7.8
HIGH
CVE-2021-30298
Snapdragon Memory Pool Out-of-Boundreading
Description

Possible out of bound access due to improper validation of item size and DIAG memory pools data while switching between USB and PCIE interface in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

INFO

Published Date :

Jan. 3, 2022, 8:15 a.m.

Last Modified :

Nov. 21, 2024, 6:03 a.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2021-30298 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Qualcomm qca6390_firmware
2 Qualcomm qca6391_firmware
3 Qualcomm qca6574au_firmware
4 Qualcomm qca6595au_firmware
5 Qualcomm qca6696_firmware
6 Qualcomm sa8155p_firmware
7 Qualcomm sd865_5g_firmware
8 Qualcomm sd870_firmware
9 Qualcomm sdx55m_firmware
10 Qualcomm wcd9341_firmware
11 Qualcomm wcd9380_firmware
12 Qualcomm wcd9385_firmware
13 Qualcomm wcn3980_firmware
14 Qualcomm wcn3988_firmware
15 Qualcomm wcn3998_firmware
16 Qualcomm wcn6850_firmware
17 Qualcomm wcn6851_firmware
18 Qualcomm wsa8810_firmware
19 Qualcomm wsa8815_firmware
20 Qualcomm wsa8830_firmware
21 Qualcomm wsa8835_firmware
22 Qualcomm ar8035_firmware
23 Qualcomm csra6620_firmware
24 Qualcomm csra6640_firmware
25 Qualcomm wcn3991_firmware
26 Qualcomm ipq8072a_firmware
27 Qualcomm ipq8074a_firmware
28 Qualcomm ipq8076a_firmware
29 Qualcomm qca8337_firmware
30 Qualcomm qcn9000_firmware
31 Qualcomm qcn9074_firmware
32 Qualcomm qrb5165n_firmware
33 Qualcomm qrb5165_firmware
34 Qualcomm sd460_firmware
35 Qualcomm sd662_firmware
36 Qualcomm sdx55_firmware
37 Qualcomm sm7250p_firmware
38 Qualcomm wcd9335_firmware
39 Qualcomm wcd9340_firmware
40 Qualcomm wcd9370_firmware
41 Qualcomm wcd9375_firmware
42 Qualcomm wcn3950_firmware
43 Qualcomm wcn3660b_firmware
44 Qualcomm sda429w_firmware
45 Qualcomm wcn3610_firmware
46 Qualcomm sd765_firmware
47 Qualcomm sd765g_firmware
48 Qualcomm sd768g_firmware
49 Qualcomm mdm9150_firmware
50 Qualcomm qcs410_firmware
51 Qualcomm qcs610_firmware
52 Qualcomm fsm10056_firmware
53 Qualcomm qualcomm215_firmware
54 Qualcomm sd210_firmware
55 Qualcomm wcn3620_firmware
56 Qualcomm sd665_firmware
57 Qualcomm ar8031_firmware
58 Qualcomm qcs405_firmware
59 Qualcomm sd205_firmware
60 Qualcomm wcn3999_firmware
61 Qualcomm fsm10055_firmware
62 Qualcomm ar8031
63 Qualcomm ar8035
64 Qualcomm csra6620
65 Qualcomm csra6640
66 Qualcomm qca6390
67 Qualcomm qca6391
68 Qualcomm qca6574au
69 Qualcomm qca6595au
70 Qualcomm qca6696
71 Qualcomm qcs405
72 Qualcomm qcs410
73 Qualcomm qcs610
74 Qualcomm qualcomm215
75 Qualcomm sa8155p
76 Qualcomm sd205
77 Qualcomm sd210
78 Qualcomm sd460
79 Qualcomm sd662
80 Qualcomm sd665
81 Qualcomm sd765
82 Qualcomm sd765g
83 Qualcomm sd768g
84 Qualcomm sd865_5g
85 Qualcomm sda429w
86 Qualcomm sdx55
87 Qualcomm sdx55m
88 Qualcomm sm7250p
89 Qualcomm wcd9335
90 Qualcomm wcd9340
91 Qualcomm wcd9341
92 Qualcomm wcd9370
93 Qualcomm wcd9375
94 Qualcomm wcd9380
95 Qualcomm wcd9385
96 Qualcomm wcn3610
97 Qualcomm wcn3620
98 Qualcomm wcn3660b
99 Qualcomm wcn3950
100 Qualcomm wcn3980
101 Qualcomm wcn3988
102 Qualcomm wcn3991
103 Qualcomm wcn3998
104 Qualcomm wcn3999
105 Qualcomm wcn6850
106 Qualcomm wcn6851
107 Qualcomm wsa8810
108 Qualcomm wsa8815
109 Qualcomm wsa8830
110 Qualcomm wsa8835
111 Qualcomm qca8337
112 Qualcomm fsm10055
113 Qualcomm mdm9150
114 Qualcomm fsm10056
115 Qualcomm ipq8072a
116 Qualcomm ipq8074a
117 Qualcomm ipq8076a
118 Qualcomm qcn9000
119 Qualcomm qcn9074
120 Qualcomm qrb5165n
121 Qualcomm qrb5165
122 Qualcomm sd870
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-30298.

URL Resource
https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin Patch Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-30298 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-30298 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jan. 12, 2022

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:P/I:P/A:P)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin No Types Assigned https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin Patch, Vendor Advisory
    Added CWE NIST CWE-120
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:ar8031:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:ar8035:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:csra6620:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:csra6640:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:fsm10055_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:fsm10055:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:fsm10056_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:fsm10056:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:ipq8072a_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:ipq8072a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:ipq8074a_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:ipq8074a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:ipq8076a_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:ipq8076a:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:mdm9150:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qca8337:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcn9000_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcn9000:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcn9074:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qrb5165_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qrb5165:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qrb5165n_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qrb5165n:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:qualcomm215_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:qualcomm215:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd205:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd210:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd460:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd662:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd665:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd765:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd765g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd768g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sd870:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sda429w:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sdx55m:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:sm7250p:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9335:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9340:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3610:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3620:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3991:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3998:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn3999:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn6850:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wcn6851:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:*
    Added CPE Configuration AND OR *cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:* OR cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-30298 is associated with the following CWEs:

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.10359

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability