CVE-2021-30303

Q: What is the severity of CVE-2021-30303?

CVE-2021-30303 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code or cause denial of service on affected Qualcomm Snapdragon devices by sending specially crafted segmented WMI commands that trigger a buffer overflow. It affects a wide range of Snapdragon platforms including automotive, mobile, IoT, and networking products. Attackers could potentially gain elevated privileges or crash systems.

7.8 HIGH

Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code or cause denial of service on affected Qualcomm Snapdragon devices by sending specially crafted segmented WMI commands that trigger a buffer overflow. It affects a wide range of Snapdragon platforms including automotive, mobile, IoT, and networking products. Attackers could potentially gain elevated privileges or crash systems.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer Electronics Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wired Infrastructure and Networking

Versions: Specific affected versions not detailed in public advisory; refer to Qualcomm security bulletin for exact version ranges.

Operating Systems: Android, Linux-based embedded systems, Qualcomm proprietary platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm Snapdragon chipsets that have WMI functionality enabled. The vulnerability is in the firmware/driver layer.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing system crashes or instability, potentially requiring physical reset.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing malicious WMI command delivery.

🌐 Internet-Facing: MEDIUM - Requires specific WMI command delivery which may be filtered by firewalls, but vulnerable if exposed services accept WMI commands.

🏢 Internal Only: HIGH - Internal attackers or compromised internal systems could exploit this vulnerability to escalate privileges or disrupt operations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malicious segmented WMI commands to the vulnerable component. No public exploit code has been disclosed as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm security bulletin for specific patched versions per product line.

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin

Restart Required: Yes

Instructions:

1. Check Qualcomm security bulletin for your specific product. 2. Obtain firmware/driver updates from device manufacturer (OEM). 3. Apply updates following OEM instructions. 4. Reboot device to activate patched firmware.

🔧 Temporary Workarounds

Network Access Control

linux

Restrict network access to WMI interfaces to prevent unauthorized command delivery.

iptables -A INPUT -p tcp --dport [WMI_PORT] -j DROP
iptables -A INPUT -p udp --dport [WMI_PORT] -j DROP

Disable WMI if Unused

linux

Disable WMI functionality if not required for device operation.

echo 0 > /sys/module/wmi/parameters/enabled

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable devices from untrusted networks.
Deploy intrusion detection systems to monitor for anomalous WMI command patterns.

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm security bulletin. Use 'cat /proc/version' or OEM-specific commands to identify chipset and firmware.

Check Version:

cat /proc/version | grep -i qualcomm || cat /sys/firmware/devicetree/base/model

Verify Fix Applied:

Verify firmware version has been updated to patched version listed in Qualcomm bulletin. Check with 'dmesg | grep -i wmi' for any error messages after update.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
WMI driver crash messages in dmesg
Unexpected system reboots

Network Indicators:

Unusual WMI command traffic patterns
Multiple segmented WMI packets from single source

SIEM Query:

source="kernel" AND "WMI" AND ("panic" OR "segmentation fault" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2021-30303

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: January 3, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8064au Firmware by Qualcomm

Apq8096au Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar7420 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Ipq4018 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Ipq4028 Firmware by Qualcomm

Ipq4029 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5018 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6005 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8065 Firmware by Qualcomm

Ipq8068 Firmware by Qualcomm

Ipq8069 Firmware by Qualcomm

Ipq8070 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071 Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072 Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074 Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9250 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Pmp8074 Firmware by Qualcomm

Qca1023 Firmware by Qualcomm

Qca2062 Firmware by Qualcomm

Qca2064 Firmware by Qualcomm

Qca2065 Firmware by Qualcomm

Qca2066 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca4531 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6175a Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6428 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6438 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584 Firmware by Qualcomm

Qca6584au Firmware by Qualcomm