#VU64032 Cryptographic issues - CVE-2021-35113

Cybersecurity Help s.r.o.

Published: 2022-06-07 | Updated: 2022-08-02

Vulnerability identifier: #VU64032

Vulnerability risk: Low

CVSSv4.0: 3.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-35113

CWE-ID: CWE-310

Exploitation vector: Local

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper order of signature verification and hashing in the signature verification call. An attacker with physical access can bypass authentication on the system.

Mitigation
Install updates from vendor's website.

External links
https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2022-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Google Android

Multiple vulnerabilities in Qualcomm chipsets