CVE-2021-30275

Q: What is the severity of CVE-2021-30275?

CVE-2021-30275 has a CVSS score of 9.3 (CRITICAL). This vulnerability is an integer overflow in Qualcomm Snapdragon chipsets that could allow attackers to execute arbitrary code or cause denial of service. It affects multiple Snapdragon product lines including Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Voice & Music, and Wired Infrastructure and Networking. The issue occurs due to insufficient validation of address and size parameters before alignment operations.

9.3 CRITICAL

Denial of Service

📋 TL;DR

This vulnerability is an integer overflow in Qualcomm Snapdragon chipsets that could allow attackers to execute arbitrary code or cause denial of service. It affects multiple Snapdragon product lines including Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Voice & Music, and Wired Infrastructure and Networking. The issue occurs due to insufficient validation of address and size parameters before alignment operations.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Voice & Music
Snapdragon Wired Infrastructure and Networking

Versions: Specific affected versions not specified in CVE description; refer to Qualcomm advisory for exact version ranges

Operating Systems: Android, Linux-based systems using affected Snapdragon chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Snapdragon chipsets across multiple product categories; exact device models depend on chipset implementation

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, allowing attackers to gain root privileges and control affected devices.

🟠

Likely Case

Denial of service through system crashes or instability, potentially requiring device reboots or causing service interruptions.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only affecting isolated components.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Integer overflow vulnerabilities typically require specific conditions to trigger; exploitation may depend on system configuration and access vectors

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm security bulletin for specific patched versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin

Restart Required: Yes

Instructions:

1. Check Qualcomm security bulletin for affected chipset versions. 2. Contact device manufacturer for firmware updates. 3. Apply firmware updates provided by device vendor. 4. Reboot device after update installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices from untrusted networks to reduce attack surface

Access Control Restrictions

all

Implement strict access controls to limit who can interact with vulnerable interfaces

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable devices
Deploy intrusion detection systems to monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check device specifications to determine if it uses affected Snapdragon chipsets; consult manufacturer documentation

Check Version:

Device-specific commands vary by manufacturer; typically 'cat /proc/version' or manufacturer-specific diagnostic tools

Verify Fix Applied:

Verify firmware version against patched versions listed in Qualcomm advisory; check with device manufacturer for update confirmation

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
System crash dumps
Unexpected process terminations
Memory allocation failures

Network Indicators:

Unusual network traffic to device management interfaces
Attempts to access low-level system functions

SIEM Query:

Search for kernel panic events OR system crash events OR memory allocation failures on devices with Snapdragon chipsets

📊 Metadata

CVE ID: CVE-2021-30275

CVSS v3 Score: 9.3 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-190

Published: January 3, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fsm10055 Firmware by Qualcomm

Fsm10056 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6005 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Mdm9150 Firmware by Qualcomm

Mdm9205 Firmware by Qualcomm

Qca4004 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8072 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9984 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn5021 Firmware by Qualcomm

Qcn5022 Firmware by Qualcomm

Qcn5052 Firmware by Qualcomm

Qcn5121 Firmware by Qualcomm

Qcn5122 Firmware by Qualcomm

Qcn5152 Firmware by Qualcomm

Qcn6023 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn9000 Firmware by Qualcomm

Qcn9022 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9070 Firmware by Qualcomm

Qcn9072 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs405 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcx315 Firmware by Qualcomm

Qrb5165 Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Qsm8250 Firmware by Qualcomm

Sa415m Firmware by Qualcomm

Sa515m Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd 8cx Firmware by Qualcomm

Sd460 Firmware by Qualcomm

Sd480 Firmware by Qualcomm