CVE-2021-35126

moderate-risk

Published 2022-06-14

Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.4/10 High

LOCAL / LOW complexity

Affected Products (20)

Qam8295P Firmware

Qca6391 Firmware

Qca6696 Firmware

Qcm6490 Firmware

Qcs6490 Firmware

Sa8295P Firmware

Sd 8 Gen1 5G Firmware

Sd 8Cx Gen3 Firmware

Sd778G Firmware

Sd780G Firmware

Sd888 Firmware

Sd888 5G Firmware

Sm7315 Firmware

Sm7325P Firmware

Wcd9370 Firmware

Wcd9375 Firmware

Wcd9380 Firmware

Wcd9385 Firmware

Wcn6740 Firmware

Wcn6750 Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 21/34 · High