CVE-2021-35079
MEDIUMQualcomm APQ8053 and Multiple Snapdragon Firmware - Information Disclosure via Telephony Service API
Title source: llmDescription
Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin
Scores
CVSS v3
6.2
EPSS
0.0013
EPSS Percentile
2.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-281
Status
published
Products (50)
qualcomm/apq8053_firmware
qualcomm/aqt1000_firmware
qualcomm/msm8953_firmware
qualcomm/qca6390_firmware
qualcomm/qca6391_firmware
qualcomm/qca6420_firmware
qualcomm/qca6426_firmware
qualcomm/qca6430_firmware
qualcomm/qca6436_firmware
qualcomm/qcm4290_firmware
... and 40 more
Published
Jun 14, 2022
Tracked Since
Feb 18, 2026