CVE-2021-35102
📋 TL;DR
This vulnerability is a buffer overflow in Qualcomm Snapdragon chipsets that could allow attackers to execute arbitrary code or cause denial of service. It affects devices using Snapdragon Auto, Compute, Connectivity, and Mobile platforms. The issue occurs when processing NAI strings from the EFS without proper length validation.
💻 Affected Systems
- Snapdragon Auto
- Snapdragon Compute
- Snapdragon Connectivity
- Snapdragon Mobile
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.
Likely Case
Local privilege escalation allowing attackers to gain elevated privileges on affected devices.
If Mitigated
Denial of service or application crashes if exploit attempts are blocked by security controls.
🎯 Exploit Status
Exploitation requires local access or ability to trigger the vulnerable code path; no public exploits known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Varies by device manufacturer - check with OEM for specific firmware updates
Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/june-2022-bulletin
Restart Required: Yes
Instructions:
1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM firmware updates. 3. Reboot device after update installation.
🔧 Temporary Workarounds
Restrict local access
allLimit physical and network access to affected devices to reduce attack surface.
Application sandboxing
androidImplement strict application sandboxing to prevent privilege escalation attempts.
🧯 If You Can't Patch
- Isolate affected devices in network segments with strict access controls
- Implement application allowlisting to prevent unauthorized apps from running
🔍 How to Verify
Check if Vulnerable:
Check device chipset model and firmware version against Qualcomm's advisory; use 'getprop ro.boot.hardware' on Android devices to identify chipset.Check Version:
Android: 'getprop ro.build.fingerprint' or 'getprop ro.build.version.security_patch'Verify Fix Applied:
Verify firmware version has been updated to a version after the patch release date from device manufacturer.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Application crashes related to modem/EFS operations
- Privilege escalation attempts
Network Indicators:
- Unusual modem/radio interface activity
- Suspicious local process communication
SIEM Query:
Search for: 'kernel panic' OR 'segmentation fault' AND ('modem' OR 'EFS' OR 'NAI')