CVE-2021-1943

Q: What is the severity of CVE-2021-1943?

CVE-2021-1943 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to read memory beyond allocated buffer boundaries in Qualcomm Snapdragon chipsets when parsing beacon responses. It affects devices using vulnerable Snapdragon components across automotive, compute, connectivity, industrial IoT, mobile, and networking products. Successful exploitation could lead to information disclosure or system crashes.

7.5 HIGH

Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability allows attackers to read memory beyond allocated buffer boundaries in Qualcomm Snapdragon chipsets when parsing beacon responses. It affects devices using vulnerable Snapdragon components across automotive, compute, connectivity, industrial IoT, mobile, and networking products. Successful exploitation could lead to information disclosure or system crashes.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Wired Infrastructure and Networking

Versions: Specific chipset versions not detailed in bulletin; affected by firmware versions prior to July 2021 patches

Operating Systems: Android, Linux-based embedded systems, Other OS using Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in wireless firmware components; affects devices with Wi-Fi capability using vulnerable Snapdragon chipsets

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or persistent backdoor installation

🟠

Likely Case

Denial of service through system crashes or reboots, potential information disclosure from adjacent memory

🟢

If Mitigated

Limited impact with proper network segmentation and updated firmware

🌐 Internet-Facing: MEDIUM - Requires proximity to wireless networks but can be exploited remotely via crafted beacon frames

🏢 Internal Only: MEDIUM - Internal wireless networks could be used as attack vector

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted beacon frames to vulnerable devices; no public exploit code available as of knowledge cutoff

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released in July 2021 security bulletin

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided firmware patches. 3. Reboot device after update. 4. Verify patch installation through version checks.

🔧 Temporary Workarounds

Disable vulnerable Wi-Fi interfaces

all

Temporarily disable Wi-Fi functionality on affected devices

adb shell svc wifi disable
nmcli radio wifi off

Network segmentation

all

Isolate vulnerable devices from untrusted networks

🧯 If You Can't Patch

Segment affected devices on isolated network segments
Implement strict wireless network access controls and monitoring

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm July 2021 security bulletin; devices with pre-July 2021 firmware are likely vulnerable

Check Version:

Manufacturer-specific commands vary; generally: adb shell getprop ro.build.fingerprint or cat /proc/version

Verify Fix Applied:

Verify firmware version has been updated to post-July 2021 release; check with manufacturer-specific update verification tools

📡 Detection & Monitoring

Log Indicators:

Unexpected system crashes/reboots
Wi-Fi driver errors
Memory access violation logs

Network Indicators:

Unusual beacon frame patterns
Malformed 802.11 management frames
Suspicious wireless traffic targeting specific devices

SIEM Query:

wireless AND (beacon OR management_frame) AND (malformed OR oversized OR count_anomaly)

📊 Metadata

CVE ID: CVE-2021-1943

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: July 13, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8053 Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Ipq4018 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Ipq4028 Firmware by Qualcomm

Ipq4029 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5018 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6005 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8065 Firmware by Qualcomm

Ipq8068 Firmware by Qualcomm

Ipq8070 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071 Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072 Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074 Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Msm8953 Firmware by Qualcomm

Pmp8074 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6175a Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6428 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6438 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca7500 Firmware by Qualcomm

Qca8072 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca9531 Firmware by Qualcomm

Qca9558 Firmware by Qualcomm

Qca9561 Firmware by Qualcomm

Qca9563 Firmware by Qualcomm

Qca9880 Firmware by Qualcomm

Qca9886 Firmware by Qualcomm

Qca9887 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qca9896 Firmware by Qualcomm

Qca9898 Firmware by Qualcomm

Qca9980 Firmware by Qualcomm

Qca9982 Firmware by Qualcomm

Qca9984 Firmware by Qualcomm

Qca9985 Firmware by Qualcomm

Qca9990 Firmware by Qualcomm

Qca9992 Firmware by Qualcomm

Qca9994 Firmware by Qualcomm