CVE-2021-1888

HIGH

Qualcomm Apq8017 Firmware - Double Free

Title source: rule

Description

Memory corruption in key parsing and import function due to double freeing the same heap allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables

References (1)

[Vendor Advisory] https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin

Scores

CVSS v3 8.4

EPSS 0.0004

EPSS Percentile 11.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (50)

qualcomm/apq8017_firmware

qualcomm/apq8037_firmware

qualcomm/apq8053_firmware

qualcomm/apq8064au_firmware

qualcomm/apq8096au_firmware

qualcomm/aqt1000_firmware

qualcomm/ar8031_firmware

qualcomm/ar8035_firmware

qualcomm/csra6620_firmware

qualcomm/csra6640_firmware

qualcomm/fsm10055_firmware

qualcomm/fsm10056_firmware

qualcomm/mdm9205_firmware

qualcomm/mdm9640_firmware

qualcomm/mdm9650_firmware

... and 35 more

Timeline

Published Jul 13, 2021

Tracked Since Feb 18, 2026