Cybersecurity specialists report the detection of at least 28 vulnerabilities in Qualcomm chipsets. According to the report, the successful exploitation of the flaws would allow the deployment of severe attack scenarios.
Below are brief descriptions of some of these flaws, in addition to their respective tracking keys and scores assigned under the Common Vulnerability Scoring System (CVSS).
CVE-2021-30270: The flaw exists due to a NULL pointer dereference error in the chipsets’ kernel would allow local attackers to pass specially crafted data and run arbitrary code on the affected systems.
This is a high severity flaw and received a CVSS score of 7.3/10.
CVE-2021-30293: A reachable assertion in Modem would allow remote attackers to force a denial of service (DoS) condition on the affected systems.
This is a medium severity vulnerability and received a CVSS score of 6.5/10.
CVE-2021-30283: The improper handling of debug register trap from user applications would allow local attackers to pass specially crafted input to the affected chipsets, thus performing a DoS attack.
This is a low severity vulnerability and received a CVSS score of 6.6/10.
CVE-2021-30282: A boundary error in Core would allow local threat actors to trigger an out-of-bonds writing condition, which would lead to arbitrary code execution scenarios.
The flaw received a CVSS score of 7.3/10.
CVE-2021-30279: The improper access restrictions in Core could be abused by local users in order to bypass implemented security restrictions and gain unauthorized access to the affected application.
This is a low severity vulnerability and received a CVSS score of 6.8/10.
CVE-2021-30278: The improper input validation in Core would allow local attackers to gain unauthorized access to sensitive information on the vulnerable system.
The vulnerability received a CVSS score of 6.2/10.
CVE-2021-30274: An integer overflow in Core may allow local attackers to pass specially crafted data to the affected application aiming to run arbitrary code on the affected system.
This is a high severity vulnerability and received a CVSS score of 7.3/10.
CVE-2021-30273: A reachable assertion in Data Modem would allow remote malicious hackers to perform a DoS attack on the affected system.
This is a medium severity vulnerability and received a CVSS score of 6.5/10.
CVE-2021-30272: The flaw exists due to a NULL pointer dereference error in Kernel, which may allow local threat actors to gain access to arbitrary code execution running capabilities.
This is a low severity vulnerability and received a CVSS score of 7.3/10.
According to the report, these flaws reside in all versions of the following chipsets:
- APQ8009W
- APQ8017
- APQ8064AU
- APQ8096AU
- AR6003
- AR8031
- AR8035
- CSRA6620
- CSRA6640
- CSRB31024
- FSM10055
- FSM10056
- IPQ8070
- IPQ8070A
- IPQ8071
- IPQ8072
- IPQ8072A
- IPQ8074
- IPQ8074A
- IPQ8076A
- IPQ8078
- IPQ8078A
- MDM8207
- MDM8215
- MDM8215M
- MDM8615M
- MDM9150
- MDM9205
- MDM9206
- MDM9207
- MDM9215
- MDM9250
- MDM9310
- MDM9607
- MDM9615
- MDM9615M
- MDM9628
- MDM9640
- MDM9650
- MSM8909W
- MSM8996AU
- QCA2066
- QCA4004
- QCA6174A
- QCA6390
- QCA6391
- QCA6426
- QCA6428
- QCA6436
- QCA6438
- QCA6564
- QCA6564A
- QCA6564AU
- QCA6574
- QCA6574A
- QCA6574AU
- QCA6584
- QCA6584AU
- QCA6595AU
- QCA6696
- QCA8081
- QCA9367
- QCA9377
- QCA9889
- QCA9984
- QCM2290
- QCM4290
- QCM6490
- QCS2290
- QCS405
- QCS410
- QCS4290
- QCS603
- QCS605
- QCS610
- QCS6490
- QCX315
- QRB5165
- QRB5165N
- QSM8250
- QSW8573
- SA415M
- SA6145P
- SA6150P
- SA6155
- SA6155P
- SA8145P
- SA8150P
- SA8155
- SA8155P
- SA8195P
- SD 675
- SD 8CX
- SD205
- SD210
- SD429
- SD460
- SD480
- SD662
- SD665
- SD675
- SD678
- SD690 5G
- SD720G
- SD730
- SD750G
- SD765
- SD765G
- SD768G
- SD778G
- SD780G
- SD7c
- SD850
- SD865 5G
- SD870
- SD888
- SD888 5G
- SDA429W
- SDM429W
- SDW2500
- SDX12
- SDX20
- SDX24
- SDX55
- SDX55M
- SDXR1
- SDXR2 5G
- SM6225
- SM6250
- SM6250P
- SM6375
- SM7250P
- SM7315
- SM7325P
- WCD9306
- WCD9330
- WCD9370
- WCD9375
- WCD9380
- WCD9385
- WCN3610
- WCN3620
- WCN3910
- WCN3950
- WCN3988
- WCN3991
- WCN3999
- WCN6740
- WCN6750
- WCN6850
- WCN6851
- WCN6855
- WCN6856
- WSA8830
- WSA8835
Most of these flaws are considered to be of low severity and do not pose a significant risk to administrators of affected deployments. However, Qualcomm recommends installing all available patches as soon as possible. The full list of reported flaws is available at Qualcomm official platforms.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.