Back to KEVs

CVE-2021-1905

Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute,...

Basic Information

CVE State
PUBLISHED
Reserved Date
December 08, 2020
Published Date
May 07, 2021
Last Updated
October 21, 2025
Vendor
Qualcomm, Inc.
Product
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Description
Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Tags
cisa

CVSS Scores

CVSS v3.1

8.4 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2021-11-03 00:00:00 UTC) Source

References

https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC
CISA 2021-11-03 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

TAKIANFIF/CVE-2021-1905-CVE-2021-1906-CVE-2021-28663-CVE-2021-28664

Type: github • Created: 2021-05-23 23:02:41 UTC • Stars: 0

Qualcomm GPU / ARM Mali GPU

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Added to KEVIntel