#VU63108 Information disclosure in Qualcomm products - CVE-2021-35080
Published: May 12, 2022 / Updated: May 12, 2022
Vulnerability identifier: #VU63108
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-35080
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
QCM2290
QCM4290
QCS2290
QCS4290
SD460
SD480
SD662
SD680
SD695
SM4125
SW5100
SW5100P
WCD9370
WCD9375
WCD9385
WCN3910
WCN3950
WCN3980
WCN3988
WCN3991
WCN3998
WSA8810
WSA8815
WSA8830
WSA8835
QCM2290
QCM4290
QCS2290
QCS4290
SD460
SD480
SD662
SD680
SD695
SM4125
SW5100
SW5100P
WCD9370
WCD9375
WCD9385
WCN3910
WCN3950
WCN3980
WCN3988
WCN3991
WCN3998
WSA8810
WSA8815
WSA8830
WSA8835
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local appliction to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in KERNEL component. A local appliction can gain unauthorized access to sensitive information on the system.
Remediation
Install updates from vendor's website.