CVE-2021-35094

Q: What is the severity of CVE-2021-35094?

CVE-2021-35094 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to bypass authentication in Qualcomm Snapdragon chipsets by exploiting improper timeout-based verification in identity credential handling. It affects devices using Snapdragon Auto, Compute, Connectivity, Industrial IoT, and Mobile platforms. Attackers could gain unauthorized access to the High-Level Operating System (HLOS) layer.

7.8 HIGH

Authentication Bypass

📋 TL;DR

This vulnerability allows attackers to bypass authentication in Qualcomm Snapdragon chipsets by exploiting improper timeout-based verification in identity credential handling. It affects devices using Snapdragon Auto, Compute, Connectivity, Industrial IoT, and Mobile platforms. Attackers could gain unauthorized access to the High-Level Operating System (HLOS) layer.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Industrial IOT
Snapdragon Mobile

Versions: Specific chipset versions not detailed in bulletin - refer to Qualcomm advisory for exact affected versions

Operating Systems: Android, Linux-based automotive/industrial systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects chipsets in various device types including smartphones, automotive systems, industrial equipment, and computing devices.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary code, access sensitive data, or take full control of affected devices.

🟠

Likely Case

Unauthorized access to device functions, privilege escalation, or data exfiltration from compromised devices.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, but authentication bypass remains possible.

🌐 Internet-Facing: MEDIUM - Devices exposed to internet could be targeted, but exploitation requires specific conditions.

🏢 Internal Only: MEDIUM - Internal devices could be compromised through network access or physical proximity.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of chipset authentication mechanisms and timing attacks. No public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm May 2022 security bulletin for specific chipset firmware updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided firmware patches. 3. Reboot device after patching. 4. Verify patch installation through version checks.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices from untrusted networks to reduce attack surface

Access Control Enforcement

all

Implement strict authentication and authorization controls at application layer

🧯 If You Can't Patch

Isolate affected devices in separate network segments with strict firewall rules
Implement additional application-layer authentication mechanisms

🔍 How to Verify

Check if Vulnerable:

Check device chipset version and compare against Qualcomm's affected list in May 2022 bulletin

Check Version:

Device-specific commands vary by manufacturer - typically 'getprop ro.build.fingerprint' or chipset diagnostic tools

Verify Fix Applied:

Verify firmware version has been updated to post-May 2022 release and check for security patch level

📡 Detection & Monitoring

Log Indicators:

Unusual authentication attempts
Failed credential verification with timing anomalies
Unexpected privilege escalation events

Network Indicators:

Suspicious traffic to/from affected devices
Unexpected authentication protocol traffic

SIEM Query:

Authentication events with abnormal timing patterns OR privilege escalation from low-level system components

📊 Metadata

CVE ID: CVE-2021-35094

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-287

Published: June 14, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qsm8350 Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sa8540p Firmware by Qualcomm

Sa9000p Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd 8cx Gen3 Firmware by Qualcomm

Sd460 Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd662 Firmware by Qualcomm

Sd665 Firmware by Qualcomm

Sd675 Firmware by Qualcomm

Sd678 Firmware by Qualcomm

Sd680 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd695 Firmware by Qualcomm

Sd720g Firmware by Qualcomm

Sd730 Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd780g Firmware by Qualcomm

Sd855 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sdx50m Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdxr2 5g Firmware by Qualcomm

Sm4125 Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Sm7250p Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Wcd9341 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3910 Firmware by Qualcomm

Wcn3950 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3991 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm

Wcn6750 Firmware by Qualcomm

Wcn6850 Firmware by Qualcomm

Wcn6851 Firmware by Qualcomm

Wcn6855 Firmware by Qualcomm

Wcn6856 Firmware by Qualcomm

Wcn7850 Firmware by Qualcomm

Wcn7851 Firmware by Qualcomm