#VU61873 Improper access control in Qualcomm products - CVE-2021-35070
Vulnerability identifier: #VU61873
Vulnerability risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-35070
CWE-ID:
CWE-284
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
QCM6125
Mobile applications /
Mobile firmware & hardware
QCS6125
Mobile applications /
Mobile firmware & hardware
WCD9370
Mobile applications /
Mobile firmware & hardware
WCD9375
Mobile applications /
Mobile firmware & hardware
WCN3950
Mobile applications /
Mobile firmware & hardware
WCN3980
Mobile applications /
Mobile firmware & hardware
WSA8810
Mobile applications /
Mobile firmware & hardware
WSA8815
Mobile applications /
Mobile firmware & hardware
SD665
Hardware solutions /
Firmware
Vendor: Qualcomm
Description
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in kernel component due to improper SMMU configuration. A local application can gain access to sensitive information.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
QCM6125: All versions
QCS6125: All versions
SD665: All versions
WCD9370: All versions
WCD9375: All versions
WCN3950: All versions
WCN3980: All versions
WSA8810: All versions
WSA8815: All versions
External links
https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
