CVE-2021-30254

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto (affected versions not specified) Qualcomm Snapdragon Compute (affected versions not specified) Qualcomm Snapdragon Connectivity (affected versions not specified) Qualcomm Snapdragon Consumer IOT (affected versions not specified) Qualcomm Snapdragon Industrial IOT (affected versions not specified) Qualcomm Snapdragon IoT (affected versions not specified) Qualcomm Snapdragon Mobile (affected versions not specified) Qualcomm Snapdragon Voice & Music (affected versions not specified) Qualcomm Snapdragon Wearables (affected versions not specified)

Description The issue is related to a possible buffer overflow due to improper input validation in the factory calibration and test DIAG command. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Qualcomm Snapdragon Auto, consider disabling the factory calibration and test DIAG command until a patch is available. For Qualcomm Snapdragon Compute, restrict access to the DIAG command to minimize the risk of exploitation. For Qualcomm Snapdragon Connectivity, avoid using the factory calibration and test DIAG command in sensitive operations until the issue is resolved. For Qualcomm Snapdragon Consumer IOT, temporarily disable the DIAG command functionality to prevent potential attacks. For Qualcomm Snapdragon Industrial IOT, restrict the use of the factory calibration and test DIAG command to authorized personnel only. For Qualcomm Snapdragon IoT, consider implementing additional input validation measures for the DIAG command. For Qualcomm Snapdragon Mobile, avoid using the DIAG command for sensitive operations until a fix is available. For Qualcomm Snapdragon Voice & Music, disable the factory calibration and test DIAG command as a temporary workaround. For Qualcomm Snapdragon Wearables, restrict access to the DIAG command to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.