CVE-2021-35072
📋 TL;DR
This vulnerability allows attackers to execute arbitrary code or cause denial of service on Qualcomm Snapdragon devices by sending specially crafted DIAG commands. It affects various Snapdragon platforms including automotive, consumer IoT, industrial IoT, mobile, voice & music, and wearables. The buffer overflow occurs due to improper validation of array indexes when processing external diagnostic commands.
💻 Affected Systems
- Snapdragon Auto
- Snapdragon Consumer IOT
- Snapdragon Industrial IOT
- Snapdragon Mobile
- Snapdragon Voice & Music
- Snapdragon Wearables
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.
Likely Case
Denial of service causing device crashes or instability, potentially requiring physical reset.
If Mitigated
Limited impact if DIAG interface is disabled or properly firewalled, with only denial of service possible.
🎯 Exploit Status
Exploitation requires sending malformed DIAG commands to the vulnerable interface, which may require physical access or network access to exposed diagnostic ports.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Varies by specific chipset and device manufacturer
Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin
Restart Required: Yes
Instructions:
1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM update channels. 3. Reboot device after update installation.
🔧 Temporary Workarounds
Disable DIAG Interface
androidDisable external diagnostic interface to prevent exploitation
adb shell setprop sys.usb.config none
adb shell setprop persist.sys.usb.config none
Restrict DIAG Access
linuxConfigure firewall rules to block access to DIAG ports
iptables -A INPUT -p tcp --dport 9200 -j DROP
iptables -A INPUT -p udp --dport 9200 -j DROP
🧯 If You Can't Patch
- Disable USB debugging and diagnostic modes on all affected devices
- Implement network segmentation to isolate devices with DIAG interfaces enabled
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against manufacturer's patched versions listCheck Version:
adb shell getprop ro.build.version.security_patchVerify Fix Applied:
Verify firmware version has been updated to patched release from device manufacturer📡 Detection & Monitoring
Log Indicators:
- Unexpected DIAG command processing
- Device crashes or reboots
- Memory corruption errors in system logs
Network Indicators:
- Unusual traffic to DIAG ports (typically 9200)
- Malformed diagnostic protocol packets
SIEM Query:
source="*kernel*" AND "panic" OR "oops" AND "diag" OR "diagnostic"