CVE-2021-30257

Q: What is the severity of CVE-2021-30257?

CVE-2021-30257 has a CVSS score of 8.4 (HIGH). This vulnerability allows attackers to read or write memory outside intended bounds in VR service due to insufficient validation of DSP selection values in Qualcomm Snapdragon chips. It affects devices using Snapdragon Compute, Connectivity, Consumer IoT, and Industrial IoT platforms. Successful exploitation could lead to privilege escalation or denial of service.

8.4 HIGH

📋 TL;DR

This vulnerability allows attackers to read or write memory outside intended bounds in VR service due to insufficient validation of DSP selection values in Qualcomm Snapdragon chips. It affects devices using Snapdragon Compute, Connectivity, Consumer IoT, and Industrial IoT platforms. Successful exploitation could lead to privilege escalation or denial of service.

💻 Affected Systems

Products:

Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT

Versions: Specific chipset versions not detailed in public advisory; affected by DSP selection validation flaw in VR service.

Operating Systems: Android-based systems, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm VR service enabled; exact chip models not specified in public bulletin.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated permissions on affected devices, potentially leading to data access or service disruption.

🟢

If Mitigated

Denial of service through VR service crash if memory corruption occurs but exploitation fails.

🌐 Internet-Facing: MEDIUM - Requires VR service to be exposed or accessible via other attack vectors, but IoT devices often have limited internet exposure.

🏢 Internal Only: HIGH - Many affected devices are embedded systems or IoT devices within internal networks where local access could be obtained.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of VR service and DSP memory structures; no public exploits known as of advisory date.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm October 2021 security bulletin for specific chipset updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM updates. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Disable VR service if unused

android

Disable Qualcomm VR service on devices where virtual reality functionality is not required.

adb shell pm disable com.qualcomm.qti.vrservice
systemctl disable qvrservice (if applicable)

🧯 If You Can't Patch

Segment affected devices on isolated network segments
Implement strict access controls to prevent unauthorized local access to devices

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's October 2021 security bulletin.

Check Version:

adb shell getprop ro.build.fingerprint (Android) or cat /proc/version (Linux)

Verify Fix Applied:

Verify firmware version has been updated to post-October 2021 patches from device manufacturer.

📡 Detection & Monitoring

Log Indicators:

VR service crashes
Kernel panic logs
Memory access violation errors in system logs

Network Indicators:

Unusual VR service network traffic
Unexpected connections to VR service ports

SIEM Query:

source="system_logs" AND ("VR service" OR "qvr") AND ("crash" OR "segfault" OR "access violation")

📊 Metadata

CVE ID: CVE-2021-30257

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: October 20, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8017 Firmware by Qualcomm

Apq8053 Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Msm8917 Firmware by Qualcomm

Msm8953 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs605 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qualcomm215 Firmware by Qualcomm

Sd 636 Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd429 Firmware by Qualcomm

Sd439 Firmware by Qualcomm

Sd460 Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd632 Firmware by Qualcomm

Sd662 Firmware by Qualcomm

Sd665 Firmware by Qualcomm

Sd675 Firmware by Qualcomm

Sd678 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd720g Firmware by Qualcomm

Sd730 Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd780g Firmware by Qualcomm

Sd855 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sdm630 Firmware by Qualcomm

Sdx50m Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdxr1 Firmware by Qualcomm

Sdxr2 5g Firmware by Qualcomm

Sm4125 Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Sm7250 Firmware by Qualcomm

Sm7325 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3615 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3680 Firmware by Qualcomm

Wcn3680b Firmware by Qualcomm

Wcn3910 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3991 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm

Wcn6750 Firmware by Qualcomm

Wcn6850 Firmware by Qualcomm

Wcn6851 Firmware by Qualcomm

Wcn6855 Firmware by Qualcomm

Wcn6856 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm