CVE-2021-30281

Q: What is the severity of CVE-2021-30281?

CVE-2021-30281 has a CVSS score of 8.4 (HIGH). This vulnerability allows unauthorized access to secure memory space in Qualcomm Snapdragon chipsets due to improper access control checks during device configuration flashing. It affects multiple Snapdragon product lines including Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Voice & Music, Wearables, and Wired Infrastructure and Networking. Attackers could potentially access protected system areas they shouldn't have permission to reach.

8.4 HIGH

📋 TL;DR

This vulnerability allows unauthorized access to secure memory space in Qualcomm Snapdragon chipsets due to improper access control checks during device configuration flashing. It affects multiple Snapdragon product lines including Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, Voice & Music, Wearables, and Wired Infrastructure and Networking. Attackers could potentially access protected system areas they shouldn't have permission to reach.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Voice & Music
Snapdragon Wearables
Snapdragon Wired Infrastructure and Networking

Versions: Specific affected versions not detailed in bulletin, refer to Qualcomm advisory for exact chipset versions

Operating Systems: Android, Linux-based embedded systems, Other Qualcomm-supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Qualcomm chipsets across multiple product categories; vulnerability exists at firmware/hardware level

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of secure space allowing extraction of sensitive data, firmware modification, or persistent backdoor installation affecting device integrity and confidentiality.

🟠

Likely Case

Unauthorized access to protected memory regions potentially exposing cryptographic keys, secure boot components, or other sensitive system data.

🟢

If Mitigated

Limited impact with proper access controls and monitoring in place, potentially detected as unauthorized access attempts.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires physical access or privileged system access to flash device configurations; no public exploit code available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm April 2022 security bulletin for specific chipset firmware updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin

Restart Required: Yes

Instructions:

1. Check Qualcomm April 2022 security bulletin for affected chipset list. 2. Contact device manufacturer for firmware updates. 3. Apply firmware patches provided by OEM. 4. Reboot device after patching.

🔧 Temporary Workarounds

Restrict physical access

all

Limit physical access to devices to prevent unauthorized flashing attempts

Implement secure boot verification

all

Enable and enforce secure boot to detect unauthorized firmware modifications

🧯 If You Can't Patch

Isolate affected devices on segmented networks with strict access controls
Implement monitoring for unauthorized access attempts to device flashing interfaces

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's affected products list in April 2022 bulletin

Check Version:

Device-specific commands vary by manufacturer; typically: 'getprop ro.build.version.security_patch' for Android or manufacturer-specific firmware query tools

Verify Fix Applied:

Verify firmware version has been updated to post-April 2022 security patch level

📡 Detection & Monitoring

Log Indicators:

Unauthorized flashing attempts
Secure boot violations
Firmware modification alerts

Network Indicators:

Unexpected device flashing traffic
Unauthorized access to device management interfaces

SIEM Query:

Search for firmware update events outside maintenance windows or from unauthorized sources

📊 Metadata

CVE ID: CVE-2021-30281

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: June 14, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fsm10055 Firmware by Qualcomm

Fsm10056 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6005 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Mdm9150 Firmware by Qualcomm

Mdm9205 Firmware by Qualcomm

Qca4004 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8072 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9984 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn5021 Firmware by Qualcomm

Qcn5022 Firmware by Qualcomm

Qcn5052 Firmware by Qualcomm

Qcn5121 Firmware by Qualcomm

Qcn5122 Firmware by Qualcomm

Qcn5152 Firmware by Qualcomm

Qcn6023 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn9000 Firmware by Qualcomm

Qcn9011 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9022 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9070 Firmware by Qualcomm

Qcn9072 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs405 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs603 Firmware by Qualcomm

Qcs605 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcs8155 Firmware by Qualcomm

Qcx315 Firmware by Qualcomm

Qrb5165 Firmware by Qualcomm

Qrb5165m Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Qsm8250 Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa415m Firmware by Qualcomm