CVE-2021-35076

Q: What is the severity of CVE-2021-35076?

CVE-2021-35076 has a CVSS score of 7.5 (HIGH). This vulnerability allows attackers to cause denial of service or potentially execute arbitrary code by sending a specially crafted RRC connection reconfiguration message to affected Qualcomm Snapdragon chipsets. It affects devices using Snapdragon Auto, Compute, Connectivity, Industrial IoT, and Mobile platforms.

7.5 HIGH

Denial of Service

📋 TL;DR

This vulnerability allows attackers to cause denial of service or potentially execute arbitrary code by sending a specially crafted RRC connection reconfiguration message to affected Qualcomm Snapdragon chipsets. It affects devices using Snapdragon Auto, Compute, Connectivity, Industrial IoT, and Mobile platforms.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Industrial IOT
Snapdragon Mobile

Versions: Specific chipset versions not publicly detailed in bulletin

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects baseband processors in Qualcomm chipsets; exact chip models not specified in public advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing device crashes, reboots, or loss of cellular connectivity.

🟢

If Mitigated

Limited impact with proper network segmentation and intrusion detection systems in place.

🌐 Internet-Facing: MEDIUM - Requires cellular network access or proximity to target device, not directly internet-exposed.

🏢 Internal Only: LOW - Typically requires specialized equipment or cellular network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: HIGH

Exploitation requires sending malformed RRC messages over cellular network; no public exploits available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in public bulletin

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

Restart Required: Yes

Instructions:

1. Contact device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM channels. 3. Reboot device after update.

🔧 Temporary Workarounds

Network segmentation

all

Isolate affected devices from untrusted networks

Cellular network filtering

all

Implement network-level filtering for suspicious RRC messages

🧯 If You Can't Patch

Deploy network intrusion detection systems to monitor for abnormal RRC traffic
Implement strict access controls and network segmentation for affected devices

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer's patched versions; no public detection script available.

Check Version:

Device-specific commands vary by manufacturer; typically 'adb shell getprop ro.build.version' for Android devices.

Verify Fix Applied:

Verify firmware version has been updated to manufacturer's recommended patched version.

📡 Detection & Monitoring

Log Indicators:

Unexpected device reboots
Baseband processor crashes
Cellular connectivity loss logs

Network Indicators:

Abnormal RRC connection reconfiguration messages
Suspicious cellular network traffic patterns

SIEM Query:

Not applicable - requires specialized cellular network monitoring

📊 Metadata

CVE ID: CVE-2021-35076

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: June 14, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sa515m Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd695 Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd780g Firmware by Qualcomm

Sd855 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdx65 Firmware by Qualcomm

Sdxr2 5g Firmware by Qualcomm

Sm7250p Firmware by Qualcomm

Sm7315 Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9360 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3991 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm

Wcn6750 Firmware by Qualcomm

Wcn6850 Firmware by Qualcomm

Wcn6851 Firmware by Qualcomm

Wcn6855 Firmware by Qualcomm

Wcn6856 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm