CVE-2021-35116

high-risk

Published 2022-06-14

APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.7/10 High

LOCAL / LOW complexity

Affected Products (20)

Apq8009 Firmware

Apq8009W Firmware

Apq8096Au Firmware

Aqt1000 Firmware

Csrb31024 Firmware

Mdm9607 Firmware

Mdm9626 Firmware

Mdm9628 Firmware

Mdm9640 Firmware

Msm8909W Firmware

Msm8937 Firmware

Msm8996Au Firmware

Pm8937 Firmware

Qca6174A Firmware

Qca6310 Firmware

Qca6320 Firmware

Qca6390 Firmware

Qca6391 Firmware

Qca6420 Firmware

Qca6430 Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

/ 100

high-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 31/34 · Critical