CVE-2021-1905
ENISA EUVD: EUVD-2021-7369 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
3 articles
Published: 2021-05-07
EPSS Score
Source: FIRST.org · 2026-05-23
0.65%
probability
This CVE has a 0.65% probability
of being exploited in the next 30 days.
0%
Top 70.9th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)8.4
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2 (legacy)
7.2
HIGH
Access Vector
Local
Access Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
AV:L/AC:L/Au:N/C:C/I:C/A:C
Description
VulnerabilityLookup (CNA)Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Affected Products
Qualcomm, Inc.
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, FSM10055, FSM10056, MDM9206, MDM9607, MDM9626, MDM9628, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM4250, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8953, PM8998, PMC1000H, PMD9607, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8998, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMM8920AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA4020, QCA6174, QCA6174A, QCA ...[truncated*]
Attack Intelligence
CWE-118
· Incorrect Access of Indexable Resource ('Range Error')
CWE-119
· Buffer Overflow
CWE-416
· Use After Free
CWE-664
· Improper Control of a Resource Through its Lifetime
CWE-666
· Operation on Resource in Wrong Phase of Lifetime
CWE-672
· Operation on a Resource after Expiration or Release
CWE-825
· Expired Pointer Dereference
Google Project Zero
Discovered
Nov. 17, 2020
Patched
May 3, 2021
Reported by
???
Root Cause Analysis
https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-1905.html
Exploits & PoC
TAKIANFIF/CVE-2021-1905-CVE-2021-1906-CVE-2021-28663-CVE-2021-28664
Qualcomm GPU / ARM Mali GPU
0
2021-05-23
1 repo — triés par ⭐
Rechercher sur GitHub ↗
https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin
x_refsource_CONFIRM
Signal Intelligence
Confidence
95%
EPSS
0.65%
CVSS v3.1
8.4
Mentions
3
Last Seen
Nov 09, 2021
CNA Information
CNA Assigner
qualcomm
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Triage Info
Decided atMar 05, 2026
Published DateMay 07, 2021