CVE-2021-30338 — Improper Input Validation in INC Snapdragon Compute

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 88.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon Compute Google Android

Timeline

PublishedJun 14

Latest updateJun 15

Description

Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5qualcomm_inc/snapdragon_computeSD850, SDXR1

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-hgmq-fch4-5c28: Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute↗2022-06-15

▶

📋Vendor Advisories

Android

CVE-2021-30338: Closed-source component↗2022-04-01

▶