CVE-2021-1917

Q: What is the severity of CVE-2021-1917?

CVE-2021-1917 has a CVSS score of 8.4 (HIGH). This vulnerability allows a null pointer dereference in the DIAG component of Qualcomm Snapdragon chipsets when memory allocation fails. It affects Snapdragon Auto, Compute, Connectivity, Industrial IoT, and Wearables platforms. Attackers could potentially cause denial of service or execute arbitrary code.

8.4 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows a null pointer dereference in the DIAG component of Qualcomm Snapdragon chipsets when memory allocation fails. It affects Snapdragon Auto, Compute, Connectivity, Industrial IoT, and Wearables platforms. Attackers could potentially cause denial of service or execute arbitrary code.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Industrial IOT
Snapdragon Wearables

Versions: Specific chipset versions not detailed in bulletin - requires checking Qualcomm advisory for exact affected versions

Operating Systems: Android-based systems and embedded OS using affected Snapdragon chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the DIAG component which may be accessible via diagnostic interfaces. Affects multiple product categories with Snapdragon chipsets.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, device takeover, or persistent malware installation.

🟠

Likely Case

Denial of service causing device crashes, reboots, or instability in affected systems.

🟢

If Mitigated

Limited impact with proper memory protection mechanisms and privilege separation in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires access to diagnostic interfaces. No public exploit code available as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm October 2021 security bulletin for specific patch versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset versions. 2. Contact device manufacturer for firmware updates. 3. Apply manufacturer-provided patches. 4. Reboot device after patch installation.

🔧 Temporary Workarounds

Disable diagnostic interfaces

all

Restrict access to DIAG interfaces if not required for operations

Device-specific - consult manufacturer documentation

Implement memory protection

linux

Enable memory protection features like ASLR and stack canaries

System-specific configuration commands

🧯 If You Can't Patch

Isolate affected devices on segmented networks
Implement strict access controls to diagnostic interfaces

🔍 How to Verify

Check if Vulnerable:

Check chipset version and compare against Qualcomm advisory. Use device manufacturer's security update status.

Check Version:

Device-specific commands (e.g., 'getprop ro.build.version.security_patch' on Android)

Verify Fix Applied:

Verify firmware version has been updated to post-October 2021 security patch level

📡 Detection & Monitoring

Log Indicators:

Unexpected DIAG service crashes
Memory allocation failure logs
Kernel panic or watchdog resets

Network Indicators:

Unusual traffic to diagnostic ports
Unexpected device reboots

SIEM Query:

Search for: 'DIAG service crash' OR 'null pointer dereference' OR 'memory allocation failure' in device logs

📊 Metadata

CVE ID: CVE-2021-1917

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-476

Published: October 20, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8017 Firmware by Qualcomm

Apq8053 Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Msm8917 Firmware by Qualcomm

Msm8953 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qualcomm215 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sd 636 Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd429 Firmware by Qualcomm

Sd439 Firmware by Qualcomm

Sd460 Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd632 Firmware by Qualcomm

Sd662 Firmware by Qualcomm

Sd665 Firmware by Qualcomm

Sd675 Firmware by Qualcomm

Sd678 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd720g Firmware by Qualcomm

Sd730 Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd780g Firmware by Qualcomm

Sd855 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sda429w Firmware by Qualcomm

Sdm630 Firmware by Qualcomm

Sdx12 Firmware by Qualcomm

Sdx50m Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sm4125 Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Sm7250 Firmware by Qualcomm

Sm7325 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3610 Firmware by Qualcomm

Wcn3615 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3680b Firmware by Qualcomm

Wcn3910 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3991 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm