CVE-2021-35070 : What You Need to Know
Learn about CVE-2021-35070 affecting Snapdragon Industrial IOT, Snapdragon Mobile devices. See impact, affected systems, and mitigation steps for this Qualcomm vulnerability.
This CVE-2021-35070 impacts Snapdragon Industrial IOT and Snapdragon Mobile devices. The vulnerability allows RPM secure Stream to access secure resources due to improper SMMU configuration, potentially leading to information disclosure.
Understanding CVE-2021-35070
This section delves into the details of the CVE-2021-35070 vulnerability affecting Qualcomm's Snapdragon Industrial IOT and Snapdragon Mobile devices.
What is CVE-2021-35070?
The vulnerability in Qualcomm's Snapdragon devices enables RPM secure Stream to access secure resources due to misconfigured SMMU, leading to potential information disclosure.
The Impact of CVE-2021-35070
The vulnerability poses a medium severity risk with a CVSS base score of 6.5, allowing unauthorized access to sensitive information on affected devices.
Technical Details of CVE-2021-35070
This section explores the technical aspects of CVE-2021-35070.
Vulnerability Description
The vulnerability arises from improper SMMU configuration, enabling RPM secure Stream to access secure resources, potentially resulting in information disclosure on affected Snapdragon devices.
Affected Systems and Versions
Qualcomm's Snapdragon Industrial IOT and Snapdragon Mobile devices are affected, including versions QCM6125, QCS6125, SD665, WCD9370, WCD9375, WCN3950, WCN3980, WSA8810, and WSA8815.
Exploitation Mechanism
The vulnerability allows local attackers to exploit the misconfigured SMMU to gain access to secure resources, leading to potential leakage of sensitive information.
Mitigation and Prevention
Learn how to mitigate and prevent the CVE-2021-35070 vulnerability on affected devices.
Immediate Steps to Take
Users of Snapdragon Industrial IOT and Snapdragon Mobile devices should apply security patches provided by Qualcomm to address the vulnerability and prevent information disclosure.
Long-Term Security Practices
Implementing strong security practices, such as regular software updates and keeping devices secure, can help prevent similar vulnerabilities in the future.
Patching and Updates
Qualcomm has released security bulletins, including patches to address the CVE-2021-35070 vulnerability. Ensure that affected devices are updated with the latest firmware to protect against potential exploitation.