CVE-2020-11136

Q: What is the severity of CVE-2020-11136?

CVE-2020-11136 has a CVSS score of 9.8 (CRITICAL). This CVE describes a buffer over-read vulnerability in Qualcomm audio drivers affecting numerous Snapdragon platforms. It allows attackers to read beyond allocated memory boundaries, potentially leading to information disclosure or system crashes. Affected devices include Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables, and Wired Infrastructure and Networking products.

9.8 CRITICAL

Buffer Overflow

📋 TL;DR

This CVE describes a buffer over-read vulnerability in Qualcomm audio drivers affecting numerous Snapdragon platforms. It allows attackers to read beyond allocated memory boundaries, potentially leading to information disclosure or system crashes. Affected devices include Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables, and Wired Infrastructure and Networking products.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon IoT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables
Snapdragon Wired Infrastructure and Networking

Versions: Multiple affected versions across platforms (see Qualcomm advisory for specific versions)

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Qualcomm audio drivers. Specific chipset models and firmware versions vary.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

System crashes (denial of service) or information disclosure from kernel memory.

🟢

If Mitigated

Limited impact with proper memory protections and exploit mitigations in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

CVSS 9.8 indicates critical severity with network-accessible attack vector. Requires specific conditions to trigger the buffer over-read.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm December 2020 security bulletin for specific patched versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM updates. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Disable vulnerable audio services

linux

Temporarily disable or restrict audio driver functionality if not essential

Specific commands depend on device and OS configuration

🧯 If You Can't Patch

Network segmentation to isolate affected devices
Implement strict access controls and monitor for abnormal audio service behavior

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against Qualcomm advisory. Use 'cat /proc/version' or device-specific version commands.

Check Version:

Device-specific (e.g., 'getprop ro.build.version.security_patch' for Android)

Verify Fix Applied:

Verify firmware version has been updated to patched version specified in Qualcomm bulletin.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Audio service crashes
Memory access violation errors

Network Indicators:

Unusual network traffic to/from affected devices
Anomalous audio service network connections

SIEM Query:

Search for kernel panic events or audio service crashes on Snapdragon devices

📊 Metadata

CVE ID: CVE-2020-11136

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: January 21, 2021

Last Updated: November 21, 2024

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 by Qualcomm

Apq8009w by Qualcomm

Apq8017 by Qualcomm

Apq8030 by Qualcomm

Apq8037 by Qualcomm

Apq8052 by Qualcomm

Apq8053 by Qualcomm

Apq8056 by Qualcomm

Apq8060a by Qualcomm

Apq8062 by Qualcomm

Apq8064 by Qualcomm

Apq8064au by Qualcomm

Apq8076 by Qualcomm

Apq8084 by Qualcomm

Apq8096au by Qualcomm

Aqt1000 by Qualcomm

Ar6003 by Qualcomm

Ar8031 by Qualcomm

Ar8035 by Qualcomm

Ar8151 by Qualcomm

Ar9374 by Qualcomm

Csra6620 by Qualcomm

Csra6640 by Qualcomm

Csrb31024 by Qualcomm

Mdm8215 by Qualcomm

Mdm8215m by Qualcomm

Mdm8615m by Qualcomm

Mdm8635m by Qualcomm

Mdm9206 by Qualcomm

Mdm9215 by Qualcomm

Mdm9225 by Qualcomm

Mdm9225m by Qualcomm

Mdm9230 by Qualcomm

Mdm9235m by Qualcomm

Mdm9310 by Qualcomm

Mdm9330 by Qualcomm

Mdm9607 by Qualcomm

Mdm9615 by Qualcomm

Mdm9615m by Qualcomm

Mdm9625 by Qualcomm

Mdm9625m by Qualcomm

Mdm9628 by Qualcomm

Mdm9630 by Qualcomm

Mdm9635m by Qualcomm

Mdm9640 by Qualcomm

Mdm9645 by Qualcomm

Mdm9650 by Qualcomm

Mdm9655 by Qualcomm

Mpq8064 by Qualcomm

Msm8108 by Qualcomm

Msm8208 by Qualcomm

Msm8209 by Qualcomm

Msm8226 by Qualcomm

Msm8227 by Qualcomm

Msm8230 by Qualcomm

Msm8608 by Qualcomm

Msm8610 by Qualcomm

Msm8626 by Qualcomm

Msm8627 by Qualcomm

Msm8630 by Qualcomm

Msm8909w by Qualcomm

Msm8917 by Qualcomm

Msm8920 by Qualcomm

Msm8930 by Qualcomm

Msm8937 by Qualcomm

Msm8940 by Qualcomm

Msm8952 by Qualcomm

Msm8953 by Qualcomm

Msm8956 by Qualcomm

Msm8960 by Qualcomm

Msm8960sg by Qualcomm

Msm8962 by Qualcomm

Msm8976 by Qualcomm

Msm8976sg by Qualcomm

Msm8996au by Qualcomm

Pm215 by Qualcomm

Pm3003a by Qualcomm