CVE-2021-35095

HIGH

Snapdragon Connectivity - Snapdragon Mobile - Use After Free

Title source: llm

Description

Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile

References (1)

[Patch, Vendor Advisory] https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin

Scores

CVSS v3 8.4

EPSS 0.0003

EPSS Percentile 9.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (10)

qualcomm/ar8035_firmware

qualcomm/qca8081_firmware

qualcomm/qca8337_firmware

qualcomm/sd_8_gen1_5g_firmware

qualcomm/sdx65_firmware

qualcomm/wcd9380_firmware

qualcomm/wcn6855_firmware

qualcomm/wcn6856_firmware

qualcomm/wsa8830_firmware

qualcomm/wsa8835_firmware

Timeline

Published Jun 14, 2022

Tracked Since Feb 18, 2026