CVE-2021-1899
MEDIUMCVSS 4.6/10EPSS 0.14%
Last modified
CVE-2021-1899 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables. EPSS estimates a 0.14% chance of exploitation in the next 30 days.
Description
Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Apq8009w Firmware | All versions |
| Qualcomm | Aqt1000 Firmware | All versions |
| Qualcomm | Msm8909w Firmware | All versions |
| Qualcomm | Qca4020 Firmware | All versions |
| Qualcomm | Qca6174a Firmware | All versions |
| Qualcomm | Qca6420 Firmware | All versions |
| Qualcomm | Qca6430 Firmware | All versions |
| Qualcomm | Qca9379 Firmware | All versions |
| Qualcomm | Qualcomm215 Firmware | All versions |
| Qualcomm | Sd 675 Firmware | All versions |
| Qualcomm | Sd205 Firmware | All versions |
| Qualcomm | Sd210 Firmware | All versions |
| Qualcomm | Sd675 Firmware | All versions |
| Qualcomm | Sd678 Firmware | All versions |
| Qualcomm | Sd720g Firmware | All versions |
| Qualcomm | Sd730 Firmware | All versions |
| Qualcomm | Sd855 Firmware | All versions |
| Qualcomm | Sda429w Firmware | All versions |
| Qualcomm | Sdm429w Firmware | All versions |
| Qualcomm | Sdx50m Firmware | All versions |
| Qualcomm | Sdx55 Firmware | All versions |
| Qualcomm | Sdx55m Firmware | All versions |
| Qualcomm | Sm6250 Firmware | All versions |
| Qualcomm | Wcd9326 Firmware | All versions |
| Qualcomm | Wcd9341 Firmware | All versions |
| Qualcomm | Wcd9370 Firmware | All versions |
| Qualcomm | Wcd9375 Firmware | All versions |
| Qualcomm | Wcd9380 Firmware | All versions |
| Qualcomm | Wcn3610 Firmware | All versions |
| Qualcomm | Wcn3615 Firmware | All versions |
| Qualcomm | Wcn3620 Firmware | All versions |
| Qualcomm | Wcn3660b Firmware | All versions |
| Qualcomm | Wcn3680 Firmware | All versions |
| Qualcomm | Wcn3680b Firmware | All versions |
| Qualcomm | Wcn3950 Firmware | All versions |
| Qualcomm | Wcn3980 Firmware | All versions |
| Qualcomm | Wcn3988 Firmware | All versions |
| Qualcomm | Wcn3991 Firmware | All versions |
| Qualcomm | Wcn3998 Firmware | All versions |
| Qualcomm | Wsa8810 Firmware | All versions |
| Qualcomm | Wsa8815 Firmware | All versions |
References
- https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletinPatch, Vendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletinPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-1899?
Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
How severe is CVE-2021-1899?
CVE-2021-1899 has a CVSS score of 4.6/10 (MEDIUM severity). The EPSS model estimates a 0.14% probability of exploitation in the next 30 days.
How do I fix CVE-2021-1899?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2021-1899?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST