SB2021120708 - Multiple vulnerabilities in Qualcomm chipsets
Published: December 7, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 28 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2021-30270)
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to a NULL pointer dereference error in Kernel. A local attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
2) Reachable Assertion (CVE-ID: CVE-2021-30293)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in Modem. A remote attacker can cause a denial of service condition on the target system.
3) Detection of Error Condition Without Action (CVE-ID: CVE-2021-30283)
The vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper handling of debug register trap from user applications. A local attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
4) Improper Validation of Array Index (CVE-ID: CVE-2021-30282)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in Core. A local attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
5) Improper access control (CVE-ID: CVE-2021-30279)
The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Core. A local user can bypass implemented security restrictions and gain unauthorized access to the application.
6) Information disclosure (CVE-ID: CVE-2021-30278)
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to improper input validation in Core. A local attacker can gain unauthorized access to sensitive information on the system.
7) Integer overflow (CVE-ID: CVE-2021-30274)
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Core. A local attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Reachable Assertion (CVE-ID: CVE-2021-30273)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in Data Modem. A remote attacker can cause a denial of service condition on the target system.
9) NULL pointer dereference (CVE-ID: CVE-2021-30272)
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to a NULL pointer dereference error in Kernel. A local attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
10) NULL pointer dereference (CVE-ID: CVE-2021-30271)
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to a NULL pointer dereference error in Kernel. A local attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
11) NULL pointer dereference (CVE-ID: CVE-2021-30269)
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to a NULL pointer dereference error in Kernel. A local attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
12) Buffer overflow (CVE-ID: CVE-2021-30351)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Audio. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Information disclosure (CVE-ID: CVE-2021-1918)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Kernel. A local user can gain unauthorized access to sensitive information on the system.
14) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2021-1894)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in TrustZone, which leads to security restrictions bypass and privilege escalation.
15) Integer overflow (CVE-ID: CVE-2020-11263)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Core. A local administrator can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Improper access control (CVE-ID: CVE-2021-30276)
The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in Core. A local attacker can bypass implemented security restrictions and gain unauthorized access to the application.
17) Integer overflow (CVE-ID: CVE-2021-30275)
The vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Core. A local attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
18) Buffer overflow (CVE-ID: CVE-2021-35093)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in Bluetooth Controller Firmware. A remote attacker on the local network can trigger memory corruption and cause a denial of service condition on the target system.
19) Resource exhaustion (CVE-ID: CVE-2021-30348)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in Bluetooth. A remote attacker on the local network can trigger resource exhaustion and perform a denial of service (DoS) attack.
20) Buffer overflow (CVE-ID: CVE-2021-30298)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in DIAG Services. A local administrator can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
21) Use-after-free (CVE-ID: CVE-2021-30337)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in DSP Services. A local attacker can execute arbitrary code on the target system.
22) Reachable Assertion (CVE-ID: CVE-2021-30335)
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to a reachable assertion in DSP Services. A local attacker can execute arbitrary code on the target system.
23) Detection of Error Condition Without Action (CVE-ID: CVE-2021-30289)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error while processing a DIAG command for COEX management in Modem. A local user can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) Buffer overflow (CVE-ID: CVE-2021-30268)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Modem. A local user can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
25) Integer overflow (CVE-ID: CVE-2021-30267)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in Modem. A local user can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
26) Stack-based buffer overflow (CVE-ID: CVE-2021-30303)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WLAN. A local user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
27) Buffer overflow (CVE-ID: CVE-2021-30336)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in DSP Services. A local user can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
28) Use-after-free (CVE-ID: CVE-2021-30262)
The vulnerability allows a local attacker to execute arbitrary code on the system.
The vulnerability exists due to a NULL pointer dereference error in Modem. A local attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.