CVE-2021-30326

Q: What is the severity of CVE-2021-30326?

CVE-2021-30326 has a CVSS score of 7.5 (HIGH). This vulnerability in Qualcomm Snapdragon chipsets allows remote attackers to cause denial of service through improper size validation of DownlinkPreemption IE in RRC messages. It affects Snapdragon Auto, Compute, Connectivity, Industrial IoT, and Mobile platforms. Attackers can trigger assertion failures leading to device crashes.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability in Qualcomm Snapdragon chipsets allows remote attackers to cause denial of service through improper size validation of DownlinkPreemption IE in RRC messages. It affects Snapdragon Auto, Compute, Connectivity, Industrial IoT, and Mobile platforms. Attackers can trigger assertion failures leading to device crashes.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Industrial IOT
Snapdragon Mobile

Versions: Specific chipset versions as listed in Qualcomm advisory

Operating Systems: Embedded/baseband firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the baseband/RRC processing layer, not the application processor. Requires cellular/baseband interface access.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote denial of service causing device crashes and service disruption across affected platforms, potentially affecting critical systems in automotive, industrial, and mobile environments.

🟠

Likely Case

Service disruption through device crashes requiring reboots, impacting connectivity and functionality of affected devices.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated firmware preventing exploitation attempts.

🌐 Internet-Facing: MEDIUM - Requires network access to cellular/baseband interfaces which may be exposed in some configurations.

🏢 Internal Only: MEDIUM - Internal network access to affected devices could allow exploitation if proper segmentation is not in place.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted RRC messages to the cellular/baseband interface. No authentication needed but requires network access to the vulnerable interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates as specified in Qualcomm February 2022 bulletin

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided firmware patches. 3. Reboot affected devices. 4. Verify firmware version matches patched release.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate cellular/baseband interfaces from untrusted networks

Access Control

all

Restrict network access to cellular/baseband interfaces

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected devices
Monitor for abnormal RRC message patterns and device crashes

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm advisory. Use manufacturer-specific tools to query baseband firmware version.

Check Version:

Manufacturer-specific commands vary by device. Typically AT commands or device management interfaces.

Verify Fix Applied:

Verify firmware version matches patched release from manufacturer. Monitor for RRC-related crashes after patch application.

📡 Detection & Monitoring

Log Indicators:

Baseband assertion failures
RRC processing errors
Unexpected device reboots
Cellular interface crashes

Network Indicators:

Malformed RRC messages
Abnormal RRC Reconfiguration/Setup patterns
Suspicious cellular traffic

SIEM Query:

Search for baseband crash logs, RRC protocol anomalies, or device reboot events in affected platforms

📊 Metadata

CVE ID: CVE-2021-30326

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-617

Published: February 11, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qcx315 Firmware by Qualcomm

Sa515m Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdx65 Firmware by Qualcomm

Sdxr2 5g Firmware by Qualcomm

Sm6375 Firmware by Qualcomm

Sm7250p Firmware by Qualcomm

Sm7315 Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9360 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3991 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn6750 Firmware by Qualcomm

Wcn6850 Firmware by Qualcomm

Wcn6851 Firmware by Qualcomm

Wcn6855 Firmware by Qualcomm

Wcn6856 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm