CVE-2021-35080 : What You Need to Know
Get insights into CVE-2021-35080, a medium-severity vulnerability in Qualcomm Snapdragon Industrial IOT, Mobile, and Wearables. Learn about the impact, affected systems, and mitigation steps.
This article provides detailed information about CVE-2021-35080, a vulnerability identified in Qualcomm's Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Wearables.
Understanding CVE-2021-35080
CVE-2021-35080 is a security vulnerability that occurs when the SMMU is disabled from the secure side while the RPM is assigned a secure stream. This issue can lead to information disclosure in Qualcomm's Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Wearables.
What is CVE-2021-35080?
The CVE-2021-35080 vulnerability arises from the insecure configuration of the SMMU and RPM components in Qualcomm devices, allowing unauthorized access to sensitive information stored in these devices.
The Impact of CVE-2021-35080
This vulnerability can have a medium impact, with a CVSS base score of 6.5. It poses a high risk to the confidentiality of data stored on affected devices, potentially leading to information disclosure.
Technical Details of CVE-2021-35080
CVE-2021-35080 is classified as an 'Information Exposure in Kernel' problem type. The vulnerability affects multiple versions of Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Wearables, including QCM2290, QCM4290, QCS2290, QCS4290, and more.
Vulnerability Description
The security flaw occurs due to the improper configuration that enables unauthorized access to secure information by disabling the SMMU from the secure side.
Affected Systems and Versions
Qualcomm's Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Wearables devices are impacted by this vulnerability across various versions including SD460, SD480, SD662, SD680, and more.
Exploitation Mechanism
Attackers with low privileges can exploit this vulnerability locally to access high-value confidential data without requiring user interaction.
Mitigation and Prevention
To address CVE-2021-35080, immediate steps should be taken to secure affected devices. Long-term security practices and regular patching are essential to prevent exploitation of this vulnerability.
Immediate Steps to Take
Device users and administrators should apply relevant security updates as soon as they are made available by Qualcomm to mitigate the risk of information disclosure.
Long-Term Security Practices
Implementing strong access controls, regular security assessments, and monitoring for unauthorized access can enhance the overall security posture of Qualcomm devices.
Patching and Updates
Regularly check for security bulletins and updates from Qualcomm to ensure that devices are protected against known vulnerabilities like CVE-2021-35080.