CVE-2021-35116
HIGHQualcomm APQ8009 and related firmware - Remote Code Execution via Crafted Model Loading
Title source: llmDescription
APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin
Scores
CVSS v3
7.7
EPSS
0.0010
EPSS Percentile
26.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (50)
qualcomm/apq8009_firmware
qualcomm/apq8009w_firmware
qualcomm/apq8096au_firmware
qualcomm/aqt1000_firmware
qualcomm/csrb31024_firmware
qualcomm/mdm9607_firmware
qualcomm/mdm9626_firmware
qualcomm/mdm9628_firmware
qualcomm/mdm9640_firmware
qualcomm/msm8909w_firmware
... and 40 more
Published
Jun 14, 2022
Tracked Since
Feb 18, 2026