CVE-2021-1950

Q: What is the severity of CVE-2021-1950?

CVE-2021-1950 has a CVSS score of 7.8 (HIGH). This vulnerability allows authenticated users to bypass face authentication on affected Qualcomm Snapdragon devices due to improper secure memory cleaning between user sessions. It affects multiple Snapdragon platforms including Auto, Compute, Connectivity, Industrial IoT, Mobile, and Wired Infrastructure/Networking. Attackers with physical access or local privileges could potentially authenticate as other users.

7.8 HIGH

Authentication Bypass

📋 TL;DR

This vulnerability allows authenticated users to bypass face authentication on affected Qualcomm Snapdragon devices due to improper secure memory cleaning between user sessions. It affects multiple Snapdragon platforms including Auto, Compute, Connectivity, Industrial IoT, Mobile, and Wired Infrastructure/Networking. Attackers with physical access or local privileges could potentially authenticate as other users.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Wired Infrastructure and Networking

Versions: Specific affected versions not detailed in provided references; consult Qualcomm bulletins for exact version ranges.

Operating Systems: Android and other embedded OS using affected Snapdragon chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the Qualcomm Secure Processing Environment (SPE) implementation; affects devices with face authentication enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with physical access could bypass biometric authentication to gain unauthorized access to devices, potentially compromising sensitive data or device functionality.

🟠

Likely Case

Local authenticated users could bypass face authentication to escalate privileges or access other users' data on shared devices.

🟢

If Mitigated

With proper access controls and device security policies, impact is limited to local privilege escalation rather than remote compromise.

🌐 Internet-Facing: LOW - This is primarily a local authentication bypass requiring physical or local access to the device.

🏢 Internal Only: MEDIUM - Shared devices in enterprise environments could be vulnerable to privilege escalation between authenticated users.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authenticated access to the device; exploitation involves manipulating secure memory between authentication sessions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm March 2022 security bulletin for specific patched versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/march-2022-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM updates. 3. Reboot device after update. 4. Verify patch installation through version checks.

🔧 Temporary Workarounds

Disable Face Authentication

all

Temporarily disable face authentication feature until patches can be applied

Device-specific: Navigate to Settings > Security > Face Unlock > Disable

Enforce Strong Alternative Authentication

all

Require strong PIN/password authentication instead of or in addition to biometrics

Device-specific: Settings > Security > Screen lock > Set strong PIN/password

🧯 If You Can't Patch

Implement strict physical access controls for affected devices
Use device encryption and remote wipe capabilities to protect data if device is compromised

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's affected product list in March 2022 bulletin

Check Version:

Android: Settings > About phone > Build number / Kernel version

Verify Fix Applied:

Verify firmware version has been updated to a version after the March 2022 Qualcomm security patches

📡 Detection & Monitoring

Log Indicators:

Multiple failed face authentication attempts followed by successful authentication
Unusual authentication pattern changes

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Not applicable for this local authentication bypass vulnerability

📊 Metadata

CVE ID: CVE-2021-1950

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: April 1, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/march-2022-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/march-2022-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6005 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8072 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca9984 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn5021 Firmware by Qualcomm

Qcn5022 Firmware by Qualcomm

Qcn5052 Firmware by Qualcomm

Qcn5121 Firmware by Qualcomm

Qcn5122 Firmware by Qualcomm

Qcn5152 Firmware by Qualcomm

Qcn6023 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn9000 Firmware by Qualcomm

Qcn9022 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9070 Firmware by Qualcomm

Qcn9072 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs405 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qsm8250 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sd460 Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd662 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdx57m Firmware by Qualcomm

Sdxr2 5g Firmware by Qualcomm

Sm6225 Firmware by Qualcomm

Sm6375 Firmware by Qualcomm

Sm7250p Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Sxr2150p Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3910 Firmware by Qualcomm