#VU63108 Information disclosure in Qualcomm products - CVE-2021-35080

Cybersecurity Help s.r.o.

Published: 2022-05-12

Vulnerability identifier: #VU63108

Vulnerability risk: Medium

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-35080

CWE-ID: CWE-200

Exploitation vector: Local

Exploit availability: No

Vendor: Qualcomm

Description

The vulnerability allows a local appliction to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in KERNEL component. A local appliction can gain unauthorized access to sensitive information on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

QCM2290: All versions

QCM4290: All versions

QCS2290: All versions

QCS4290: All versions

SD460: All versions

SD480: All versions

SD662: All versions

SD680: All versions

SD695: All versions

SM4125: All versions

SW5100: All versions

SW5100P: All versions

WCD9370: All versions

WCD9375: All versions

WCD9385: All versions

WCN3910: All versions

WCN3950: All versions

WCN3980: All versions

WCN3988: All versions

WCN3991: All versions

WCN3998: All versions

WSA8810: All versions

WSA8815: All versions

WSA8830: All versions

WSA8835: All versions

External links
https://docs.qualcomm.com/bundle/publicresource/HD-10000-1/topics/may-2022-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Qualcomm chipsets