2021-1970 | Qualcomm Snapdragon Auto FT out-of-bounds read
|CVSS Meta Temp Score||Current Exploit Price (≈)||CTI Interest Score|
A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music (Chip Software). It has been declared as problematic. This vulnerability affects an unknown functionality of the component FT Handler. The manipulation with an unknown input leads to a information disclosure vulnerability. The CWE definition for the vulnerability is CWE-125. As an impact it is known to affect confidentiality. CVE summarizes:
Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
The weakness was released 07/13/2021. The advisory is shared for download at qualcomm.com. This vulnerability was named CVE-2021-1970 since 12/08/2020. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 07/16/2021).
Upgrading eliminates this vulnerability.
VulDB Meta Base Score: 5.3
VulDB Meta Temp Score: 5.1
Status: Not defined
0-Day Time: 🔒
Upgrade your account now!