CVE-2021-1955

Q: What is the severity of CVE-2021-1955?

CVE-2021-1955 has a CVSS score of 7.5 (HIGH). This vulnerability in Qualcomm Snapdragon chipsets allows denial of service attacks when connections are improperly handled during association rejection in SAP (Service Access Point) cases. It affects a wide range of Qualcomm-powered devices including automotive, mobile, IoT, and wearable products. Attackers can cause system crashes or service disruptions by sending specially crafted connection requests.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in Qualcomm Snapdragon chipsets allows denial of service attacks when connections are improperly handled during association rejection in SAP (Service Access Point) cases. It affects a wide range of Qualcomm-powered devices including automotive, mobile, IoT, and wearable products. Attackers can cause system crashes or service disruptions by sending specially crafted connection requests.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer Electronics Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon IoT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables

Versions: Multiple chipset versions prior to July 2021 security updates

Operating Systems: Android, Linux-based embedded systems, Various RTOS implementations

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Qualcomm chipset firmware versions. Impact varies by device implementation and configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or persistent denial of service affecting critical functions in automotive, medical, or industrial systems, potentially leading to safety hazards or operational shutdowns.

🟠

Likely Case

Temporary service disruption, system instability, or device reboots affecting connectivity and functionality of affected devices.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated firmware, though some performance degradation may occur during attack attempts.

🌐 Internet-Facing: MEDIUM - Devices with exposed network interfaces could be targeted remotely, but exploitation requires specific conditions and knowledge of vulnerable systems.

🏢 Internal Only: MEDIUM - Internal network attacks possible if attacker gains network access, but requires proximity or internal compromise.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access to vulnerable services and knowledge of specific connection handling flaws. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: July 2021 security updates and later

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates 2. Apply Qualcomm July 2021 or later security patches 3. Update device firmware through manufacturer channels 4. Reboot device after update

🔧 Temporary Workarounds

Network Segmentation

all

Isolate vulnerable devices from untrusted networks to prevent remote exploitation

Service Access Control

linux

Restrict access to vulnerable SAP services using firewall rules

iptables -A INPUT -p tcp --dport [vulnerable_port] -j DROP
iptables -A INPUT -p udp --dport [vulnerable_port] -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable devices
Deploy intrusion detection systems to monitor for connection flooding attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm security bulletin. Review system logs for connection rejection errors or service crashes.

Check Version:

cat /proc/version | grep -i qualcomm OR check device settings > about phone > kernel version

Verify Fix Applied:

Verify firmware version includes July 2021 or later security patches. Test connection handling under load.

📡 Detection & Monitoring

Log Indicators:

Multiple connection rejections in short time
SAP service crashes
System reboots without clear cause
Kernel panic logs related to connection handling

Network Indicators:

Unusual connection attempts to SAP ports
Connection flooding patterns
Protocol anomalies in association requests

SIEM Query:

source="device_logs" AND ("connection rejected" OR "association failed" OR "SAP crash") | stats count by host

📊 Metadata

CVE ID: CVE-2021-1955

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-617

Published: July 13, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 Firmware by Qualcomm

Apq8009w Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8053 Firmware by Qualcomm

Apq8064au Firmware by Qualcomm

Apq8096au Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar6003 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csr6030 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Mdm8215 Firmware by Qualcomm

Mdm8215m Firmware by Qualcomm

Mdm8615m Firmware by Qualcomm

Mdm9150 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9215 Firmware by Qualcomm

Mdm9230 Firmware by Qualcomm

Mdm9250 Firmware by Qualcomm

Mdm9310 Firmware by Qualcomm

Mdm9330 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9615 Firmware by Qualcomm

Mdm9615m Firmware by Qualcomm

Mdm9626 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9630 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Msm8917 Firmware by Qualcomm

Msm8953 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qca4020 Firmware by Qualcomm

Qca6174 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6175a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584 Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9367 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9379 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs405 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs603 Firmware by Qualcomm

Qcs605 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qet4101 Firmware by Qualcomm

Qsw8573 Firmware by Qualcomm

Qualcomm215 Firmware by Qualcomm