Vulnerabilities > CVE-2021-30279 - Improper Preservation of Permissions vulnerability in Qualcomm products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

qualcomm

CWE-281

NVD

Published: 2022-01-03

Updated: 2022-01-12

Summary

Possible access control violation while setting current permission for VMIDs due to improper permission masking in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Ar8035 Firmware - Qualcomm Qca6390 Firmware - Qualcomm Qca6391 Firmware - Qualcomm Qca6426 Firmware - Qualcomm Qca6436 Firmware - Qualcomm Qca8337 Firmware - Qualcomm Qca9984 Firmware - Qualcomm Qcm2290 Firmware - Qualcomm Qcm4290 Firmware - Qualcomm Qcm6490 Firmware - Qualcomm Qcs2290 Firmware - Qualcomm Qcs405 Firmware - Qualcomm Qcs4290 Firmware - Qualcomm Qcs6490 Firmware - Qualcomm Qcx315 Firmware - Qualcomm Qrb5165 Firmware - Qualcomm Qrb5165N Firmware - Qualcomm Qsm8250 Firmware - Qualcomm Sd460 Firmware - Qualcomm Sd480 Firmware - Qualcomm Sd660 Firmware - Qualcomm Sd662 Firmware - Qualcomm Sd690 5G Firmware - Qualcomm Sd750G Firmware - Qualcomm Sd765 Firmware - Qualcomm Sd765G Firmware - Qualcomm Sd768G Firmware - Qualcomm Sd778G Firmware - Qualcomm Sd865 5G Firmware - Qualcomm Sd870 Firmware - Qualcomm Sd888 5G Firmware - Qualcomm Sdx55 Firmware - Qualcomm Sdx55M Firmware - Qualcomm Sdx57M Firmware - Qualcomm Sdxr2 5G Firmware - Qualcomm Sm6225 Firmware - Qualcomm Sm6375 Firmware - Qualcomm Sm7250P Firmware - Qualcomm Sm7325P Firmware - Qualcomm Wcd9335 Firmware - Qualcomm Wcd9341 Firmware - Qualcomm Wcd9370 Firmware - Qualcomm Wcd9375 Firmware - Qualcomm Wcd9380 Firmware - Qualcomm Wcd9385 Firmware - Qualcomm Wcn3910 Firmware - Qualcomm Wcn3950 Firmware - Qualcomm Wcn3980 Firmware - Qualcomm Wcn3988 Firmware - Qualcomm Wcn3990 Firmware - Qualcomm Wcn3991 Firmware - Qualcomm Wcn3998 Firmware - Qualcomm Wcn3999 Firmware - Qualcomm Wcn6750 Firmware - Qualcomm Wcn6850 Firmware - Qualcomm Wcn6851 Firmware - Qualcomm Wcn6855 Firmware - Qualcomm Wcn6856 Firmware - Qualcomm Wsa8810 Firmware - Qualcomm Wsa8815 Firmware - Qualcomm Wsa8830 Firmware - Qualcomm Wsa8835 Firmware -	62
Hardware	Qualcomm Qualcomm Ar8035 - Qualcomm Qca6390 - Qualcomm Qca6391 - Qualcomm Qca6426 - Qualcomm Qca6436 - Qualcomm Qca8337 - Qualcomm Qca9984 - Qualcomm Qcm2290 - Qualcomm Qcm4290 - Qualcomm Qcm6490 - Qualcomm Qcs2290 - Qualcomm Qcs405 - Qualcomm Qcs4290 - Qualcomm Qcs6490 - Qualcomm Qcx315 - Qualcomm Qrb5165 - Qualcomm Qrb5165N - Qualcomm Qsm8250 - Qualcomm Sd460 - Qualcomm Sd480 - Qualcomm Sd660 - Qualcomm Sd662 - Qualcomm Sd690 5G - Qualcomm Sd750G - Qualcomm Sd765 - Qualcomm Sd765G - Qualcomm Sd768G - Qualcomm Sd778G - Qualcomm Sd865 5G - Qualcomm Sd870 - Qualcomm Sd888 5G - Qualcomm Sdx55 - Qualcomm Sdx55M - Qualcomm Sdx57M - Qualcomm Sdxr2 5G - Qualcomm Sm6225 - Qualcomm Sm6375 - Qualcomm Sm7250P - Qualcomm Sm7325P - Qualcomm Wcd9335 - Qualcomm Wcd9341 - Qualcomm Wcd9370 - Qualcomm Wcd9375 - Qualcomm Wcd9380 - Qualcomm Wcd9385 - Qualcomm Wcn3910 - Qualcomm Wcn3950 - Qualcomm Wcn3980 - Qualcomm Wcn3988 - Qualcomm Wcn3990 - Qualcomm Wcn3991 - Qualcomm Wcn3998 - Qualcomm Wcn3999 - Qualcomm Wcn6750 - Qualcomm Wcn6850 - Qualcomm Wcn6851 - Qualcomm Wcn6855 - Qualcomm Wcn6856 - Qualcomm Wsa8810 - Qualcomm Wsa8815 - Qualcomm Wsa8830 - Qualcomm Wsa8835 -	62

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

References

https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin