CVE-2021-1946

Q: What is the severity of CVE-2021-1946?

CVE-2021-1946 has a CVSS score of 9.8 (CRITICAL). A null pointer dereference vulnerability in Qualcomm Snapdragon chipsets allows remote attackers to cause denial of service or potentially execute arbitrary code by sending a specially crafted SDP (Session Description Protocol) body. This affects numerous Snapdragon platforms including Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, and Mobile devices. The vulnerability is remotely exploitable without authentication.

9.8 CRITICAL

📋 TL;DR

A null pointer dereference vulnerability in Qualcomm Snapdragon chipsets allows remote attackers to cause denial of service or potentially execute arbitrary code by sending a specially crafted SDP (Session Description Protocol) body. This affects numerous Snapdragon platforms including Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, and Mobile devices. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile

Versions: Multiple Snapdragon chipset versions (specific versions in Qualcomm advisory)

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Snapdragon chipsets with SDP processing enabled

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or persistent backdoor installation

🟠

Likely Case

Device crash/reboot causing denial of service, potentially leading to system instability

🟢

If Mitigated

Limited impact with proper network segmentation and input validation controls

🌐 Internet-Facing: HIGH - Remote exploitation without authentication via network protocols

🏢 Internal Only: MEDIUM - Requires network access but could be exploited internally via malicious packets

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious SDP packets but no authentication needed

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm September 2021 security bulletin for specific chipset patches

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/september-2021-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates 2. Apply Qualcomm-provided patches 3. Reboot device 4. Verify patch installation

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices from untrusted networks

Firewall Rules

all

Block unnecessary SDP traffic at network perimeter

🧯 If You Can't Patch

Segment affected devices in isolated network zones
Implement strict network access controls and monitor for anomalous SDP traffic

🔍 How to Verify

Check if Vulnerable:

Check device chipset version and compare against Qualcomm advisory

Check Version:

Device-specific commands vary by manufacturer (e.g., Android: getprop ro.bootloader)

Verify Fix Applied:

Verify firmware version has been updated to patched release

📡 Detection & Monitoring

Log Indicators:

Device crashes/reboots
Kernel panic logs
SDP protocol errors

Network Indicators:

Malformed SDP packets
Unusual SDP traffic patterns

SIEM Query:

search 'SDP protocol error' OR 'kernel panic' OR device_reboot

📊 Metadata

CVE ID: CVE-2021-1946

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-476

Published: September 9, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/september-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/september-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8017 Firmware by Qualcomm

Apq8053 Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Msm8917 Firmware by Qualcomm

Msm8920 Firmware by Qualcomm

Msm8940 Firmware by Qualcomm

Msm8953 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qsm8350 Firmware by Qualcomm

Qualcomm215 Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd 8c Firmware by Qualcomm

Sd 8cx Firmware by Qualcomm

Sd205 Firmware by Qualcomm

Sd210 Firmware by Qualcomm

Sd429 Firmware by Qualcomm

Sd450 Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd632 Firmware by Qualcomm

Sd665 Firmware by Qualcomm

Sd675 Firmware by Qualcomm

Sd678 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd720g Firmware by Qualcomm

Sd730 Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd780g Firmware by Qualcomm

Sd855 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sdx12 Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdxr2 5g Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Sm6250p Firmware by Qualcomm

Sm7250 Firmware by Qualcomm

Sm7325 Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9360 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9371 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm