CVE-2021-1906

CVSS 6.2 MEDIUMEPSS 0.5%● KEV

In short

When a GPU address fails to be properly removed from memory, the system cannot allocate new GPU addresses correctly. This can cause GPU-related features to stop working or crash on Qualcomm Snapdragon devices.

Technical detail

The vulnerability stems from improper cleanup of GPU address space during deregistration failures in Qualcomm Snapdragon firmware. When address deregistration fails, the memory mapping is not correctly freed, preventing subsequent GPU memory allocation requests from succeeding. This affects multiple Snapdragon platforms and can lead to denial of service of GPU functionality.

Summary generated and translated by AI from the official description.

Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Qualcomm, Inc. · Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1906 https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin