CVE-2021-1905
Last modified
CVE-2021-1905 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. CISA has confirmed active exploitation in the wild. EPSS estimates a 1.15% chance of exploitation in the next 30 days.
Description
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Apq8009 Firmware | All versions |
| Qualcomm | Apq8009w Firmware | All versions |
| Qualcomm | Apq8017 Firmware | All versions |
| Qualcomm | Apq8053 Firmware | All versions |
| Qualcomm | Apq8064au Firmware | All versions |
| Qualcomm | Apq8096au Firmware | All versions |
| Qualcomm | Aqt1000 Firmware | All versions |
| Qualcomm | Ar8031 Firmware | All versions |
| Qualcomm | Ar8035 Firmware | All versions |
| Qualcomm | Ar8151 Firmware | All versions |
| Qualcomm | Csra6620 Firmware | All versions |
| Qualcomm | Csra6640 Firmware | All versions |
| Qualcomm | Fsm10055 Firmware | All versions |
| Qualcomm | Fsm10056 Firmware | All versions |
| Qualcomm | Mdm9206 Firmware | All versions |
| Qualcomm | Mdm9607 Firmware | All versions |
| Qualcomm | Mdm9626 Firmware | All versions |
| Qualcomm | Mdm9628 Firmware | All versions |
| Qualcomm | Mdm9650 Firmware | All versions |
| Qualcomm | Msm8909w Firmware | All versions |
| Qualcomm | Msm8917 Firmware | All versions |
| Qualcomm | Msm8953 Firmware | All versions |
| Qualcomm | Msm8996au Firmware | All versions |
| Qualcomm | Pm215 Firmware | All versions |
| Qualcomm | Pm3003a Firmware | All versions |
| Qualcomm | Pm4125 Firmware | All versions |
| Qualcomm | Pm4250 Firmware | All versions |
| Qualcomm | Pm439 Firmware | All versions |
| Qualcomm | Pm456 Firmware | All versions |
| Qualcomm | Pm6125 Firmware | All versions |
| Qualcomm | Pm6150 Firmware | All versions |
| Qualcomm | Pm6150a Firmware | All versions |
| Qualcomm | Pm6150l Firmware | All versions |
| Qualcomm | Pm6250 Firmware | All versions |
| Qualcomm | Pm6350 Firmware | All versions |
| Qualcomm | Pm640a Firmware | All versions |
| Qualcomm | Pm640l Firmware | All versions |
| Qualcomm | Pm640p Firmware | All versions |
| Qualcomm | Pm660 Firmware | All versions |
| Qualcomm | Pm660a Firmware | All versions |
| Qualcomm | Pm660l Firmware | All versions |
| Qualcomm | Pm670 Firmware | All versions |
| Qualcomm | Pm670a Firmware | All versions |
| Qualcomm | Pm670l Firmware | All versions |
| Qualcomm | Pm7150a Firmware | All versions |
| Qualcomm | Pm7150l Firmware | All versions |
| Qualcomm | Pm7250 Firmware | All versions |
| Qualcomm | Pm7250b Firmware | All versions |
| Qualcomm | Pm8004 Firmware | All versions |
| Qualcomm | Pm8005 Firmware | All versions |
Showing 50 of 396 affected configurations. See NVD for the full list.
References
- https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletinPatch, Vendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletinPatch, Vendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1905US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2021-1905?
How severe is CVE-2021-1905?
How do I fix CVE-2021-1905?
Are you affected by CVE-2021-1905?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST