CVE-2021-30305

Q: What is the severity of CVE-2021-30305?

CVE-2021-30305 has a CVSS score of 8.4 (HIGH). This vulnerability in Qualcomm Snapdragon chipsets allows potential out-of-bounds memory access due to insufficient validation of page offsets before page insertion. Attackers could exploit this to execute arbitrary code or cause denial of service. Affected devices include automotive, connectivity, industrial IoT, and mobile platforms using vulnerable Snapdragon components.

8.4 HIGH

📋 TL;DR

This vulnerability in Qualcomm Snapdragon chipsets allows potential out-of-bounds memory access due to insufficient validation of page offsets before page insertion. Attackers could exploit this to execute arbitrary code or cause denial of service. Affected devices include automotive, connectivity, industrial IoT, and mobile platforms using vulnerable Snapdragon components.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Connectivity
Snapdragon Industrial IOT
Snapdragon Mobile

Versions: Specific chipset versions not detailed in bulletin; refer to Qualcomm advisory for exact affected versions

Operating Systems: Android, Linux-based automotive/industrial systems

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in Qualcomm firmware/drivers; exact affected products depend on chipset model and firmware version

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated privileges on compromised devices

🟢

If Mitigated

Denial of service or system instability if memory corruption occurs but exploitation fails

🌐 Internet-Facing: MEDIUM - Requires local access or chaining with other vulnerabilities for remote exploitation

🏢 Internal Only: HIGH - Local attackers or malicious apps could exploit this for privilege escalation

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access or ability to execute code on device; no public exploits known

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to device manufacturer/OEM updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for security updates 2. Apply firmware/OS updates from OEM 3. Reboot device after update

🔧 Temporary Workarounds

Restrict local code execution

all

Limit installation of untrusted applications and enforce application sandboxing

🧯 If You Can't Patch

Isolate affected devices from untrusted networks
Implement strict application allowlisting and privilege restrictions

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm advisory

Check Version:

Device-specific commands vary by manufacturer; typically in Settings > About Phone > Build Number

Verify Fix Applied:

Verify firmware version has been updated to patched version from OEM

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Memory access violation errors
Unexpected process crashes

Network Indicators:

Unusual outbound connections from system processes

SIEM Query:

Search for kernel panic events or memory corruption alerts on affected device models

📊 Metadata

CVE ID: CVE-2021-30305

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-20

Published: October 20, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/october-2021-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Qca6174a Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd780g Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sdx12 Firmware by Qualcomm

Sm7325 Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3991 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm

Wcn6750 Firmware by Qualcomm

Wcn6850 Firmware by Qualcomm

Wcn6851 Firmware by Qualcomm

Wcn6855 Firmware by Qualcomm

Wcn6856 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm