CVE-2021-35106

Q: What is the severity of CVE-2021-35106?

CVE-2021-35106 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to read memory beyond intended boundaries in Qualcomm Snapdragon chipsets due to improper WMI message length calculation. It affects numerous Snapdragon-powered devices across automotive, mobile, IoT, and wearable platforms. Successful exploitation could lead to information disclosure or system compromise.

7.8 HIGH

📋 TL;DR

This vulnerability allows attackers to read memory beyond intended boundaries in Qualcomm Snapdragon chipsets due to improper WMI message length calculation. It affects numerous Snapdragon-powered devices across automotive, mobile, IoT, and wearable platforms. Successful exploitation could lead to information disclosure or system compromise.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables

Versions: Multiple affected versions across product lines

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm firmware/chipset versions

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation

🟠

Likely Case

Information disclosure through memory read, potentially exposing sensitive data or system information

🟢

If Mitigated

Limited impact with proper memory protections and exploit mitigations in place

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires WMI message manipulation and knowledge of affected firmware

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm March 2022 security bulletin for specific firmware versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/march-2022-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates 2. Apply Qualcomm-provided firmware patches 3. Reboot device after update

🔧 Temporary Workarounds

Network segmentation

all

Isolate affected devices from untrusted networks

WMI access restriction

linux

Restrict WMI interface access to trusted processes only

🧯 If You Can't Patch

Implement strict network segmentation for affected devices
Monitor for unusual WMI activity and memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm's March 2022 security bulletin

Check Version:

Device-specific commands vary by manufacturer (e.g., 'getprop ro.build.fingerprint' on Android)

Verify Fix Applied:

Verify firmware version has been updated to patched version

📡 Detection & Monitoring

Log Indicators:

Unusual WMI message sizes or patterns
Memory access violations in system logs

Network Indicators:

Unexpected WMI protocol traffic
Anomalous inter-process communication

SIEM Query:

Search for WMI-related errors or memory access violations in system logs

📊 Metadata

CVE ID: CVE-2021-35106

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: April 1, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/march-2022-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/march-2022-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Fsm10055 Firmware by Qualcomm

Fsm10056 Firmware by Qualcomm

Qca6175a Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6554a Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs405 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Qrb5165 Firmware by Qualcomm

Qrb5165m Firmware by Qualcomm

Qrb5165n Firmware by Qualcomm

Sa4150p Firmware by Qualcomm

Sa4155p Firmware by Qualcomm

Sa415m Firmware by Qualcomm

Sa515m Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd460 Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd660 Firmware by Qualcomm

Sd662 Firmware by Qualcomm

Sd675 Firmware by Qualcomm

Sd678 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd720g Firmware by Qualcomm

Sd730 Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd780g Firmware by Qualcomm

Sd855 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sdx65 Firmware by Qualcomm

Sdxr1 Firmware by Qualcomm