CVE-2021-35129

Q: What is the severity of CVE-2021-35129?

CVE-2021-35129 has a CVSS score of 7.8 (HIGH). This vulnerability allows memory corruption in Bluetooth controllers on Qualcomm Snapdragon chipsets due to improper length validation when processing vendor-specific commands. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. The vulnerability affects multiple Snapdragon product lines including Compute, Mobile, and Industrial IoT platforms.

7.8 HIGH

Buffer Overflow

📋 TL;DR

This vulnerability allows memory corruption in Bluetooth controllers on Qualcomm Snapdragon chipsets due to improper length validation when processing vendor-specific commands. Attackers could potentially execute arbitrary code or cause denial of service on affected devices. The vulnerability affects multiple Snapdragon product lines including Compute, Mobile, and Industrial IoT platforms.

💻 Affected Systems

Products:

Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer Electronics Connectivity
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Wired Infrastructure and Networking

Versions: Specific chipset versions not detailed in bulletin; affected by firmware versions prior to April 2022 patches

Operating Systems: Android, Linux-based systems using affected Snapdragon chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in Bluetooth controller firmware; affects devices with Bluetooth enabled using vulnerable Qualcomm chipsets.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution on affected devices via Bluetooth, potentially leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Bluetooth service crashes or device instability leading to denial of service, requiring device restart.

🟢

If Mitigated

Limited impact with proper network segmentation and Bluetooth access controls, potentially only affecting Bluetooth functionality.

🌐 Internet-Facing: MEDIUM - Requires Bluetooth proximity or network access to Bluetooth services, not directly internet-exposed but could be exploited via adjacent networks.

🏢 Internal Only: HIGH - Bluetooth-enabled devices in internal networks could be exploited by malicious actors with network access or physical proximity.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted vendor-specific Bluetooth commands; no public exploit code available as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released in April 2022 security bulletin

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided firmware patches. 3. Update Bluetooth controller firmware. 4. Reboot device to apply changes.

🔧 Temporary Workarounds

Disable Bluetooth

all

Temporarily disable Bluetooth functionality to prevent exploitation

adb shell settings put global bluetooth_on 0
systemctl stop bluetooth

Restrict Bluetooth Visibility

linux

Set Bluetooth to non-discoverable mode to reduce attack surface

hciconfig hci0 noscan
bluetoothctl discoverable off

🧯 If You Can't Patch

Segment network to isolate Bluetooth-enabled devices from untrusted networks
Implement strict Bluetooth pairing policies and disable automatic connections

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's April 2022 security bulletin

Check Version:

cat /proc/device-tree/model 2>/dev/null || getprop ro.boot.hardware 2>/dev/null

Verify Fix Applied:

Verify firmware version has been updated post-April 2022 and Bluetooth functionality works without crashes

📡 Detection & Monitoring

Log Indicators:

Bluetooth service crashes
Kernel panic logs related to Bluetooth
Unexpected vendor-specific command processing

Network Indicators:

Unusual Bluetooth traffic patterns
Malformed Bluetooth packets targeting vendor-specific commands

SIEM Query:

source="bluetooth_logs" AND (event="crash" OR event="panic") AND process="bluetoothd"

📊 Metadata

CVE ID: CVE-2021-35129

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: June 14, 2022

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/april-2022-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Ar8035 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5018 Firmware by Qualcomm

Ipq5028 Firmware by Qualcomm

Qca2062 Firmware by Qualcomm

Qca2064 Firmware by Qualcomm

Qca2065 Firmware by Qualcomm

Qca2066 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca8081 Firmware by Qualcomm

Qca8337 Firmware by Qualcomm

Qcc710 Firmware by Qualcomm

Qcm6490 Firmware by Qualcomm

Qcn6023 Firmware by Qualcomm

Qcn6024 Firmware by Qualcomm

Qcn6100 Firmware by Qualcomm

Qcn6102 Firmware by Qualcomm

Qcn6112 Firmware by Qualcomm

Qcn6122 Firmware by Qualcomm

Qcn6132 Firmware by Qualcomm

Qcn9000 Firmware by Qualcomm

Qcn9012 Firmware by Qualcomm

Qcn9022 Firmware by Qualcomm

Qcn9024 Firmware by Qualcomm

Qcn9070 Firmware by Qualcomm

Qcn9072 Firmware by Qualcomm

Qcn9074 Firmware by Qualcomm

Qcn9100 Firmware by Qualcomm

Qcs6490 Firmware by Qualcomm

Sd 8 Gen1 5g Firmware by Qualcomm

Sd 8cx Gen3 Firmware by Qualcomm

Sd888 5g Firmware by Qualcomm

Sd888 Firmware by Qualcomm

Sdx65 Firmware by Qualcomm

Wcd9370 Firmware by Qualcomm

Wcd9375 Firmware by Qualcomm

Wcd9380 Firmware by Qualcomm

Wcd9385 Firmware by Qualcomm

Wcn6750 Firmware by Qualcomm

Wcn6850 Firmware by Qualcomm

Wcn6851 Firmware by Qualcomm

Wcn6855 Firmware by Qualcomm

Wcn6856 Firmware by Qualcomm

Wsa8830 Firmware by Qualcomm

Wsa8835 Firmware by Qualcomm