CVE-2021-30334

8.4 HIGH

📋 TL;DR

This CVE describes a use-after-free vulnerability in Qualcomm Snapdragon chipsets where DRM file status isn't properly checked after file structure is freed. This could allow attackers to execute arbitrary code or cause denial of service. Affected devices include automotive, compute, connectivity, consumer IoT, industrial IoT, voice & music, and wearable products using vulnerable Snapdragon chipsets.

💻 Affected Systems

Products:

• Snapdragon Auto
• Snapdragon Compute
• Snapdragon Connectivity
• Snapdragon Consumer IOT
• Snapdragon Industrial IOT
• Snapdragon Voice & Music
• Snapdragon Wearables

Versions: Specific chipset versions not detailed in bulletin; affected by firmware/software using vulnerable DRM components

Operating Systems: Android-based systems, Linux-based systems, Other embedded OS using Snapdragon chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in DRM (Digital Rights Management) component handling; exploitation requires specific conditions to trigger the use-after-free scenario.

📦 What is this software?

Apq8009w Firmware by Qualcomm

View all CVEs affecting Apq8009w Firmware →

Aqt1000 Firmware by Qualcomm

View all CVEs affecting Aqt1000 Firmware →

Ar8031 Firmware by Qualcomm

View all CVEs affecting Ar8031 Firmware →

Ar8035 Firmware by Qualcomm

View all CVEs affecting Ar8035 Firmware →

Csra6620 Firmware by Qualcomm

View all CVEs affecting Csra6620 Firmware →

Csra6640 Firmware by Qualcomm

View all CVEs affecting Csra6640 Firmware →

Csrb31024 Firmware by Qualcomm

View all CVEs affecting Csrb31024 Firmware →

Fsm10055 Firmware by Qualcomm

View all CVEs affecting Fsm10055 Firmware →

Fsm10056 Firmware by Qualcomm

View all CVEs affecting Fsm10056 Firmware →

Mdm9150 Firmware by Qualcomm

View all CVEs affecting Mdm9150 Firmware →

Msm8909w Firmware by Qualcomm

View all CVEs affecting Msm8909w Firmware →

Qam8295p Firmware by Qualcomm

View all CVEs affecting Qam8295p Firmware →

Qca6174a Firmware by Qualcomm

View all CVEs affecting Qca6174a Firmware →

Qca6390 Firmware by Qualcomm

View all CVEs affecting Qca6390 Firmware →

Qca6391 Firmware by Qualcomm

View all CVEs affecting Qca6391 Firmware →

Qca6426 Firmware by Qualcomm

View all CVEs affecting Qca6426 Firmware →

Qca6436 Firmware by Qualcomm

View all CVEs affecting Qca6436 Firmware →

Qca6564 Firmware by Qualcomm

View all CVEs affecting Qca6564 Firmware →

Qca6564a Firmware by Qualcomm

View all CVEs affecting Qca6564a Firmware →

Qca6564au Firmware by Qualcomm

View all CVEs affecting Qca6564au Firmware →

Qca6574 Firmware by Qualcomm

View all CVEs affecting Qca6574 Firmware →

Qca6574a Firmware by Qualcomm

View all CVEs affecting Qca6574a Firmware →

Qca6574au Firmware by Qualcomm

View all CVEs affecting Qca6574au Firmware →

Qca6595au Firmware by Qualcomm

View all CVEs affecting Qca6595au Firmware →

Qca6696 Firmware by Qualcomm

View all CVEs affecting Qca6696 Firmware →

Qca8081 Firmware by Qualcomm

View all CVEs affecting Qca8081 Firmware →

Qca8337 Firmware by Qualcomm

View all CVEs affecting Qca8337 Firmware →

Qca9377 Firmware by Qualcomm

View all CVEs affecting Qca9377 Firmware →

Qcm2290 Firmware by Qualcomm

View all CVEs affecting Qcm2290 Firmware →

Qcm4290 Firmware by Qualcomm

View all CVEs affecting Qcm4290 Firmware →

Qcm6125 Firmware by Qualcomm

View all CVEs affecting Qcm6125 Firmware →

Qcm6490 Firmware by Qualcomm

View all CVEs affecting Qcm6490 Firmware →

Qcn9011 Firmware by Qualcomm

View all CVEs affecting Qcn9011 Firmware →

Qcn9012 Firmware by Qualcomm

View all CVEs affecting Qcn9012 Firmware →

Qcs2290 Firmware by Qualcomm

View all CVEs affecting Qcs2290 Firmware →

Qcs405 Firmware by Qualcomm

View all CVEs affecting Qcs405 Firmware →

Qcs410 Firmware by Qualcomm

View all CVEs affecting Qcs410 Firmware →

Qcs4290 Firmware by Qualcomm

View all CVEs affecting Qcs4290 Firmware →

Qcs603 Firmware by Qualcomm

View all CVEs affecting Qcs603 Firmware →

Qcs605 Firmware by Qualcomm

View all CVEs affecting Qcs605 Firmware →

Qcs610 Firmware by Qualcomm

View all CVEs affecting Qcs610 Firmware →

Qcs6125 Firmware by Qualcomm

View all CVEs affecting Qcs6125 Firmware →

Qcs6490 Firmware by Qualcomm

View all CVEs affecting Qcs6490 Firmware →

Qcs8155 Firmware by Qualcomm

View all CVEs affecting Qcs8155 Firmware →

Qcx315 Firmware by Qualcomm

View all CVEs affecting Qcx315 Firmware →

Qet4101 Firmware by Qualcomm

View all CVEs affecting Qet4101 Firmware →

Qrb5165 Firmware by Qualcomm

View all CVEs affecting Qrb5165 Firmware →

Qrb5165m Firmware by Qualcomm

View all CVEs affecting Qrb5165m Firmware →

Qrb5165n Firmware by Qualcomm

View all CVEs affecting Qrb5165n Firmware →

Qsm8250 Firmware by Qualcomm

View all CVEs affecting Qsm8250 Firmware →

Qsw8573 Firmware by Qualcomm

View all CVEs affecting Qsw8573 Firmware →

Sa4150p Firmware by Qualcomm

View all CVEs affecting Sa4150p Firmware →

Sa4155p Firmware by Qualcomm

View all CVEs affecting Sa4155p Firmware →

Sa415m Firmware by Qualcomm

View all CVEs affecting Sa415m Firmware →

Sa515m Firmware by Qualcomm

View all CVEs affecting Sa515m Firmware →

Sa6145p Firmware by Qualcomm

View all CVEs affecting Sa6145p Firmware →

Sa6150p Firmware by Qualcomm

View all CVEs affecting Sa6150p Firmware →

Sa6155 Firmware by Qualcomm

View all CVEs affecting Sa6155 Firmware →

Sa6155p Firmware by Qualcomm

View all CVEs affecting Sa6155p Firmware →

Sa8145p Firmware by Qualcomm

View all CVEs affecting Sa8145p Firmware →

Sa8150p Firmware by Qualcomm

View all CVEs affecting Sa8150p Firmware →

Sa8155 Firmware by Qualcomm

View all CVEs affecting Sa8155 Firmware →

Sa8155p Firmware by Qualcomm

View all CVEs affecting Sa8155p Firmware →

Sa8195p Firmware by Qualcomm

View all CVEs affecting Sa8195p Firmware →

Sa8295p Firmware by Qualcomm

View all CVEs affecting Sa8295p Firmware →

Sd 675 Firmware by Qualcomm

View all CVEs affecting Sd 675 Firmware →

Sd 8 Gen1 5g Firmware by Qualcomm

View all CVEs affecting Sd 8 Gen1 5g Firmware →

Sd205 Firmware by Qualcomm

View all CVEs affecting Sd205 Firmware →

Sd210 Firmware by Qualcomm

View all CVEs affecting Sd210 Firmware →

Sd429 Firmware by Qualcomm

View all CVEs affecting Sd429 Firmware →

Sd439 Firmware by Qualcomm

View all CVEs affecting Sd439 Firmware →

Sd460 Firmware by Qualcomm

View all CVEs affecting Sd460 Firmware →

Sd480 Firmware by Qualcomm

View all CVEs affecting Sd480 Firmware →

Sd660 Firmware by Qualcomm

View all CVEs affecting Sd660 Firmware →

Sd662 Firmware by Qualcomm

View all CVEs affecting Sd662 Firmware →

Sd665 Firmware by Qualcomm

View all CVEs affecting Sd665 Firmware →

Sd675 Firmware by Qualcomm

View all CVEs affecting Sd675 Firmware →

Sd678 Firmware by Qualcomm

View all CVEs affecting Sd678 Firmware →

Sd690 5g Firmware by Qualcomm

View all CVEs affecting Sd690 5g Firmware →

Sd720g Firmware by Qualcomm

View all CVEs affecting Sd720g Firmware →

Sd730 Firmware by Qualcomm

View all CVEs affecting Sd730 Firmware →

Sd750g Firmware by Qualcomm

View all CVEs affecting Sd750g Firmware →

Sd765 Firmware by Qualcomm

View all CVEs affecting Sd765 Firmware →

Sd765g Firmware by Qualcomm

View all CVEs affecting Sd765g Firmware →

Sd768g Firmware by Qualcomm

View all CVEs affecting Sd768g Firmware →

Sd778g Firmware by Qualcomm

View all CVEs affecting Sd778g Firmware →

Sd780g Firmware by Qualcomm

View all CVEs affecting Sd780g Firmware →

Sd855 Firmware by Qualcomm

View all CVEs affecting Sd855 Firmware →

Sd865 5g Firmware by Qualcomm

View all CVEs affecting Sd865 5g Firmware →

Sd870 Firmware by Qualcomm

View all CVEs affecting Sd870 Firmware →

Sd888 5g Firmware by Qualcomm

View all CVEs affecting Sd888 5g Firmware →

Sd888 Firmware by Qualcomm

View all CVEs affecting Sd888 Firmware →

Sda429w Firmware by Qualcomm

View all CVEs affecting Sda429w Firmware →

Sdm429w Firmware by Qualcomm

View all CVEs affecting Sdm429w Firmware →

Sdx24 Firmware by Qualcomm

View all CVEs affecting Sdx24 Firmware →

Sdx55 Firmware by Qualcomm

View all CVEs affecting Sdx55 Firmware →

Sdx55m Firmware by Qualcomm

View all CVEs affecting Sdx55m Firmware →

Sdx65 Firmware by Qualcomm

View all CVEs affecting Sdx65 Firmware →

Sdxr1 Firmware by Qualcomm

View all CVEs affecting Sdxr1 Firmware →

Sdxr2 5g Firmware by Qualcomm

View all CVEs affecting Sdxr2 5g Firmware →

Sm6250 Firmware by Qualcomm

View all CVEs affecting Sm6250 Firmware →

Sm6250p Firmware by Qualcomm

View all CVEs affecting Sm6250p Firmware →

Sm6375 Firmware by Qualcomm

View all CVEs affecting Sm6375 Firmware →

Sm7250p Firmware by Qualcomm

View all CVEs affecting Sm7250p Firmware →

Sm7315 Firmware by Qualcomm

View all CVEs affecting Sm7315 Firmware →

Sm7325p Firmware by Qualcomm

View all CVEs affecting Sm7325p Firmware →

Sw5100 Firmware by Qualcomm

View all CVEs affecting Sw5100 Firmware →

Sw5100p Firmware by Qualcomm

View all CVEs affecting Sw5100p Firmware →

Sxr2150p Firmware by Qualcomm

View all CVEs affecting Sxr2150p Firmware →

Wcd9335 Firmware by Qualcomm

View all CVEs affecting Wcd9335 Firmware →

Wcd9360 Firmware by Qualcomm

View all CVEs affecting Wcd9360 Firmware →

Wcd9370 Firmware by Qualcomm

View all CVEs affecting Wcd9370 Firmware →

Wcd9375 Firmware by Qualcomm

View all CVEs affecting Wcd9375 Firmware →

Wcd9380 Firmware by Qualcomm

View all CVEs affecting Wcd9380 Firmware →

Wcd9385 Firmware by Qualcomm

View all CVEs affecting Wcd9385 Firmware →

Wcn3610 Firmware by Qualcomm

View all CVEs affecting Wcn3610 Firmware →

Wcn3620 Firmware by Qualcomm

View all CVEs affecting Wcn3620 Firmware →

Wcn3910 Firmware by Qualcomm

View all CVEs affecting Wcn3910 Firmware →

Wcn3950 Firmware by Qualcomm

View all CVEs affecting Wcn3950 Firmware →

Wcn3988 Firmware by Qualcomm

View all CVEs affecting Wcn3988 Firmware →

Wcn3991 Firmware by Qualcomm

View all CVEs affecting Wcn3991 Firmware →

Wcn3998 Firmware by Qualcomm

View all CVEs affecting Wcn3998 Firmware →

Wcn3999 Firmware by Qualcomm

View all CVEs affecting Wcn3999 Firmware →

Wcn6740 Firmware by Qualcomm

View all CVEs affecting Wcn6740 Firmware →

Wcn6750 Firmware by Qualcomm

View all CVEs affecting Wcn6750 Firmware →

Wcn6850 Firmware by Qualcomm

View all CVEs affecting Wcn6850 Firmware →

Wcn6851 Firmware by Qualcomm

View all CVEs affecting Wcn6851 Firmware →

Wcn6855 Firmware by Qualcomm

View all CVEs affecting Wcn6855 Firmware →

Wcn6856 Firmware by Qualcomm

View all CVEs affecting Wcn6856 Firmware →

Wsa8830 Firmware by Qualcomm

View all CVEs affecting Wsa8830 Firmware →

Wsa8835 Firmware by Qualcomm

View all CVEs affecting Wsa8835 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crash or denial of service affecting device functionality.

🟢

If Mitigated

Limited impact with proper memory protection mechanisms and exploit mitigations in place.

🌐 Internet-Facing: MEDIUM - Requires specific conditions and potentially local access, but could be exploited remotely in certain configurations.

🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or compromised processes on the device.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering specific memory conditions; no public exploit code available as per references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm April 2022 security bulletin for specific chipset/firmware updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches for affected chipsets. 3. Reboot device after update. 4. Verify patch installation through version checks.

🔧 Temporary Workarounds

Restrict DRM file access

all

Limit access to DRM-protected content and applications that use vulnerable DRM components

Application sandboxing

all

Implement strict application isolation to limit potential impact

🧯 If You Can't Patch

• Isolate affected devices from untrusted networks
• Implement strict application allowlisting and monitor for abnormal behavior

🔍 How to Verify

Check if Vulnerable:

Copy

Check device chipset version and firmware against Qualcomm's April 2022 security bulletin

Check Version:

Copy

Device-specific commands vary by manufacturer; typically: adb shell getprop ro.build.fingerprint or manufacturer-specific firmware check tools

Verify Fix Applied:

Copy

Verify firmware version has been updated to post-April 2022 patches from device manufacturer

📡 Detection & Monitoring

Log Indicators:

• Unexpected application crashes related to DRM/media services
• Memory access violation logs
• Kernel panic or watchdog resets

Network Indicators:

• Unusual outbound connections from media/DRM services
• Suspicious file transfers to/from affected devices

SIEM Query:

Copy

source="device_logs" AND ("DRM" OR "media" OR "codec") AND ("crash" OR "segfault" OR "access violation")

📊 Metadata

CVE ID: CVE-2021-30334

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: June 14, 2022

Last Updated: November 21, 2024

🔗 References

• https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin Patch,Vendor Advisory
• https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin Patch,Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30334, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)

CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)

CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)