cbcvebase.
CVE-2021-1906
published 2021-05-07

CVE-2021-1906: Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon…

PriorityP277medium5.5CVSS 3.1
AVLACLPRLUINSUCNINAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
0.52%
40.2th percentile
Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Affected

1 ranges
VendorProductVersion rangeFixed in
googleandroid

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2021-1906 affects the Display component in Android; patch reference is A-178810049 / QC-CR#2835082, which can be used to identify unpatched devices in asset management or vulnerability scanning.
  • The vulnerability is classified as 'Detection of Error Condition Without Action' in Qualcomm Multiple Chipsets — improper handling of GPU address deregistration on failure leading to new GPU address allocation failure. Detection should focus on Qualcomm chipset firmware versions predating the May 2021 Android Security Bulletin patch.
  • ·The vulnerability spans a wide range of Qualcomm product lines (Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables), meaning detection and patching scope is broad across device categories.

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
vulncheck6.2MEDIUM
cisa5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.