CVE-2021-1975

Q: What is the severity of CVE-2021-1975?

CVE-2021-1975 has a CVSS score of 9.8 (CRITICAL). CVE-2021-1975 is a critical heap overflow vulnerability in Qualcomm Snapdragon chipsets that allows remote code execution via malformed DNS responses. Attackers can exploit this to execute arbitrary code with kernel privileges on affected devices. This affects numerous Qualcomm Snapdragon platforms across automotive, compute, IoT, wearables, and other embedded systems.

9.8 CRITICAL

Remote Code Execution

📋 TL;DR

CVE-2021-1975 is a critical heap overflow vulnerability in Qualcomm Snapdragon chipsets that allows remote code execution via malformed DNS responses. Attackers can exploit this to execute arbitrary code with kernel privileges on affected devices. This affects numerous Qualcomm Snapdragon platforms across automotive, compute, IoT, wearables, and other embedded systems.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon IoT
Snapdragon Voice & Music
Snapdragon Wearables

Versions: Multiple chipset versions across these product lines - specific versions vary by product

Operating Systems: Android, Linux-based embedded systems, QNX and other RTOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the Qualcomm baseband/network stack, so affects devices regardless of OS version if using vulnerable Snapdragon chipsets.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing remote attackers to execute arbitrary code with kernel privileges, potentially leading to persistent backdoors, data theft, or device bricking.

🟠

Likely Case

Remote code execution leading to device compromise, data exfiltration, or integration into botnets for DDoS attacks.

🟢

If Mitigated

Limited impact if devices are behind firewalls with DNS filtering and have network segmentation preventing direct internet access.

🌐 Internet-Facing: HIGH - Devices directly exposed to the internet can be exploited remotely without authentication via malicious DNS responses.

🏢 Internal Only: MEDIUM - Internal devices could still be exploited through internal DNS poisoning or compromised internal systems, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted DNS responses, but no authentication is needed. The vulnerability is in parsing logic, making reliable exploitation feasible for skilled attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by device manufacturer - check with OEM for specific firmware updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/november-2021-bulletin

Restart Required: Yes

Instructions:

1. Contact device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM firmware updates. 3. Reboot device after update. 4. Verify patch installation through version checks.

🔧 Temporary Workarounds

DNS Response Filtering

all

Deploy DNS filtering solutions to block malformed DNS responses before they reach vulnerable devices.

Network Segmentation

all

Isolate affected devices in separate network segments with restricted DNS access.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable devices from untrusted networks
Deploy DNS filtering appliances that can detect and block malformed DNS packets

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer's security bulletins. Use 'getprop ro.build.fingerprint' on Android devices or check firmware version in device settings.

Check Version:

Android: 'getprop ro.build.version.security_patch' and 'getprop ro.build.fingerprint'. Linux-based: Check firmware version via manufacturer-specific commands.

Verify Fix Applied:

Verify firmware version has been updated to a version listed as patched by the device manufacturer. Check for security patch level dated after November 2021.

📡 Detection & Monitoring

Log Indicators:

DNS parsing errors in system logs
Unexpected process crashes in network stack
Memory corruption warnings in kernel logs

Network Indicators:

Unusual DNS response patterns
DNS packets with malformed domain names
Traffic to devices from unexpected DNS servers

SIEM Query:

source="dns" AND (message="*heap*" OR message="*overflow*" OR message="*corruption*") OR source="kernel" AND message="*panic*" AND process="*dns*"

📊 Metadata

CVE ID: CVE-2021-1975

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: November 12, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/november-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/november-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 Firmware by Qualcomm

Apq8009w Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8037 Firmware by Qualcomm

Apq8096au Firmware by Qualcomm

Ar6003 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csr6030 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fsm10055 Firmware by Qualcomm

Fsm10056 Firmware by Qualcomm

Mdm8207 Firmware by Qualcomm

Mdm8215 Firmware by Qualcomm

Mdm8215m Firmware by Qualcomm

Mdm8615m Firmware by Qualcomm

Mdm9150 Firmware by Qualcomm

Mdm9205 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9207 Firmware by Qualcomm

Mdm9215 Firmware by Qualcomm

Mdm9230 Firmware by Qualcomm

Mdm9250 Firmware by Qualcomm

Mdm9310 Firmware by Qualcomm

Mdm9330 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9615 Firmware by Qualcomm

Mdm9615m Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9630 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8108 Firmware by Qualcomm

Msm8208 Firmware by Qualcomm

Msm8209 Firmware by Qualcomm

Msm8608 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Msm8917 Firmware by Qualcomm

Msm8920 Firmware by Qualcomm

Msm8937 Firmware by Qualcomm

Msm8940 Firmware by Qualcomm

Msm8976 Firmware by Qualcomm

Msm8976sg Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qca4004 Firmware by Qualcomm

Qca6174 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584 Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6694 Firmware by Qualcomm

Qca6694au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9367 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9379 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm