#VU58560 Buffer overflow in Qualcomm products - CVE-2021-30298 

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Vulnerabilities #VU58560

#VU58560 Buffer overflow in Qualcomm products - CVE-2021-30298

Published: December 7, 2021


Vulnerability identifier: #VU58560
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-30298
CWE-ID: CWE-119
Exploitation vector: Local access
Exploit availability: No public exploit available
Vulnerable software:
AR8031
AR8035
CSRA6620
CSRA6640
FSM10055
FSM10056
IPQ8072A
IPQ8074A
IPQ8076A
QCA6390
QCA6391
QCA6595AU
QCA6696
QCA8337
QCN9000
QCN9074
QCS410
QCS610
QRB5165
QRB5165N
Qualcomm215
SA8155P
SD460
SD662
SD765
SD765G
SD768G
SD865 5G
SD870
SDA429W
SDX55M
SM7250P
WCD9335
WCD9340
WCD9341
WCD9370
WCD9375
WCD9380
WCD9385
WCN3610
WCN3620
WCN3660B
WCN3950
WCN3980
WCN3988
WCN3991
WCN3998
WCN3999
WCN6850
WCN6851
WSA8810
WSA8815
WSA8830
WSA8835
MDM9150
QCA6574AU
QCS405
SD205
SD210
SD665
SDX55
Software vendor:
Qualcomm

Description

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in DIAG Services. A local administrator can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install updates from vendor's website.

External links