cvelist/2021/30xxx/CVE-2021-30268.json

{
   "CVE_data_meta": {
      "ASSIGNER": "product-security@qualcomm.com",
      "ID": "CVE-2021-30268",
      "STATE": "PUBLIC"
   },
   "affects": {
      "vendor": {
         "vendor_data": [
            {
               "product": {
                  "product_data": [
                     {
                        "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
                        "version": {
                           "version_data": [
                              {
                                 "version_value": "APQ8009W, APQ8017, APQ8096AU, AQT1000, AR6003, AR8035, CSRB31024, FSM10055, FSM10056, MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9205, MDM9206, MDM9207, MDM9215, MDM9250, MDM9310, MDM9607, MDM9615, MDM9615M, MDM9628, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA4004, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595AU, QCA6696, QCA8081, QCA8337, QCA9367, QCA9377, QCM2290, QCM4290, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QCX315, QET4101, QSW8573, Qualcomm215, SA415M, SA515M, SD 675, SD 8CX, SD205, SD210, SD429, SD460, SD480, SD660, SD662, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SDA429W, SDM429W, SDW2500, SDX12, SDX20, SDX24, SDX55, SDX55M, SDX65, SDXR1, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, SM8450, SM8450P, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name": "Qualcomm, Inc."
            }
         ]
      }
   },
   "data_format": "MITRE",
   "data_type": "CVE",
   "data_version": "4.0",
   "description": {
      "description_data": [
         {
            "lang": "eng",
            "value": "Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
         }
      ]
   },
   "impact": {
      "cvss": {
         "baseScore": 7.8,
         "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
         "version": "3.1"
      }
   },
   "problemtype": {
      "problemtype_data": [
         {
            "description": [
               {
                  "lang": "eng",
                  "value": "Buffer Copy Without Checking Size of Input in Modem"
               }
            ]
         }
      ]
   },
   "references": {
      "reference_data": [
         {
            "name": "https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin",
            "refsource": "CONFIRM",
            "url": "https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin"
         }
      ]
   }
}