Details of VAR-202109-0390

ID

VAR-202109-0390

CVE

CVE-2021-1933

TITLE

plural Qualcomm Array index validation vulnerability in product

Trust: 0.8

sources: JVNDB: JVNDB-2021-011587

DESCRIPTION

UE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables. plural Qualcomm The product contains an array index validation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.25

sources: NVD: CVE-2021-1933 // JVNDB: JVNDB-2021-011587 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1933

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sc8180x\+sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd678	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	whs9410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd730	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9377	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6174a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9380	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd712	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	aqt1000	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9370	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 8cx	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6310	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 8c	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8920	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8815	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs4290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6564au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx50m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6584au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9360	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdxr1	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9375	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6390	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3991	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd720g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3950	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm4290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6430	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6696	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 455	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3910	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9340	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 675	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9371	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8940	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csrb31024	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6420	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa415m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd665	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6335	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs603	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6250p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3620	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3988	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qualcomm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	aqt1000	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6174a	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6310	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	csrb31024	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8953	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8917	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8940	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	msm8920	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-011587 // NVD: CVE-2021-1933

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-1933
value:	CRITICAL
Trust: 1.8
product-security@qualcomm.com:	CVE-2021-1933
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202109-247
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-1933
value:	HIGH
Trust: 0.1

NVD:
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2021-1933
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9

NVD:
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-011587
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-1933 // JVNDB: JVNDB-2021-011587 // NVD: CVE-2021-1933 // NVD: CVE-2021-1933 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-247

PROBLEMTYPE DATA

problemtype:	CWE-129	Trust: 1.0
problemtype:	Improper validation of array indexes (CWE-129) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-011587 // NVD: CVE-2021-1933

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: NVD: CVE-2021-1933

PATCH

title:	September 2021 Security Bulletin	url:	https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2021-bulletin.html	Trust: 0.8
title:	Qualcomm chip Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=162170	Trust: 0.6

sources: JVNDB: JVNDB-2021-011587 // CNNVD: CNNVD-202109-247

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1933	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-011587	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021090616	Trust: 0.6
db:	CNNVD	id:	CNNVD-202109-247	Trust: 0.6
db:	VULMON	id:	CVE-2021-1933	Trust: 0.1

sources: VULMON: CVE-2021-1933 // JVNDB: JVNDB-2021-011587 // NVD: CVE-2021-1933 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-247

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/september-2021-bulletin	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1933	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-september-2021-36342	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021090616	Trust: 0.6
url:	https://source.android.com/security/bulletin/2021-09-01	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/129.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-1933 // JVNDB: JVNDB-2021-011587 // NVD: CVE-2021-1933 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202109-247

SOURCES

db:	VULMON	id:	CVE-2021-1933
db:	JVNDB	id:	JVNDB-2021-011587
db:	NVD	id:	CVE-2021-1933
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202109-247

LAST UPDATE DATE

2023-12-18T10:44:31.147000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-1933	date:	2021-09-21T00:00:00
db:	JVNDB	id:	JVNDB-2021-011587	date:	2022-08-05T06:39:00
db:	NVD	id:	CVE-2021-1933	date:	2021-09-21T17:54:44.227
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202109-247	date:	2021-09-13T00:00:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-1933	date:	2021-09-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-011587	date:	2022-08-05T00:00:00
db:	NVD	id:	CVE-2021-1933	date:	2021-09-09T08:15:16.197
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202109-247	date:	2021-09-06T00:00:00