CVE-2021-35078

HIGH

Snapdragon - Memory Corruption

Title source: llm

Description

Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

References (1)

[Vendor Advisory] https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

Scores

CVSS v3 7.5

EPSS 0.0072

EPSS Percentile 72.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-401

Status published

Affected Products (50)

qualcomm/aqt1000_firmware

qualcomm/ar8035_firmware

qualcomm/csrb31024_firmware

qualcomm/qca6174a_firmware

qualcomm/qca6390_firmware

qualcomm/qca6391_firmware

qualcomm/qca6420_firmware

qualcomm/qca6421_firmware

qualcomm/qca6426_firmware

qualcomm/qca6430_firmware

qualcomm/qca6431_firmware

qualcomm/qca6436_firmware

qualcomm/qca6564au_firmware

qualcomm/qca6574a_firmware

qualcomm/qca6574au_firmware

... and 35 more

Timeline

Published Jun 14, 2022

Tracked Since Feb 18, 2026