IOT, Snapdragon Connectivity, Snapdragon Voice & Music

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

PHYSICAL / LOW complexity

Affected Products (20)

Apq8097 Firmware

Apq8098 Firmware

Ipq6000 Firmware

Ipq6005 Firmware

Ipq6010 Firmware

Ipq6018 Firmware

Ipq6028 Firmware

Mdm9205 Firmware

Msm8997 Firmware

Msm8998 Firmware

Qca6595 Firmware

Qca6595Au Firmware

Qcn7605 Firmware

Qcn7605W Firmware

Qcn7606 Firmware

Qcn7606W Firmware

Qcs401 Firmware

Qcs402 Firmware

Qcs403 Firmware

Qcs404 Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin

/ 100

high-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 28/34 · Critical