Details of VAR-202206-0427

ID

VAR-202206-0427

CVE

CVE-2021-35118

TITLE

Qualcomm Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202206-620

DESCRIPTION

An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Trust: 0.99

sources: NVD: CVE-2021-35118 // VULMON: CVE-2021-35118

IOT TAXONOMY

category:	['other device', 'embedded device']	sub_category:	SoC	Trust: 0.1
category:	['other device', 'embedded device']	sub_category:	general	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sdx65	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs603	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd765g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd780g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn7850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6391	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs2290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd680	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8810	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9385	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9375	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7250p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3615	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6851	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs410	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd765	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm2290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csra6640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6426	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9335	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8815	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	aqt1000	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3991	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdxr2 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8337	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm4290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3620	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd750g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm4125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8832	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd870	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9341	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8830	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9326	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs4290	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3980	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ar8031	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn7851	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9370	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3680	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd662	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3660b	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa515m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6855	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wsa8835	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6420	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcd9380	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm6490	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6856	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3990	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qualcomm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd480	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3950	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs6125	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6595au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8475p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3999	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd460	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qrb5165	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd865 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd690 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qrb5165n	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ar8035	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3988	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd888 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn3910	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 8 gen1 5g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qrb5165m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6750	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	csra6620	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs6490	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	wcn6740	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6436	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6390	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8475	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd768g	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6430	scope:	eq	version:	-	Trust: 1.0

sources: NVD: CVE-2021-35118

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-35118
value:	MEDIUM
Trust: 1.0
product-security@qualcomm.com:	CVE-2021-35118
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202206-620
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-35118
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

nvd@nist.gov:	CVE-2021-35118
baseSeverity:	MEDIUM
baseScore:	6.7
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.8
impactScore:	5.9
version:	3.1
Trust: 2.0

sources: CNNVD: CNNVD-202206-620 // NVD: CVE-2021-35118 // NVD: CVE-2021-35118

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.0

sources: NVD: CVE-2021-35118

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202206-620

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202206-620

PATCH

title:

Qualcomm Buffer error vulnerability fix

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=197232

Trust: 0.6

sources: CNNVD: CNNVD-202206-620

EXTERNAL IDS

db:	NVD	id:	CVE-2021-35118	Trust: 1.8
db:	CS-HELP	id:	SB2022060720	Trust: 0.6
db:	CNNVD	id:	CNNVD-202206-620	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2021-35118	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-35118 // CNNVD: CNNVD-202206-620 // NVD: CVE-2021-35118

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/june-2022-bulletin	Trust: 1.7
url:	https://www.cybersecurity-help.cz/vdb/sb2022060720	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2021-35118/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-june-2022-38508	Trust: 0.6
url:	https://source.android.com/security/bulletin/pixel/2022-06-01	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2021-35118 // CNNVD: CNNVD-202206-620 // NVD: CVE-2021-35118

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2021-35118
db:	CNNVD	id:	CNNVD-202206-620
db:	NVD	id:	CVE-2021-35118

LAST UPDATE DATE

2025-01-30T19:35:56.619000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-35118	date:	2022-06-14T00:00:00
db:	CNNVD	id:	CNNVD-202206-620	date:	2022-06-30T00:00:00
db:	NVD	id:	CVE-2021-35118	date:	2023-04-19T17:10:55.030

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-35118	date:	2022-06-14T00:00:00
db:	CNNVD	id:	CNNVD-202206-620	date:	2022-06-06T00:00:00
db:	NVD	id:	CVE-2021-35118	date:	2022-06-14T10:15:17.307