CVE-2021-35069

Q: What is the severity of CVE-2021-35069?

CVE-2021-35069 has a CVSS score of 7.8 (HIGH). This vulnerability allows improper validation of data length from DMA buffers, leading to memory corruption in Qualcomm Snapdragon chipsets. It affects multiple Snapdragon product lines including Auto, Compute, Mobile, and others. Attackers could potentially execute arbitrary code or cause denial of service.

7.8 HIGH

📋 TL;DR

This vulnerability allows improper validation of data length from DMA buffers, leading to memory corruption in Qualcomm Snapdragon chipsets. It affects multiple Snapdragon product lines including Auto, Compute, Mobile, and others. Attackers could potentially execute arbitrary code or cause denial of service.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wired Infrastructure and Networking

Versions: Specific chipset versions not detailed in CVE; refer to Qualcomm bulletins for exact affected versions

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Qualcomm Snapdragon chipsets; exact device models depend on chipset implementation

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Denial of service (system crash/reboot) or limited information disclosure through memory corruption.

🟢

If Mitigated

No impact if patched or if exploit attempts are blocked by security controls.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires DMA access and understanding of chipset memory management; no public exploits known

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm February 2022 security bulletin for specific patch versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM updates. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable DMA access

linux

Restrict DMA buffer access to trusted processes only

Device-specific configuration; consult manufacturer documentation

🧯 If You Can't Patch

Isolate affected devices from untrusted networks
Implement strict access controls and monitoring for DMA operations

🔍 How to Verify

Check if Vulnerable:

Check device chipset version and compare against Qualcomm's affected list in February 2022 bulletin

Check Version:

Device-specific commands; typically 'cat /proc/cpuinfo' or manufacturer-specific firmware check

Verify Fix Applied:

Verify firmware version has been updated to post-February 2022 patch level

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Memory corruption errors in system logs
Unexpected DMA operation patterns

Network Indicators:

Unusual DMA-related network traffic patterns

SIEM Query:

Search for kernel panic events or memory corruption alerts on Snapdragon-based devices

📊 Metadata

CVE ID: CVE-2021-35069

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: February 11, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/february-2022-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8096au Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fsm10055 Firmware by Qualcomm

Fsm10056 Firmware by Qualcomm

Ipq4018 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Ipq4028 Firmware by Qualcomm

Ipq4029 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5018 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8065 Firmware by Qualcomm

Ipq8068 Firmware by Qualcomm

Ipq8070 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071 Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072 Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074 Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Pmp8074 Firmware by Qualcomm

Qca4024 Firmware by Qualcomm

Qca6175a Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6428 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6438 Firmware by Qualcomm

Qca6554a Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca7500 Firmware by Qualcomm

Qca8072 Firmware by Qualcomm

Qca8075 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qca9880 Firmware by Qualcomm

Qca9886 Firmware by Qualcomm

Qca9888 Firmware by Qualcomm

Qca9889 Firmware by Qualcomm

Qca9898 Firmware by Qualcomm

Qca9980 Firmware by Qualcomm

Qca9984 Firmware by Qualcomm

Qca9985 Firmware by Qualcomm

Qca9990 Firmware by Qualcomm

Qca9992 Firmware by Qualcomm

Qca9994 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm