CVE-2021-30322

Q: What is the severity of CVE-2021-30322?

CVE-2021-30322 has a CVSS score of 7.8 (HIGH). This vulnerability allows an attacker to write data beyond the intended memory boundaries in Qualcomm Snapdragon chipsets due to improper validation of GPIO configurations. It affects devices using Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, and Mobile platforms. Successful exploitation could lead to arbitrary code execution or system crashes.

7.8 HIGH

📋 TL;DR

This vulnerability allows an attacker to write data beyond the intended memory boundaries in Qualcomm Snapdragon chipsets due to improper validation of GPIO configurations. It affects devices using Snapdragon Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, and Mobile platforms. Successful exploitation could lead to arbitrary code execution or system crashes.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile

Versions: Multiple Snapdragon chipset versions (specific versions detailed in Qualcomm advisory)

Operating Systems: Android, Linux-based automotive/embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Snapdragon chipsets regardless of OS configuration. The vulnerability is in the chipset firmware/drivers.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated permissions, potentially leading to data access or further system exploitation.

🟢

If Mitigated

Denial of service through system crash or reboot if memory corruption is detected and handled by security mechanisms.

🌐 Internet-Facing: MEDIUM - Requires local access or adjacent network position, but could be combined with other vulnerabilities for remote exploitation.

🏢 Internal Only: HIGH - Local attackers or malicious applications could exploit this to gain elevated privileges on affected devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or ability to execute code on the device. Exploitation involves manipulating GPIO configuration parameters to trigger the out-of-bounds write.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to device manufacturer updates - Qualcomm has provided fixes to OEM partners

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for security updates. 2. Apply firmware/OS updates from device vendor. 3. Reboot device after update installation. 4. Verify patch is applied through version checks.

🔧 Temporary Workarounds

Restrict local access

all

Limit physical and network access to affected devices to reduce attack surface

Application sandboxing

android

Enforce strict application permissions and sandboxing to limit potential exploit impact

🧯 If You Can't Patch

Isolate affected devices on separate network segments
Implement strict access controls and monitoring for devices with vulnerable chipsets

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm advisory. Use 'getprop ro.bootloader' or similar commands on Android devices.

Check Version:

Android: 'getprop ro.build.fingerprint' or 'getprop ro.bootloader'. Linux: Check kernel/driver versions in /proc/version or dmesg.

Verify Fix Applied:

Verify firmware version has been updated to a version after the patch release date from device manufacturer.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
GPIO driver error messages
Memory corruption warnings in dmesg/kernel logs

Network Indicators:

Unusual local privilege escalation attempts
Suspicious local process behavior

SIEM Query:

Search for kernel panic events, memory corruption errors, or unauthorized privilege escalation on Snapdragon-based devices

📊 Metadata

CVE ID: CVE-2021-30322

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 11, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fsm10055 Firmware by Qualcomm

Fsm10056 Firmware by Qualcomm

Mdm9150 Firmware by Qualcomm

Mdm9250 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Mdm9655 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs603 Firmware by Qualcomm

Qcs605 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcx315 Firmware by Qualcomm

Sa415m Firmware by Qualcomm

Sa515m Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd 8cx Gen2 Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd660 Firmware by Qualcomm

Sd665 Firmware by Qualcomm

Sd675 Firmware by Qualcomm

Sd678 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd720g Firmware by Qualcomm

Sd730 Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd7c Firmware by Qualcomm

Sd845 Firmware by Qualcomm

Sd850 Firmware by Qualcomm

Sd855 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sdx12 Firmware by Qualcomm

Sdx20 Firmware by Qualcomm

Sdx24 Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdx65 Firmware by Qualcomm

Sdxr1 Firmware by Qualcomm

Sdxr2 5g Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Sm6250p Firmware by Qualcomm

Sm6375 Firmware by Qualcomm

Sm7250p Firmware by Qualcomm

Sm7315 Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Wcd9326 Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9340 Firmware by Qualcomm