CVE-2021-1905
published 2021-05-07CVE-2021-1905: Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon…
PriorityP180high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-03
Exploited in the wild
EPSS
1.15%
62.9th percentile
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2021-1905 is a use-after-free in Qualcomm GPU/Display component due to improper handling of memory mapping of multiple processes simultaneously; patch reference is Android Security Bulletin 2021-05-01, component: Display ↗
- →Track Android patch reference A-178809945 / QC-CR#2826864 for CVE-2021-1905 in the Display component; severity is HIGH per Android Security Bulletin ↗
- ·CVE-2021-1905 affects a broad range of Qualcomm chipset families; ensure patching covers all relevant product lines: Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables ↗
- ·CISA mandated remediation due date was 2022-05-03; any unpatched devices in scope should be treated as actively exploitable ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck8.4HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jxmm-frjr-grqr: Possible use after free due to improper handling of memory mapping of multiple processes simultaneously
ghsa_unreviewed·2022-05-24
CVE-2021-1905 [HIGH] CWE-416 GHSA-jxmm-frjr-grqr: Possible use after free due to improper handling of memory mapping of multiple processes simultaneously
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Project0
The More You Know, The More You Know You Don’t Know - Project Zero
project_zero·2022-04-01
CVE-2016-4654 The More You Know, The More You Know You Don’t Know - Project Zero
A Year in Review of 0-days Used In-the-Wild in 2021
Posted by Maddie Stone, Google Project Zero
This is our third annual year in review of 0-days exploited in-the-wild [2020, 2019]. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what we think the trends and takeaways are. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a group, looking for trends, gaps, lessons learned, successes, etc. If you’re interested in the analysis of individual exploits, please check out our root cause analysis repository.
We perform and share this analysis in order to make 0-day hard. We want it to be more costly, more resource intensive, and overall more difficult for
VulnCheck
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
vulncheck·2021·CVSS 8.4
CVE-2021-1905 [HIGH] CWE-416 Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously.
Affected: Qualcomm Multiple Chipsets
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Buying_Spying_-_Insights_into_Commercial_Surveillance_Vendors.pdf
Remediation Due: 2022-05-03
Project0
Project Zero RCA: CVE-2021-1905: Qualcomm Adreno GPU memory mapping use-after-free
project_zero·CVSS 8.4
CVE-2021-1905 [HIGH] Project Zero RCA: CVE-2021-1905: Qualcomm Adreno GPU memory mapping use-after-free
# CVE-2021-1905: Qualcomm Adreno GPU memory mapping use-after-free
*Ben Hawkes, Project Zero*
## The Basics
**Disclosure or Patch Date:** 1 May 2021
**Product:** Qualcomm Adreno GPU
**Advisory:** https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin
**Affected Versions:** Prior to Android 2021-05-01 security patch level
Note: the Qualcomm Adreno GPU kernel driver may be used in other platforms aside from Android, but the following analysis was performed with Android in mind, since Android is a high priority area of interest for Project Zero.
**First Patched Version:** Android 2021-05-01 security patch level
**Issue/Bug Report:** N/A
**Patch CL:**\
https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=d236d315145f8250523ce9e14897d62e5d6639fc \
http
CISA
Qualcomm Multiple Chipsets Use-After-Free Vulnerability
cisa·2021-11-03·CVSS 7.8
CVE-2021-1905 [HIGH] CWE-416 Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Vulnerability: Qualcomm Multiple Chipsets Use-After-Free Vulnerability
Affected: Qualcomm Multiple Chipsets
Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-1905
Remediation Due Date: 2022-05-03
Android
CVE-2021-1905: Display
vendor_android·2021-05-01·CVSS 8.4
CVE-2021-1905 [HIGH] CVE-2021-1905: Display
Android Security Bulletin 2021-05-01
CVE: CVE-2021-1905
Severity: HIGH
Component: Display
References: A-178809945QC-CR#2826864
No detection rules found.
No public exploits indexed.
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01
## Table of Contents
Overview
Directive Scope
CISA Catalog of Known Exploited Vulnerabilities
Detect CISAs Vulnerabilities Using Qualys VMDR
Remediation
Federal Enterprises and Agencies Can Act Now
Summary
Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01 , “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
#### Table of Contents
- Overview
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISAs Vulnerabilities Using Qualys VMDR
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to
arXiv
GAIROSCOPE: Injecting Data from Air-Gapped Computers to Nearby Gyroscopes
arxiv_fulltext·2022-08-21
GAIROSCOPE: Injecting Data from Air-Gapped Computers to Nearby Gyroscopes
GAIROSCOPE: Injecting Data from Air-Gapped Computers to Nearby Gyroscopes
Mordechai Guri
Ben-Gurion University of the Negev, Israel
Department of Software and Information Systems Engineering
Cyber-Security Research Center
Email: [email protected]
Demo video: http://www.covertchannels.com
\@IEEEpubidpullup6.5
A slightly modified version was accepted to 2021 18th International Conference on Privacy, Security and Trust (PST) 2021 IEEE
DOI: 10.1109/PST52912.2021.9647842
[ ]
## Abstract
It is known that malware can leak data from isolated, air-gapped computers to nearby smartphones using ultrasonic waves. However, this covert channel requires access to the smartphone's microphone, which is highly protected in Android OS and iOS, and might be non-accessible, disabled, or blocked.
In
2021-05-07
Published
2021-11-03
Added to CISA KEV
Exploited in the wild