CVE-2021-1899

MEDIUM

Qualcomm Firmware - Out-of-bounds Read via Meta Image Flashing

Title source: llm
STIX 2.1

Description

Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

References (1)

Core 1
Core References

Scores

CVSS v3 4.6
EPSS 0.0014
EPSS Percentile 3.8%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-125
Status published
Products (41)
qualcomm/apq8009w_firmware
qualcomm/aqt1000_firmware
qualcomm/msm8909w_firmware
qualcomm/qca4020_firmware
qualcomm/qca6174a_firmware
qualcomm/qca6420_firmware
qualcomm/qca6430_firmware
qualcomm/qca9379_firmware
qualcomm/qualcomm215_firmware
qualcomm/sd205_firmware
... and 31 more
Published Jul 13, 2021
Tracked Since Feb 18, 2026