Skip to main content

Apq8009W Firmware CVE-2021-1947

HIGH
Use After Free (CWE-416)
2021-09-17 product-security@qualcomm.com
Use After Free Qualcomm Memory Corruption Information Disclosure Apq8009W Firmware Apq8053 Firmware Ar9380 Firmware Ipq8064 Firmware Ipq8065 Firmware Ipq8068 Firmware Ipq8069 Firmware Msm8909W Firmware Msm8953 Firmware Qca6320 Firmware Qca6390 Firmware Qca6391 Firmware Qca6426 Firmware Qca8337 Firmware Qca9531 Firmware Qca9558 Firmware Qca9561 Firmware Qca9563 Firmware Qca9880 Firmware Qca9882 Firmware Qca9886 Firmware Qca9887 Firmware Qca9888 Firmware Qca9889 Firmware Qca9896 Firmware Qca9898 Firmware Qca9980 Firmware Qca9982 Firmware Qca9984 Firmware Qca9990 Firmware Qca9992 Firmware Qca9994 Firmware Qcm2290 Firmware Qcm4290 Firmware Qcm6125 Firmware Qcs2290 Firmware Qcs4290 Firmware Qcs6125 Firmware Qet4101 Firmware Qrb5165 Firmware Qsw8573 Firmware Sd429 Firmware Sd460 Firmware Sd660 Firmware Sd662 Firmware Sd665 Firmware Sd690 5G Firmware Sd750G Firmware Sd765 Firmware Sd765G Firmware Sd768G Firmware Sd855 Firmware Sd865 5g Firmware Sd870 Firmware Sda429W Firmware Sdm429w Firmware Sdm830 Firmware Sdx55 Firmware Sdx55M Firmware Sm4125 Firmware Sm7250 Firmware Wcd9326 Firmware Wcd9335 Firmware Wcd9340 Firmware Wcd9341 Firmware Wcd9370 Firmware Wcd9375 Firmware Wcd9380 Firmware Wcd9385 Firmware Wcn3610 Firmware Wcn3615 Firmware Wcn3620 Firmware Wcn3660b Firmware Wcn3680b Firmware Wcn3910 Firmware Wcn3950 Firmware Wcn3980 Firmware Wcn3988 Firmware Wcn3990 Firmware Wcn3991 Firmware Wcn3998 Firmware Wcn6850 Firmware Wcn6851 Firmware Wsa8810 Firmware Wsa8815 Firmware Wsa8830 Firmware Wsa8835 Firmware
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 17, 2021 - 07:15 nvd
HIGH 7.8

DescriptionNVD

Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

AnalysisAI

Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Technical ContextAI

This vulnerability is classified as Use After Free (CWE-416), which allows attackers to access freed memory to execute arbitrary code or crash the application. Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Affected products include: Qualcomm Apq8009W Firmware, Qualcomm Apq8053 Firmware, Qualcomm Ar9380 Firmware, Qualcomm Ipq8064 Firmware, Qualcomm Ipq8065 Firmware.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use smart pointers or garbage-collected languages. Set pointers to NULL after freeing. Enable memory sanitizers.

CVE-2022-25720 CRITICAL
9.8 Oct 19

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute

CVE-2022-25718 CRITICAL
9.8 Oct 19

Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Sna

CVE-2022-25687 CRITICAL
9.8 Oct 19

memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdr

CVE-2022-25688 CRITICAL
9.8 Sep 16

Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, S

CVE-2022-25668 CRITICAL
9.8 Sep 02

Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snap

CVE-2022-25659 CRITICAL
9.8 Sep 02

Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon

CVE-2022-25658 CRITICAL
9.8 Sep 02

Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function

CVE-2022-22087 CRITICAL
9.8 Jun 14

memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdra

CVE-2022-22086 CRITICAL
9.8 Jun 14

Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Sn

CVE-2021-1975 CRITICAL
9.8 Nov 12

Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdra

CVE-2021-1976 CRITICAL
9.8 Sep 17

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snap

CVE-2021-1972 CRITICAL
9.8 Sep 08

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Com

Share

CVE-2021-1947 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy