CVE-2021-1931

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto versions prior to the fixed version Snapdragon Compute versions prior to the fixed version Snapdragon Connectivity versions prior to the fixed version Snapdragon Consumer IOT versions prior to the fixed version Snapdragon Industrial IOT versions prior to the fixed version Snapdragon Mobile versions prior to the fixed version Snapdragon Voice & Music versions prior to the fixed version

Description: The issue is related to a possible buffer overflow due to improper validation of buffer length while processing fast boot commands. This affects various Snapdragon products, including Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, and Voice & Music. There have been reports of this issue being exploited to unlock the bootloader on certain devices, such as the Quest 2.

Recommendations: For Snapdragon Auto, update to a version that includes the fix for this issue. For Snapdragon Compute, update to a version that includes the fix for this issue. For Snapdragon Connectivity, update to a version that includes the fix for this issue. For Snapdragon Consumer IOT, update to a version that includes the fix for this issue. For Snapdragon Industrial IOT, update to a version that includes the fix for this issue. For Snapdragon Mobile, update to a version that includes the fix for this issue. For Snapdragon Voice & Music, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the fast boot command processing until a patch is available. Restrict access to the fast boot functionality to minimize the risk of exploitation.