CVE DATABASE / CVE-2021-1906

CVE-2021-1906

Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability

CVSS 6.2 · MEDIUM ⚠ CISA KEV — ACTIVELY EXPLOITED

On the CISA KEV catalog

Confirmed exploited in the wild. Added 2021-11-03. Federal remediation due 2021-11-17.
Required action: Apply updates per vendor instructions.

Summary

Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CVSS 3.1 breakdown

Base score	6.2 (MEDIUM)
Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack vector	LOCAL
Attack complexity	LOW
Privileges required	NONE
User interaction	NONE
Scope	UNCHANGED
Confidentiality	NONE
Integrity	NONE
Availability	HIGH

Affected products

Qualcomm apq8009 firmwareQualcomm apq8009Qualcomm apq8009w firmwareQualcomm apq8009wQualcomm apq8017 firmwareQualcomm apq8017Qualcomm apq8053 firmwareQualcomm apq8053Qualcomm apq8064au firmwareQualcomm apq8064auQualcomm apq8096au firmwareQualcomm apq8096auQualcomm aqt1000 firmwareQualcomm aqt1000Qualcomm ar8031 firmwareQualcomm ar8031Qualcomm ar8035 firmwareQualcomm ar8035Qualcomm ar8151 firmwareQualcomm ar8151

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD + CISA KEV. NVD last modified 2025-10-28. Always verify against the vendor advisory before acting.