Use After Free

CVE-2021-35120

Medium

6.7/10

Summary

Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-416 - Use After Free

Use-after-free (UaF) vulnerability occurs when the application is using a pointer to memory that has been freed. Any attempt to read/write to a buffer after it is de-allocated allows memory corruption, sensitive information exposure, and can potentially lead to arbitrary code execution.

References

Advisory Timeline

Published Jun 14, 2022

Use After Free

CVE-2021-35120

Summary

CWE-416 - Use After Free

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS