CVE-2021-30336

HIGH

Qualcomm Qca6390 Firmware - Out-of-Bounds Read

Title source: rule

Description

Possible out of bound read due to lack of domain input validation while processing APK close session request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Wearables

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin

Scores

CVSS v3 8.4

EPSS 0.0003

EPSS Percentile 9.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-125

Status published

Products (50)

qualcomm/qca6390_firmware

qualcomm/qca6391_firmware

qualcomm/qca6574_firmware

qualcomm/qca6574a_firmware

qualcomm/qca6574au_firmware

qualcomm/qca6595au_firmware

qualcomm/qca6696_firmware

qualcomm/qcm2290_firmware

qualcomm/qcm4290_firmware

qualcomm/qcm6490_firmware

... and 40 more

Published Jan 03, 2022

Tracked Since Feb 18, 2026