CVE-2021-1981

Q: What is the severity of CVE-2021-1981?

CVE-2021-1981 has a CVSS score of 7.5 (HIGH). This vulnerability is a buffer over-read in Qualcomm Snapdragon chipsets due to improper size checking of Bearer capability information elements in MT setup requests from networks. It affects multiple Snapdragon platforms including Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, and Mobile. Attackers could potentially read sensitive data from adjacent memory locations.

7.5 HIGH

📋 TL;DR

This vulnerability is a buffer over-read in Qualcomm Snapdragon chipsets due to improper size checking of Bearer capability information elements in MT setup requests from networks. It affects multiple Snapdragon platforms including Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, and Mobile. Attackers could potentially read sensitive data from adjacent memory locations.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile

Versions: Specific chipset versions not detailed in public advisory; affected by firmware/software using vulnerable Qualcomm components.

Operating Systems: Android, Linux-based embedded systems, QNX, Automotive/embedded OS variants

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using Qualcomm baseband/modems with vulnerable firmware. Exact device models depend on OEM implementation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or persistent backdoor installation on affected devices.

🟠

Likely Case

Information disclosure through memory read, potentially exposing sensitive data or cryptographic keys stored in adjacent memory.

🟢

If Mitigated

Denial of service or system instability if memory access causes crashes, but no data compromise.

🌐 Internet-Facing: MEDIUM - Requires network interaction but affected devices may be internet-facing in IoT/embedded contexts.

🏢 Internal Only: MEDIUM - Internal network devices could be targeted through network-based attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted network packets to trigger the buffer over-read. No public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm security bulletin November 2021 and device manufacturer updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/november-2021-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware/software updates. 2. Apply Qualcomm-provided patches through OEM channels. 3. Reboot device after update. 4. Verify patch installation.

🔧 Temporary Workarounds

Network segmentation

all

Isolate affected devices from untrusted networks to prevent exploitation attempts.

Firewall rules

all

Block unnecessary network protocols to affected devices at perimeter.

🧯 If You Can't Patch

Segment affected devices in isolated network zones with strict access controls
Implement network monitoring for anomalous MT setup requests or memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check device firmware/software version against manufacturer security bulletins. Use Qualcomm diagnostic tools if available.

Check Version:

Device-specific commands vary by manufacturer; typically 'adb shell getprop ro.build.version' for Android devices

Verify Fix Applied:

Verify installed firmware version matches patched versions from manufacturer. Test with security scanning tools if available.

📡 Detection & Monitoring

Log Indicators:

Baseband/module crash logs
Memory access violation logs
Unexpected MT setup request patterns

Network Indicators:

Anomalous network packets targeting baseband interfaces
Unusual MT setup request patterns

SIEM Query:

Search for baseband crash events, memory violation alerts, or network anomalies to affected device IPs

📊 Metadata

CVE ID: CVE-2021-1981

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: November 12, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/november-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/november-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8017 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Msm8917 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcx315 Firmware by Qualcomm

Qsm8350 Firmware by Qualcomm

Qualcomm215 Firmware by Qualcomm

Sa515m Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd205 Firmware by Qualcomm

Sd210 Firmware by Qualcomm

Sd429 Firmware by Qualcomm

Sd439 Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd665 Firmware by Qualcomm

Sd670 Firmware by Qualcomm

Sd675 Firmware by Qualcomm

Sd678 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd720g Firmware by Qualcomm

Sd730 Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd845 Firmware by Qualcomm

Sd855 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdx65 Firmware by Qualcomm

Sdxr2 5g Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Sm6250p Firmware by Qualcomm

Sm6375 Firmware by Qualcomm

Sm7250 Firmware by Qualcomm

Sm7325 Firmware by Qualcomm

Sm8450 Firmware by Qualcomm

Sm8450p Firmware by Qualcomm

Wcd9326 Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9360 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9371 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3610 Firmware by Qualcomm

Wcn3615 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3680b Firmware by Qualcomm

Wcn3910 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3990 Firmware by Qualcomm