CVE-2021-1971

Q: What is the severity of CVE-2021-1971?

CVE-2021-1971 has a CVSS score of 7.5 (HIGH). This vulnerability in Qualcomm Snapdragon chipsets allows attackers to trigger an assertion failure due to lack of physical layer state validation. It affects multiple Snapdragon product lines including Auto, Compute, Connectivity, Mobile, and others. Successful exploitation could lead to denial of service or potentially code execution.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in Qualcomm Snapdragon chipsets allows attackers to trigger an assertion failure due to lack of physical layer state validation. It affects multiple Snapdragon product lines including Auto, Compute, Connectivity, Mobile, and others. Successful exploitation could lead to denial of service or potentially code execution.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer Electronics Connectivity
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Wired Infrastructure and Networking

Versions: Specific chipset versions not detailed in public advisory

Operating Systems: Android, Linux-based systems using affected Snapdragon chips

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with specific Qualcomm Snapdragon chipsets. Exact chipset models and firmware versions require checking Qualcomm's detailed advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing device crashes, reboots, or instability in affected systems.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only causing temporary service disruption.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted packets to trigger the assertion failure. No public exploit code is available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by device manufacturer and chipset

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/september-2021-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply manufacturer-provided patches. 3. Reboot device after patch installation. 4. Verify patch application through version checks.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices from untrusted networks to reduce attack surface

Access Control Lists

all

Implement strict network ACLs to limit traffic to affected devices

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices
Monitor for abnormal device behavior or crashes indicating potential exploitation

🔍 How to Verify

Check if Vulnerable:

Check device specifications for affected Snapdragon chipsets and firmware versions against Qualcomm advisory

Check Version:

Device-specific commands vary by manufacturer (e.g., 'adb shell getprop ro.build.fingerprint' for Android devices)

Verify Fix Applied:

Verify firmware version has been updated to manufacturer's patched version

📡 Detection & Monitoring

Log Indicators:

Unexpected device reboots
Kernel panic logs
Assertion failure messages in system logs

Network Indicators:

Unusual network traffic patterns to affected devices
Malformed packets targeting network interfaces

SIEM Query:

Search for: 'assertion failure' OR 'kernel panic' OR 'unexpected reboot' on devices with Snapdragon chipsets

📊 Metadata

CVE ID: CVE-2021-1971

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-617

Published: September 9, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/september-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/september-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5018 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6005 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8070 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071 Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072 Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074 Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Qca1062 Firmware by Qualcomm

Qca1064 Firmware by Qualcomm

Qca2062 Firmware by Qualcomm

Qca2064 Firmware by Qualcomm

Qca2065 Firmware by Qualcomm

Qca2066 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6175a Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6428 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6438 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6694 Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8072 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qca9984 Firmware by Qualcomm

Qcn5021 Firmware by Qualcomm

Qcn5022 Firmware by Qualcomm

Qcn5024 Firmware by Qualcomm

Qcn5052 Firmware by Qualcomm

Qcn5054 Firmware by Qualcomm

Qcn5064 Firmware by Qualcomm

Qcn5121 Firmware by Qualcomm

Qcn5122 Firmware by Qualcomm

Qcn5124 Firmware by Qualcomm

Qcn5152 Firmware by Qualcomm

Qcn5154 Firmware by Qualcomm

Qcn5164 Firmware by Qualcomm

Qcn5550 Firmware by Qualcomm

Qcn6023 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn9000 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm