← back
CVE-2021-1905

CVE-2021-1905

CVSS 8.4 HIGHEPSS 1.1%● KEVCWE-416
In short

A memory management flaw in Snapdragon processors allows attackers to access or corrupt memory that has already been freed, potentially causing system crashes or enabling unauthorized code execution. This occurs when multiple processes try to access the same memory location simultaneously.

Technical detail

Use-after-free vulnerability in Snapdragon kernel memory mapping during concurrent multi-process operations (CWE-416). Attack vector requires local access to trigger improper synchronization of memory deallocation, potentially enabling arbitrary code execution with elevated privileges or denial of service.

Summary generated and translated by AI from the official description.
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Qualcomm, Inc. · Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
public PoCs found1
githubgithub.com/TAKIANFIF/CVE-2021-1905-CVE-2021-1906-CVE-2021-28663-CVE-2021-286640
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1905https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin