CVE-2021-35116
📋 TL;DR
This vulnerability allows a malicious Android application (APK) to load a specially crafted model into the Qualcomm CDSP (Compute DSP), potentially compromising the CDSP and accessing data from other applications running there. It affects Snapdragon-based devices across automotive, compute, connectivity, consumer IoT, industrial IoT, mobile, and wearables platforms.
💻 Affected Systems
- Snapdragon Auto
- Snapdragon Compute
- Snapdragon Connectivity
- Snapdragon Consumer IOT
- Snapdragon Industrial IOT
- Snapdragon Mobile
- Snapdragon Wearables
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the CDSP allowing arbitrary code execution, data exfiltration from other applications, and potential privilege escalation to affect the entire device.
Likely Case
Malicious APK gains unauthorized access to sensitive data from other applications running in the CDSP, potentially including camera, audio, or sensor data.
If Mitigated
With proper application vetting and security controls, only trusted applications can access CDSP resources, limiting exposure.
🎯 Exploit Status
Exploitation requires developing a malicious APK that can bypass application sandboxing and interact with CDSP components.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware updates released in May 2022 security bulletin
Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/may-2022-bulletin
Restart Required: Yes
Instructions:
1. Check with device manufacturer for firmware updates. 2. Apply the latest firmware update for your specific device model. 3. Reboot device after update installation.
🔧 Temporary Workarounds
Application vetting and restriction
allOnly install applications from trusted sources and restrict unknown/untrusted APK installations
🧯 If You Can't Patch
- Implement strict application whitelisting policies
- Deploy mobile device management (MDM) solutions to monitor and control application installations
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against manufacturer's security bulletin; if pre-May 2022 firmware, assume vulnerableCheck Version:
Android: Settings > About Phone > Build Number/Software InformationVerify Fix Applied:
Verify firmware version has been updated to post-May 2022 release from manufacturer📡 Detection & Monitoring
Log Indicators:
- Unusual CDSP process activity
- APK installation from untrusted sources
- Abnormal memory access patterns in DSP logs
Network Indicators:
- Unexpected data exfiltration from device
- Communication with suspicious domains after APK installation
SIEM Query:
source="android_device" AND (event="apk_install" AND source="unknown") OR (process="cdsp" AND activity="unusual")