CVE Vulnerabilities

CVE-2021-35097

Improper Verification of Cryptographic Signature

Published: Sep 02, 2022 | Modified: Sep 08, 2022
CVSS 3.x
6.8
MEDIUM
Source:
NVD
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Weakness

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Software

Name Vendor Start Version End Version
Aqt1000_firmware Qualcomm - (including) - (including)

References