CVE-2021-30285

9.3 CRITICAL

📋 TL;DR

This vulnerability in Qualcomm Snapdragon hypervisors allows improper memory region validation, potentially enabling attackers to map incorrect memory regions. It affects numerous Snapdragon platforms across automotive, compute, IoT, and networking products. Successful exploitation could lead to privilege escalation or arbitrary code execution in the hypervisor context.

💻 Affected Systems

Products:

• Snapdragon Auto
• Snapdragon Compute
• Snapdragon Connectivity
• Snapdragon Consumer IOT
• Snapdragon Industrial IOT
• Snapdragon Voice & Music
• Snapdragon Wired Infrastructure and Networking

Versions: Specific affected versions not publicly detailed in advisory

Operating Systems: Android-based systems and embedded OS using affected Snapdragon chips

Default Config Vulnerable: ⚠️ Yes

Notes: Affects hypervisor implementations in Qualcomm Snapdragon system-on-chips; requires hypervisor functionality to be enabled and accessible.

📦 What is this software?

Ar8031 Firmware by Qualcomm

View all CVEs affecting Ar8031 Firmware →

Ar8035 Firmware by Qualcomm

View all CVEs affecting Ar8035 Firmware →

Csra6620 Firmware by Qualcomm

View all CVEs affecting Csra6620 Firmware →

Csra6640 Firmware by Qualcomm

View all CVEs affecting Csra6640 Firmware →

Csrb31024 Firmware by Qualcomm

View all CVEs affecting Csrb31024 Firmware →

Fsm10055 Firmware by Qualcomm

View all CVEs affecting Fsm10055 Firmware →

Fsm10056 Firmware by Qualcomm

View all CVEs affecting Fsm10056 Firmware →

Mdm9150 Firmware by Qualcomm

View all CVEs affecting Mdm9150 Firmware →

Mdm9205 Firmware by Qualcomm

View all CVEs affecting Mdm9205 Firmware →

Qca4004 Firmware by Qualcomm

View all CVEs affecting Qca4004 Firmware →

Qca6174a Firmware by Qualcomm

View all CVEs affecting Qca6174a Firmware →

Qca6390 Firmware by Qualcomm

View all CVEs affecting Qca6390 Firmware →

Qca6391 Firmware by Qualcomm

View all CVEs affecting Qca6391 Firmware →

Qca6426 Firmware by Qualcomm

View all CVEs affecting Qca6426 Firmware →

Qca6436 Firmware by Qualcomm

View all CVEs affecting Qca6436 Firmware →

Qca6564 Firmware by Qualcomm

View all CVEs affecting Qca6564 Firmware →

Qca6564a Firmware by Qualcomm

View all CVEs affecting Qca6564a Firmware →

Qca6564au Firmware by Qualcomm

View all CVEs affecting Qca6564au Firmware →

Qca6574 Firmware by Qualcomm

View all CVEs affecting Qca6574 Firmware →

Qca6574a Firmware by Qualcomm

View all CVEs affecting Qca6574a Firmware →

Qca6574au Firmware by Qualcomm

View all CVEs affecting Qca6574au Firmware →

Qca6595au Firmware by Qualcomm

View all CVEs affecting Qca6595au Firmware →

Qca6696 Firmware by Qualcomm

View all CVEs affecting Qca6696 Firmware →

Qca8337 Firmware by Qualcomm

View all CVEs affecting Qca8337 Firmware →

Qca9377 Firmware by Qualcomm

View all CVEs affecting Qca9377 Firmware →

Qca9984 Firmware by Qualcomm

View all CVEs affecting Qca9984 Firmware →

Qcm2290 Firmware by Qualcomm

View all CVEs affecting Qcm2290 Firmware →

Qcm4290 Firmware by Qualcomm

View all CVEs affecting Qcm4290 Firmware →

Qcm6490 Firmware by Qualcomm

View all CVEs affecting Qcm6490 Firmware →

Qcs2290 Firmware by Qualcomm

View all CVEs affecting Qcs2290 Firmware →

Qcs405 Firmware by Qualcomm

View all CVEs affecting Qcs405 Firmware →

Qcs410 Firmware by Qualcomm

View all CVEs affecting Qcs410 Firmware →

Qcs4290 Firmware by Qualcomm

View all CVEs affecting Qcs4290 Firmware →

Qcs603 Firmware by Qualcomm

View all CVEs affecting Qcs603 Firmware →

Qcs605 Firmware by Qualcomm

View all CVEs affecting Qcs605 Firmware →

Qcs610 Firmware by Qualcomm

View all CVEs affecting Qcs610 Firmware →

Qcs6490 Firmware by Qualcomm

View all CVEs affecting Qcs6490 Firmware →

Qcx315 Firmware by Qualcomm

View all CVEs affecting Qcx315 Firmware →

Qrb5165 Firmware by Qualcomm

View all CVEs affecting Qrb5165 Firmware →

Qrb5165n Firmware by Qualcomm

View all CVEs affecting Qrb5165n Firmware →

Qsm8250 Firmware by Qualcomm

View all CVEs affecting Qsm8250 Firmware →

Sa415m Firmware by Qualcomm

View all CVEs affecting Sa415m Firmware →

Sa515m Firmware by Qualcomm

View all CVEs affecting Sa515m Firmware →

Sa6145p Firmware by Qualcomm

View all CVEs affecting Sa6145p Firmware →

Sa6150p Firmware by Qualcomm

View all CVEs affecting Sa6150p Firmware →

Sa6155 Firmware by Qualcomm

View all CVEs affecting Sa6155 Firmware →

Sa6155p Firmware by Qualcomm

View all CVEs affecting Sa6155p Firmware →

Sa8145p Firmware by Qualcomm

View all CVEs affecting Sa8145p Firmware →

Sa8150p Firmware by Qualcomm

View all CVEs affecting Sa8150p Firmware →

Sa8155 Firmware by Qualcomm

View all CVEs affecting Sa8155 Firmware →

Sa8155p Firmware by Qualcomm

View all CVEs affecting Sa8155p Firmware →

Sa8195p Firmware by Qualcomm

View all CVEs affecting Sa8195p Firmware →

Sd 675 Firmware by Qualcomm

View all CVEs affecting Sd 675 Firmware →

Sd 8cx Gen2 Firmware by Qualcomm

View all CVEs affecting Sd 8cx Gen2 Firmware →

Sd460 Firmware by Qualcomm

View all CVEs affecting Sd460 Firmware →

Sd480 Firmware by Qualcomm

View all CVEs affecting Sd480 Firmware →

Sd662 Firmware by Qualcomm

View all CVEs affecting Sd662 Firmware →

Sd665 Firmware by Qualcomm

View all CVEs affecting Sd665 Firmware →

Sd675 Firmware by Qualcomm

View all CVEs affecting Sd675 Firmware →

Sd678 Firmware by Qualcomm

View all CVEs affecting Sd678 Firmware →

Sd690 5g Firmware by Qualcomm

View all CVEs affecting Sd690 5g Firmware →

Sd720g Firmware by Qualcomm

View all CVEs affecting Sd720g Firmware →

Sd730 Firmware by Qualcomm

View all CVEs affecting Sd730 Firmware →

Sd750g Firmware by Qualcomm

View all CVEs affecting Sd750g Firmware →

Sd765 Firmware by Qualcomm

View all CVEs affecting Sd765 Firmware →

Sd765g Firmware by Qualcomm

View all CVEs affecting Sd765g Firmware →

Sd768g Firmware by Qualcomm

View all CVEs affecting Sd768g Firmware →

Sd778g Firmware by Qualcomm

View all CVEs affecting Sd778g Firmware →

Sd7c Firmware by Qualcomm

View all CVEs affecting Sd7c Firmware →

Sd865 5g Firmware by Qualcomm

View all CVEs affecting Sd865 5g Firmware →

Sd870 Firmware by Qualcomm

View all CVEs affecting Sd870 Firmware →

Sd888 5g Firmware by Qualcomm

View all CVEs affecting Sd888 5g Firmware →

Sdx24 Firmware by Qualcomm

View all CVEs affecting Sdx24 Firmware →

Sdx55 Firmware by Qualcomm

View all CVEs affecting Sdx55 Firmware →

Sdx55m Firmware by Qualcomm

View all CVEs affecting Sdx55m Firmware →

Sdx57m Firmware by Qualcomm

View all CVEs affecting Sdx57m Firmware →

Sdxr1 Firmware by Qualcomm

View all CVEs affecting Sdxr1 Firmware →

Sdxr2 5g Firmware by Qualcomm

View all CVEs affecting Sdxr2 5g Firmware →

Sm6225 Firmware by Qualcomm

View all CVEs affecting Sm6225 Firmware →

Sm6250 Firmware by Qualcomm

View all CVEs affecting Sm6250 Firmware →

Sm6250p Firmware by Qualcomm

View all CVEs affecting Sm6250p Firmware →

Sm6375 Firmware by Qualcomm

View all CVEs affecting Sm6375 Firmware →

Sm7250p Firmware by Qualcomm

View all CVEs affecting Sm7250p Firmware →

Sm7325p Firmware by Qualcomm

View all CVEs affecting Sm7325p Firmware →

Wcd9306 Firmware by Qualcomm

View all CVEs affecting Wcd9306 Firmware →

Wcd9335 Firmware by Qualcomm

View all CVEs affecting Wcd9335 Firmware →

Wcd9370 Firmware by Qualcomm

View all CVEs affecting Wcd9370 Firmware →

Wcd9375 Firmware by Qualcomm

View all CVEs affecting Wcd9375 Firmware →

Wcd9380 Firmware by Qualcomm

View all CVEs affecting Wcd9380 Firmware →

Wcd9385 Firmware by Qualcomm

View all CVEs affecting Wcd9385 Firmware →

Wcn3910 Firmware by Qualcomm

View all CVEs affecting Wcn3910 Firmware →

Wcn3950 Firmware by Qualcomm

View all CVEs affecting Wcn3950 Firmware →

Wcn3988 Firmware by Qualcomm

View all CVEs affecting Wcn3988 Firmware →

Wcn3991 Firmware by Qualcomm

View all CVEs affecting Wcn3991 Firmware →

Wcn3999 Firmware by Qualcomm

View all CVEs affecting Wcn3999 Firmware →

Wcn6750 Firmware by Qualcomm

View all CVEs affecting Wcn6750 Firmware →

Wcn6850 Firmware by Qualcomm

View all CVEs affecting Wcn6850 Firmware →

Wcn6851 Firmware by Qualcomm

View all CVEs affecting Wcn6851 Firmware →

Wcn6855 Firmware by Qualcomm

View all CVEs affecting Wcn6855 Firmware →

Wcn6856 Firmware by Qualcomm

View all CVEs affecting Wcn6856 Firmware →

Wsa8830 Firmware by Qualcomm

View all CVEs affecting Wsa8830 Firmware →

Wsa8835 Firmware by Qualcomm

View all CVEs affecting Wsa8835 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full hypervisor compromise allowing complete control over virtual machines, potential escape to host system, and persistent backdoor installation across affected devices.

🟠

Likely Case

Privilege escalation from guest VM to hypervisor, enabling unauthorized access to other VMs, data exfiltration, or denial of service.

🟢

If Mitigated

Limited impact with proper network segmentation, minimal hypervisor attack surface, and strict access controls preventing initial foothold.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires existing access to a guest VM and knowledge of hypervisor internals; no public exploits available as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm security bulletin for specific chipset firmware updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/january-2022-bulletin

Restart Required: Yes

Instructions:

1. Check Qualcomm advisory for affected chipset models. 2. Contact device manufacturer for firmware updates. 3. Apply firmware patches provided by OEM. 4. Reboot affected devices.

🔧 Temporary Workarounds

Disable unnecessary hypervisor features

all

Reduce attack surface by disabling hypervisor functionality if not required for device operation

Copy

Device-specific configuration commands vary by manufacturer

Implement strict VM isolation

all

Ensure guest VMs cannot communicate with hypervisor beyond necessary interfaces

Copy

Hypervisor-specific configuration required

🧯 If You Can't Patch

• Isolate affected devices on segmented networks with strict access controls
• Implement application allowlisting and monitor for unusual hypervisor activity

🔍 How to Verify

Check if Vulnerable:

Copy

Check device firmware version against Qualcomm security bulletin; use manufacturer-specific tools to verify chipset model and firmware

Check Version:

Copy

Manufacturer-specific commands vary; typically adb shell getprop ro.build.fingerprint or similar OEM tools

Verify Fix Applied:

Copy

Verify firmware version has been updated to patched version specified by manufacturer; test hypervisor functionality remains operational

📡 Detection & Monitoring

Log Indicators:

• Hypervisor access violations
• Unexpected memory mapping operations
• Privilege escalation attempts in VM context

Network Indicators:

• Unusual inter-VM communication patterns
• Hypervisor management interface access from unauthorized sources

SIEM Query:

Copy

Example: hypervisor_logs | where event_type contains "memory_mapping" and result == "failure"

📊 Metadata

CVE ID: CVE-2021-30285

CVSS v3 Score: 9.3 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-20

Published: January 13, 2022

Last Updated: November 21, 2024

🔗 References

• https://www.qualcomm.com/company/product-security/bulletins/january-2022-bulletin Vendor Advisory
• https://www.qualcomm.com/company/product-security/bulletins/january-2022-bulletin Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30285, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)

CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)

CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)