CVE-2021-35077

high-risk

Published 2022-02-11

Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Do I need to act?

0.09% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.4/10 High

LOCAL / LOW complexity

Affected Products (20)

Sa8150P Firmware

Sa8155P Firmware

Sa8195P Firmware

Sd 8 Gen1 5G Firmware

Sd460 Firmware

Sd480 Firmware

Sd662 Firmware

Sd690 5G Firmware

Sd750G Firmware

Sd765 Firmware

Sd765G Firmware

Sd768G Firmware

Sd778G Firmware

Sd780G Firmware

Sd865 5G Firmware

Sd870 Firmware

Sd888 Firmware

Sd888 5G Firmware

Sdx12 Firmware

Sdx55M Firmware

Affected Vendors

Qualcomm

References (2)

Patch https://www.qualcomm.com/company/product-security/bulletins/february-2022-bullet...

/ 100

high-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 28/34 · Critical