SB2021110303 - Multiple vulnerabilities in Qualcomm chipsets
Published: November 3, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 18 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2021-30321)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to lack of parameter length check during MBSSID scan IE parse. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Untrusted Pointer Dereference (CVE-ID: CVE-2021-1973)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to untrusted pointer dereference error in RFA. A local user can trigger pointer dereference and execute arbitrary code on the target system.
3) Use-after-free (CVE-ID: CVE-2021-30264)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due improper validation of reference from call back to internal store table in Modem. A local administrator can trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
4) Improper Authorization (CVE-ID: CVE-2021-1903)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to lack of length check on Channel Switch Announcement IE in beacon or probe response frame. A remote attacker can perform a denial of service (DoS) attack.
5) Input validation error (CVE-ID: CVE-2021-30259)
The vulnerability allows a local user to execute arbitrary code on the system.
The vulnerability exists due to improper validation of function table entries in Audio. A local user can pass specially crafted input to the application and execute arbitrary code on the target system.
6) Improper Validation of Array Index (CVE-ID: CVE-2021-30255)
The vulnerability allows a local user to compromise the affected system.
The vulnerability exists due to improper input validation in PDM DIAG command in FTM. A local user can send specially crafted data to the system, trigger memory corruption and execute arbitrary code on the system.
7) Improper Validation of Array Index (CVE-ID: CVE-2021-30254)
The vulnerability allows a local user to compromise the affected system.
The vulnerability exists due to improper input validation in factory calibration and test DIAG command in Modem. A local user can send specially crafted data to the system, trigger memory corruption and execute arbitrary code on the system.
8) Stack-based buffer overflow (CVE-ID: CVE-2021-1979)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in RFA Tools. A local user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Use-after-free (CVE-ID: CVE-2021-30266)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to improper memory validation when initializing new interface via Interface add command. A local administrator can trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
10) Information disclosure (CVE-ID: CVE-2021-30265)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper validation of memory address while processing user-space IOCTL for clearing Filter and Route statistics. A local administrator can gain unauthorized access to sensitive information on the system.
11) Cryptographic issues (CVE-ID: CVE-2021-1924)
The vulnerability allows a local attacker to comrpomise the target system.
The vulnerability exists due to cryptographic issues through timing and power side-channels during mod exponentiation for RSA-CRT. A local attacker can gain access to sensitive information on the system.
12) Buffer overflow (CVE-ID: CVE-2021-1975)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper length check of domain while parsing the DNS response. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Integer overflow (CVE-ID: CVE-2021-1912)
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper length check while calculating count and grace period in Trust Zone. A local attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2021-1921)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to Improper handling of hypervisor unmap operations for concurrent memory operations. A local user can send a specially crafted data and execute arbitrary code on the target system.
15) Out-of-bounds read (CVE-ID: CVE-2021-1981)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper IE size check of Bearer capability IE in MT setup request from network. A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the system.
16) Reachable Assertion (CVE-ID: CVE-2021-1982)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation of received NAS OTA message. A remote attacker can cause a denial of service condition on the target system.
17) Information disclosure (CVE-ID: CVE-2021-30284)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to NAS not dropping messages when integrity check fails. A remote attacker can gain unauthorized access to sensitive information on the system.
18) Use-after-free (CVE-ID: CVE-2021-30263)
The vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to lack of synchronization mechanism when On-Device Logging node open twice concurrently. A local administrator can trigger use-after-free error and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.