What is CVE-2021-1940 vulnerability about?

The vulnerability CVE-2021-1940 is related to a use after free issue caused by improper handling of responses from firmware in various Qualcomm Snapdragon products.

How severe is CVE-2021-1940?

The severity of CVE-2021-1940 is rated as 7.8, which is considered high.

Which software products are affected by CVE-2021-1940?

Google Android and various firmware versions for Qualcomm Snapdragon products like Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables are affected.

Where can I find more information about CVE-2021-1940 vulnerability?

You can find more information about CVE-2021-1940 on the Qualcomm and Android security bulletin websites, as well as on Packet Storm Security.

Vulnerability/
CVE-2021-1940

high

8.4

CWE

416

7/7/2021

12/6/2023

CVE-2021-1940: Use After Free

First published: Wed Jul 07 2021(Updated: )

Use after free can occur due to improper handling of response from firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
Google Android
Google Android
Google Android
Google Android
Qualcomm Ar8031
Google Android
Qualcomm Ar8035
Qualcomm Csra6620 Firmware
Google Android
Qualcomm Csra6640 Firmware
Google Android
Qualcomm Fsm10055 Firmware
Google Android
Qualcomm Fsm10056 Firmware
Qualcomm Fsm10056
Google Android
Google Android
Google Android
Qualcomm Qca6420
Qualcomm Qca6430 Firmware
Google Android
Google Android
Qualcomm Qca6564
Google Android
Google Android
Qualcomm Qca6564au Firmware
Google Android
Qualcomm Qca6574 Firmware
Qualcomm Qca6574
Google Android
Google Android
Google Android
Qualcomm Qca6574au
Google Android
Qualcomm Qca6584au
Google Android
Google Android
Google Android
Qualcomm Qca6696
Qualcomm Qca8337 Firmware
Google Android
Google Android
Google Android
Qualcomm Qcs405 Firmware
Qualcomm Qcs405
Google Android
Google Android
Google Android
Google Android
Qualcomm Qcs6125 Firmware
Qualcomm Qcs6125
Qualcomm Sa415m Firmware
Google Android
Qualcomm Sa515m Firmware
Google Android
Google Android
Qualcomm Sa6145p
Google Android
Google Android
Google Android
Qualcomm Sa6155p
Qualcomm Sa8155 Firmware
Google Android
Google Android
Google Android
Qualcomm Sa8195p Firmware
Google Android
Google Android
Qualcomm Sd 675
Qualcomm Sd 8c Firmware
Qualcomm Sd 8c
Google Android
Qualcomm Sd 8cx
Google Android
Qualcomm Sd660
Google Android
Qualcomm Sd665
Google Android
Qualcomm Sd675
Google Android
Google Android
Google Android
Google Android
Google Android
Qualcomm Sd730
Google Android
Google Android
Qualcomm Sda429w Firmware
Google Android
Qualcomm Sdx50m Firmware
Qualcomm Sdx50m
Qualcomm Sdx55 Firmware
Qualcomm Sdx55
Google Android
Google Android
Qualcomm Sm6250 Firmware
Google Android
Google Android
Qualcomm Sm6250p
Google Android
Google Android
Google Android
Google Android
Qualcomm Wcd9341 Firmware
Google Android
Qualcomm Wcd9370 Firmware
Google Android
Google Android
Google Android
Google Android
Google Android
Qualcomm Wcn3610 Firmware
Google Android
Google Android
Qualcomm Wcn3620
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Qualcomm Wcn3990 Firmware
Google Android
Google Android
Qualcomm Wcn3991
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android

Remedy

https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-1940 vulnerability about?
The vulnerability CVE-2021-1940 is related to a use after free issue caused by improper handling of responses from firmware in various Qualcomm Snapdragon products.
How severe is CVE-2021-1940?
The severity of CVE-2021-1940 is rated as 7.8, which is considered high.
Which software products are affected by CVE-2021-1940?
Google Android and various firmware versions for Qualcomm Snapdragon products like Snapdragon Auto, Compute, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables are affected.
Where can I find more information about CVE-2021-1940 vulnerability?
You can find more information about CVE-2021-1940 on the Qualcomm and Android security bulletin websites, as well as on Packet Storm Security.