CVE-2021-35086

Q: What is the severity of CVE-2021-35086?

CVE-2021-35086 has a CVSS score of 7.5 (HIGH). This CVE describes a buffer over-read vulnerability in Qualcomm Snapdragon chipsets when processing NR system information messages. Attackers could potentially read sensitive data from adjacent memory locations. Affected devices include those using Snapdragon Auto, Compute, Connectivity, Industrial IoT, and Mobile platforms.

7.5 HIGH

Buffer Overflow

📋 TL;DR

This CVE describes a buffer over-read vulnerability in Qualcomm Snapdragon chipsets when processing NR system information messages. Attackers could potentially read sensitive data from adjacent memory locations. Affected devices include those using Snapdragon Auto, Compute, Connectivity, Industrial IoT, and Mobile platforms.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Industrial IOT
Snapdragon Mobile

Versions: Specific chipset versions listed in Qualcomm May 2022 bulletin

Operating Systems: Android, Linux-based automotive/industrial systems

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in baseband/firmware layer, affecting multiple device types including smartphones, automotive systems, and IoT devices

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or persistent backdoor installation

🟠

Likely Case

Information disclosure of adjacent memory contents, potentially exposing sensitive data or system information

🟢

If Mitigated

Limited impact with proper memory protections and exploit mitigations in place

🌐 Internet-Facing: MEDIUM - Requires processing of malicious NR system information messages, which could come from network sources

🏢 Internal Only: MEDIUM - Could be exploited through local network attacks or malicious base stations

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted NR system information messages to vulnerable devices

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm May 2022 security bulletin for specific chipset firmware versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided firmware patches. 3. Reboot device after update. 4. Verify patch installation through device settings.

🔧 Temporary Workarounds

Network filtering

all

Implement network filtering to block suspicious NR system information messages

Memory protection

linux

Enable ASLR and other memory protection mechanisms where available

🧯 If You Can't Patch

Isolate vulnerable devices from untrusted networks
Implement network monitoring for suspicious NR message patterns

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's affected list

Check Version:

Android: 'getprop ro.bootloader' or check Settings > About phone; Linux-based: check manufacturer documentation

Verify Fix Applied:

Verify firmware version has been updated to patched version from manufacturer

📡 Detection & Monitoring

Log Indicators:

Baseband/firmware crash logs
Memory access violation logs
Unexpected system reboots

Network Indicators:

Unusual NR system information message patterns
Suspicious base station communications

SIEM Query:

Search for baseband/firmware crash events or memory violation alerts in device logs

📊 Metadata

CVE ID: CVE-2021-35086

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: June 14, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sa515m Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd695 Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd855 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdx65 Firmware by Qualcomm

Sdxr2 5g Firmware by Qualcomm

Sm7250p Firmware by Qualcomm

Sm7315 Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9360 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3991 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn6750 Firmware by Qualcomm

Wcn6850 Firmware by Qualcomm

Wcn6851 Firmware by Qualcomm

Wcn6855 Firmware by Qualcomm

Wcn6856 Firmware by Qualcomm

Wsa8810 Firmware by Qualcomm

Wsa8815 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm