CVE-2021-1918

MEDIUM

Qualcomm Qca6391 Firmware - Exposure to Wrong Actor

Title source: rule

Description

Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

References (1)

[Vendor Advisory] https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 13.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Classification

CWE

CWE-668

Status published

Affected Products (30)

qualcomm/qca6391_firmware

qualcomm/qcm6490_firmware

qualcomm/qcs6490_firmware

qualcomm/qrb5165_firmware

qualcomm/qrb5165n_firmware

qualcomm/sd690_5g_firmware

qualcomm/sd750g_firmware

qualcomm/sd765_firmware

qualcomm/sd765g_firmware

qualcomm/sd768g_firmware

qualcomm/sd778g_firmware

qualcomm/sd888_5g_firmware

qualcomm/sm7250p_firmware

qualcomm/sm7325p_firmware

qualcomm/wcd9370_firmware

... and 15 more

Timeline

Published Jan 03, 2022

Tracked Since Feb 18, 2026