CVE-2021-30300

Name of the Vulnerable Software and Affected Versions Snapdragon Auto (affected versions not specified) Snapdragon Compute (affected versions not specified) Snapdragon Connectivity (affected versions not specified) Snapdragon Consumer IOT (affected versions not specified) Snapdragon Industrial IOT (affected versions not specified) Snapdragon Voice & Music (affected versions not specified) Snapdragon Wearables (affected versions not specified)

Description The issue is related to a possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message. This incorrect decoding assigns a garbage value to choice when processing the SRS configuration. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. The technical details about exploitation include the incorrect decoding of hex data for the SIB2 OTA message and the assignment of a garbage value to choice.

Recommendations For Snapdragon Auto, update to a version that correctly decodes hex data for the SIB2 OTA message. For Snapdragon Compute, update to a version that correctly decodes hex data for the SIB2 OTA message. For Snapdragon Connectivity, update to a version that correctly decodes hex data for the SIB2 OTA message. For Snapdragon Consumer IOT, update to a version that correctly decodes hex data for the SIB2 OTA message. For Snapdragon Industrial IOT, update to a version that correctly decodes hex data for the SIB2 OTA message. For Snapdragon Voice & Music, update to a version that correctly decodes hex data for the SIB2 OTA message. For Snapdragon Wearables, update to a version that correctly decodes hex data for the SIB2 OTA message. As a temporary workaround, consider restricting the processing of SRS configuration to minimize the risk of exploitation.