Vulnerabilities > CVE-2021-35095 - Deserialization of Untrusted Data vulnerability in Qualcomm products

CVSS 7.0 - HIGH

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

qualcomm

CWE-502

NVD

Published: 2022-06-14

Updated: 2023-08-08

Summary

Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Ar8035 Firmware - Qualcomm Qca8081 Firmware - Qualcomm Qca8337 Firmware - Qualcomm SD 8 Gen1 5G Firmware - Qualcomm Sdx65 Firmware - Qualcomm Wcd9380 Firmware - Qualcomm Wcn6855 Firmware - Qualcomm Wcn6856 Firmware - Qualcomm Wsa8830 Firmware - Qualcomm Wsa8835 Firmware -	10
Hardware	Qualcomm Qualcomm Ar8035 - Qualcomm Qca8081 - Qualcomm Qca8337 - Qualcomm Sm8475 - Qualcomm Sdx65 - Qualcomm Wcd9380 - Qualcomm Wcn6855 - Qualcomm Wcn6856 - Qualcomm Wsa8830 - Qualcomm Wsa8835 -	10

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin