CVE-2021-35070

CVE Database · CVE-2021-35070

CVE-2021-35070

· MEDIUMModified

CVSS v3.1

6.5

EPSS

0.16%

Published

Jun 14, 2022

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Weaknesses (CWE)

CWE-200

Affected Products (18)

qualcomm · qcm6125_firmwarevulnerable

qualcomm · qcm6125

qualcomm · qcs6125_firmwarevulnerable

qualcomm · qcs6125

qualcomm · sd665_firmwarevulnerable

qualcomm · sd665

qualcomm · wcd9370_firmwarevulnerable

qualcomm · wcd9370

qualcomm · wcd9375_firmwarevulnerable

qualcomm · wcd9375

qualcomm · wcn3950_firmwarevulnerable

· wcn3950

References (2)

https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs