CVE-2021-35123

Q: What is the severity of CVE-2021-35123?

CVE-2021-35123 has a CVSS score of 8.8 (HIGH). This is a buffer overflow vulnerability in Qualcomm's Snapdragon chipsets affecting GATT multi-notification functionality. Attackers can exploit this by sending specially crafted Bluetooth packets to execute arbitrary code or cause denial of service. Affected devices include those using vulnerable Snapdragon Connectivity and Snapdragon Industrial IoT chips.

8.8 HIGH

📋 TL;DR

This is a buffer overflow vulnerability in Qualcomm's Snapdragon chipsets affecting GATT multi-notification functionality. Attackers can exploit this by sending specially crafted Bluetooth packets to execute arbitrary code or cause denial of service. Affected devices include those using vulnerable Snapdragon Connectivity and Snapdragon Industrial IoT chips.

💻 Affected Systems

Products:

Snapdragon Connectivity
Snapdragon Industrial IOT

Versions: Specific chipset versions not detailed in public advisory

Operating Systems: Android, Embedded Linux systems using affected chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Bluetooth enabled using vulnerable Qualcomm chipsets. Exact device models depend on chipset implementation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service causing device crashes or instability, potentially requiring physical reset.

🟢

If Mitigated

Limited impact if Bluetooth is disabled or devices are air-gapped from untrusted networks.

🌐 Internet-Facing: MEDIUM - Requires proximity Bluetooth access, not direct internet exposure.

🏢 Internal Only: HIGH - Bluetooth-enabled devices in corporate environments could be targeted by nearby attackers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires Bluetooth proximity and knowledge of vulnerable devices. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm April 2022 security bulletin for specific chipset firmware updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM updates. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable Bluetooth

all

Turn off Bluetooth when not in use to prevent exploitation

adb shell settings put global bluetooth_on 0
systemctl stop bluetooth

Restrict Bluetooth visibility

linux

Set devices to non-discoverable mode and use whitelisting

hciconfig hci0 noscan
bluetoothctl discoverable off

🧯 If You Can't Patch

Segment Bluetooth networks and restrict device proximity to untrusted sources
Implement physical security controls to prevent unauthorized Bluetooth access

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's advisory. Use 'getprop ro.bootloader' or similar on Android devices.

Check Version:

adb shell getprop ro.bootloader || cat /proc/device-tree/model

Verify Fix Applied:

Verify firmware version has been updated to post-April 2022 release and test Bluetooth functionality.

📡 Detection & Monitoring

Log Indicators:

Bluetooth stack crashes
Kernel panic logs
Unexpected GATT notification errors

Network Indicators:

Unusual Bluetooth connection attempts
Malformed Bluetooth packets detected

SIEM Query:

source="bluetoothd" AND (event="crash" OR event="buffer_overflow")

📊 Metadata

CVE ID: CVE-2021-35123

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Published: June 14, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd660 Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd780g Firmware by Qualcomm

Sd855 Firmware by Qualcomm

Sd865 5g Firmware by Qualcomm

Sd870 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sm6375 Firmware by Qualcomm

Sm7325p Firmware by Qualcomm

Wcd9335 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn3980 Firmware by Qualcomm

Wcn3988 Firmware by Qualcomm

Wcn3991 Firmware by Qualcomm

Wcn3998 Firmware by Qualcomm

Wcn6740 Firmware by Qualcomm

Wcn6750 Firmware by Qualcomm

Wcn6850 Firmware by Qualcomm

Wcn6851 Firmware by Qualcomm

Wcn6855 Firmware by Qualcomm

Wcn6856 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm