CVE-2021-30262

Q: What is the severity of CVE-2021-30262?

CVE-2021-30262 has a CVSS score of 8.4 (HIGH). This vulnerability allows improper memory access due to improper socket state validation in Qualcomm Snapdragon chipsets. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. It impacts various Snapdragon platforms including automotive, mobile, IoT, and wearable devices.

8.4 HIGH

📋 TL;DR

This vulnerability allows improper memory access due to improper socket state validation in Qualcomm Snapdragon chipsets. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. It impacts various Snapdragon platforms including automotive, mobile, IoT, and wearable devices.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables

Versions: Specific chipset versions not detailed in public advisory; refer to Qualcomm security bulletin for exact affected versions.

Operating Systems: Android, Linux-based embedded systems using affected Snapdragon chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in Qualcomm chipset firmware/drivers, affecting devices regardless of OS configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing device crashes or instability, potentially requiring reboot.

🟢

If Mitigated

Limited impact with proper network segmentation and exploit mitigations in place.

🌐 Internet-Facing: MEDIUM - Requires network access to vulnerable socket services, but many affected devices are internet-connected.

🏢 Internal Only: HIGH - Internal network access could allow lateral movement to vulnerable devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malformed socket events to trigger the memory access issue. No public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to device manufacturer updates; Qualcomm provides patches to OEMs.

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for security updates. 2. Apply firmware/OS updates from manufacturer. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices from untrusted networks to reduce attack surface.

Disable Unnecessary Services

linux

Disable network services that use vulnerable socket functionality if not required.

🧯 If You Can't Patch

Implement strict network access controls to limit exposure to vulnerable devices.
Monitor for abnormal device behavior or crashes that might indicate exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm advisory; use 'cat /proc/cpuinfo' on Linux devices to identify Snapdragon chipsets.

Check Version:

On Android: Settings > About Phone > Build Number; On Linux: uname -a and check manufacturer update logs.

Verify Fix Applied:

Verify firmware/OS version matches patched versions from device manufacturer; check for December 2021 or later security updates.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Socket-related error messages
Unexpected process crashes

Network Indicators:

Unusual socket connection attempts to affected devices
Traffic patterns targeting known vulnerable ports

SIEM Query:

Search for: 'kernel panic' OR 'segmentation fault' on devices with Snapdragon chipsets

📊 Metadata

CVE ID: CVE-2021-30262

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: January 3, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009w Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fsm10055 Firmware by Qualcomm

Fsm10056 Firmware by Qualcomm

Mdm9150 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcs405 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs603 Firmware by Qualcomm

Qcs605 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qet4101 Firmware by Qualcomm

Qrb5165 Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Qsm8250 Firmware by Qualcomm

Qsw8573 Firmware by Qualcomm

Qualcomm215 Firmware by Qualcomm

Sa415m Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd205 Firmware by Qualcomm

Sd210 Firmware by Qualcomm

Sd429 Firmware by Qualcomm

Sd460 Firmware by Qualcomm

Sd660 Firmware by Qualcomm

Sd662 Firmware by Qualcomm

Sd665 Firmware by Qualcomm

Sd675 Firmware by Qualcomm

Sd678 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd720g Firmware by Qualcomm

Sd730 Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd845 Firmware by Qualcomm

Sd855 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sda429w Firmware by Qualcomm

Sdm429w Firmware by Qualcomm

Sdx24 Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdxr1 Firmware by Qualcomm

Sdxr2 5g Firmware by Qualcomm

Sm6225 Firmware by Qualcomm