CVE-2021-1965 PoC — 多款Qualcomm产品输入验证错误漏洞

Source

https://github.com/parsdefense/CVE-2021-1965

Associated Vulnerability

Title:多款Qualcomm产品输入验证错误漏洞 (CVE-2021-1965)
Description:Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Description

CVE-2021-1965 WiFi Zero Click RCE Trigger PoC

Readme

# CVE-2021-1965
CVE-2021-1965 WiFi Zero Click RCE Trigger PoC

Compile: make

BE SURE THAT monitor mode is enabled on your wifi card and interface name is updated here:

https://github.com/parsdefense/CVE-2021-1965/blob/main/CVE-2021-1965-poc.c#L158

This is a quick&dirty Proof-of-Concept code to verify if your phone is vulnerable. After running the poc code, your phone is supposed to crash&reboot within seconds. In case you need more info about the bug & vulnerable code, here you are:

Description: Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse

During multiple BSSID scan ie parse, there is memory allocation on new_ie variable of size 1024 which may create buffer overflow in util_gen_new_ie() if ie length is greater than 1024.

https://source.codeaurora.org/quic/qsdk/platform/vendor/qcom-opensource/wlan/qca-wifi-host-cmn/commit/?id=a426e5e1668fff3dfe8bde777a9340cbc129f8df

File Snapshot


 [4.0K]  /data/pocs/423e629c9978f69ed65ca23f9793a0d4964047ef
├── [ 16K]  CVE-2021-1965-poc.c
├── [1.0K]  LICENSE.md
├── [ 105]  Makefile
└── [ 930]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!