Large Amount of Security Vulnerabilities in Qualcomm Chipsets

photo of a Qualcomm chip

Chipset security vulnerabilities are certainly not as common as software vulnerabilities in services, apps, or software products but they do occur. For example, in the past, some security vulnerabilities have plagued top-tier chipsets like those from Intel and Apple. Furthermore, when chipset vulnerabilities do occur, it is often a more serious subject with broader consequences in general. This time, a surprisingly large amount of security vulnerabilities plague a global semiconductor manufacturer that is among the top three semiconductor companies in the world. This is in reference specifically to American multinational technology giant Qualcomm, which famously produces the Snapdragon chipset. This chipset powers over 40% of all smartphones which means countless Android devices from Samsung and Google, to name just a few. Qualcomm also owns patents to critical technologies like 5G, 4G as well as other patents in wireless and telecommunications technology.

On August 2nd, 2021 Qualcomm’s August 2021 product security bulletin revealed a very lengthy security vulnerability release report.  The release report describes several proprietary and open-source software security issues that affected numerous Qualcomm chipsets. What is more, news about these security vulnerabilities arrived on the same day when news of Google abandoning Qualcomm’s chipsets appeared online. The semiconductor industry giants are in a global race for onshore chip production, so the situation is quite tense in the industry at the moment.

Qualcomm Security Vulnerabilities

The Qualcomm security vulnerability release report took a long time to be released and is very large. It contains dozens of security vulnerabilities affecting varying chipsets, categorized with CVE ID codes (Common Vulnerabilities and Exposures) and the respective descriptions. Of these vulnerabilities, it is important to note that 7 are marked as being a critical risk while the rest range between medium and high risk. A CVSS score (Common Vulnerability Scoring System) was assigned to each vulnerability. The vulnerabilities have been addressed by both proprietary software and open-source software.

Technical Details of The Vulnerabilities

The proprietary software issues and the respective CVE ID codes, security ratings, technology area, and reported dates for the vulnerabilities found by security researchers are as follows;

CVE-2021-1916CriticalCriticalData ModemInternal
CVE-2021-1919CriticalCriticalData ModemInternal
CVE-2021-1920CriticalCriticalData ModemInternal
CVE-2020-26140HighHighWLAN Firmware12/13/2020
CVE-2020-26143HighHighWiFi Host12/13/2020
CVE-2020-26144HighHighWiFi Host12/13/2020
CVE-2020-26147HighHighWiFi Host12/13/2020
CVE-2021-1914HighHighData ModemInternal
CVE-2021-1923HighHighHLOSInternal
CVE-2021-30260HighHighWLAN Firmware02/14/2021
CVE-2021-30261HighHighWLAN Firmware12/07/2017

The open-source software issues and the respective CVE ID codes, security ratings, technology area, and reported dates for the vulnerabilities found by security researchers are as follows;

CVE-2020-11264CriticalCriticalWLAN Windows Host12/13/2020
CVE-2020-11301CriticalCriticalWIGIG12/13/2020
CVE-2021-1972CriticalCriticalWLAN HOST11/10/2020
CVE-2021-1976CriticalCriticalWLAN HOSTInternal
CVE-2020-24587HighHighWLAN HOST12/13/2020
CVE-2020-24588HighHighWLAN Firmware12/13/2020
CVE-2020-26139HighHighWLAN Host Communication12/13/2020
CVE-2020-26141HighHighWLAN HOST12/13/2020
CVE-2020-26145HighHighWLAN HOST12/13/2020
CVE-2020-26146HighHighWLAN HOST12/13/2020
CVE-2021-1939HighHighGraphicsInternal
CVE-2021-1947HighHighGraphics12/11/2020
CVE-2021-1978HighMediumWLAN HOSTInternal
CVE-2021-1904HighMediumGraphics09/15/2020

The Vulnerability Descriptions

Below is a description of the critical vulnerabilities only. All of the critical vulnerabilities may allow a remote attacker to compromise or gain full control of a system with unpatched software. All other information can be found in the Qualcomm security bulletin release report. The descriptions are as follows;

  1. Critical risk arising from improper authentication in CVE-2020-11264 due to an error in WLAN Windows Host processing. A remote attacker can compromise the vulnerable system
  2. Critical risk arising from improper authentication in CVE-2020-11301 due to an error in WIGIG. A remote attacker can compromise the vulnerable system
  3. Critical risk arising from buffer overflow in CVE-2021-1972 due to a boundary error in WLAN HOST. A remote attacker can compromise the vulnerable system.
  4. Critical risk arising from integer overflow in CVE-2021-1916 due to integer overflow in the Data Modem subsystem. A remote attacker can compromise the vulnerable system
  5. Critical risk arising from integer overflow in CVE-2021-1919 due to integer overflow in RTCP packets processing in Data Modem. A remote attacker can compromise the vulnerable system.
  6. Critical risk arising from integer overflow in CVE-2021-1920 due to integer overflow in RTCP packets processing in Data Modem. A remote attacker can compromise the vulnerable system.
  7. Critical risk arising from a use-after-free error in CVE-2021-1976 arising from use-after-free when handling P2P device addresses in WLAN HOST.

Affected Chipset Models

The security vulnerabilities affect a wide range of Qualcomm products, some of which include;

  • Qualcomm APQ
  • Qualcomm MDM
  • Qualcomm AR
  • Qualcomm AQT
  • Qualcomm QCA
  • Qualcomm MSM
  • Qualcomm SD
  • Qualcomm WCN
  • Qualcomm WSA

Note: The complete list of all affected chipsets contains more than one hundred entries. It can be found on the release report page.

The Current Situation

Vulnerabilities in Qualcomm chipset software (just like vulnerabilities in Intel or TSMC products) mean that millions of devices that are powered by these products are open to remote attacks. For that reason, Qualcomm has been long at work on fixes. Patches have been released to address both the proprietary and open-source software vulnerabilities. According to Qualcomm’s report “OEMs have been notified and strongly recommended to release patches on end devices.” For all users and OEMs of Qualcomm chipsets: patches and fixes can be found on the release report page. For the latest information, Qualcomm can also be directly contacted via their support page

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.