CVE-2021-30292

Q: What is the severity of CVE-2021-30292?

CVE-2021-30292 has a CVSS score of 8.4 (HIGH). This vulnerability allows memory corruption due to improper validation of client data during memory allocation in Qualcomm Snapdragon chipsets. Attackers could potentially execute arbitrary code or cause denial of service. Affects Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, and Wearables platforms.

8.4 HIGH

Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability allows memory corruption due to improper validation of client data during memory allocation in Qualcomm Snapdragon chipsets. Attackers could potentially execute arbitrary code or cause denial of service. Affects Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, and Wearables platforms.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Wearables

Versions: Specific chipset versions not detailed in advisory; refer to Qualcomm bulletin for exact affected versions.

Operating Systems: Android-based systems and other embedded OS using affected Snapdragon chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the chipset firmware/drivers, affecting all devices using these components regardless of OS configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing device crashes or instability, potentially requiring physical reset.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, possibly just service disruption.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted data to the vulnerable component; no public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to device manufacturer updates; Qualcomm has provided fixes to OEMs.

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware/software updates. 2. Apply the provided patch from the manufacturer. 3. Reboot the device to activate the fix.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices from untrusted networks to reduce attack surface.

Access Control

all

Restrict network access to vulnerable services using firewalls or ACLs.

🧯 If You Can't Patch

Deploy network monitoring and intrusion detection systems to detect exploitation attempts.
Consider replacing affected hardware with updated versions if patching is not feasible.

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer's security bulletins; no universal command exists due to chipset-level vulnerability.

Check Version:

Device-specific; typically check in system settings or use manufacturer-provided tools (e.g., 'adb shell getprop' for Android devices).

Verify Fix Applied:

Verify that the latest firmware/software update from the device manufacturer has been applied and check release notes for CVE-2021-30292 mention.

📡 Detection & Monitoring

Log Indicators:

Unexpected device crashes, memory corruption errors in system logs, or abnormal process terminations.

Network Indicators:

Unusual network traffic to device services that could trigger the vulnerability.

SIEM Query:

Example: 'device_crash OR memory_corruption AND (Snapdragon OR Qualcomm)'

📊 Metadata

CVE ID: CVE-2021-30292

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: October 20, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8017 Firmware by Qualcomm

Apq8053 Firmware by Qualcomm

Apq8064au Firmware by Qualcomm

Apq8096au Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Msm8917 Firmware by Qualcomm

Msm8953 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Qca6310 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6335 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs603 Firmware by Qualcomm

Qcs605 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qualcomm215 Firmware by Qualcomm

Sd 455 Firmware by Qualcomm

Sd 636 Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd205 Firmware by Qualcomm

Sd210 Firmware by Qualcomm

Sd429 Firmware by Qualcomm

Sd439 Firmware by Qualcomm

Sd460 Firmware by Qualcomm

Sd632 Firmware by Qualcomm

Sd662 Firmware by Qualcomm

Sd665 Firmware by Qualcomm

Sd675 Firmware by Qualcomm

Sd678 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd720g Firmware by Qualcomm

Sd730 Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd780g Firmware by Qualcomm

Sd855 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sdm630 Firmware by Qualcomm

Sdx50m Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdxr1 Firmware by Qualcomm

Sdxr2 5g Firmware by Qualcomm

Sm4125 Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Sm6250p Firmware by Qualcomm

Sm7250 Firmware by Qualcomm

Sm7325 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3610 Firmware by Qualcomm

Wcn3615 Firmware by Qualcomm

Wcn3660b Firmware by Qualcomm

Wcn3680 Firmware by Qualcomm