CVE-2020-11140

Q: What is the severity of CVE-2020-11140?

CVE-2020-11140 has a CVSS score of 9.8 (CRITICAL). CVE-2020-11140 is a critical memory corruption vulnerability in Qualcomm Snapdragon chipsets that allows out-of-bounds memory access during ALAC (Apple Lossless Audio Codec) music playback. Attackers can exploit this by crafting malicious audio files to potentially execute arbitrary code or cause denial of service. This affects billions of devices across automotive, mobile, IoT, and networking products using vulnerable Snapdragon processors.

9.8 CRITICAL

📋 TL;DR

CVE-2020-11140 is a critical memory corruption vulnerability in Qualcomm Snapdragon chipsets that allows out-of-bounds memory access during ALAC (Apple Lossless Audio Codec) music playback. Attackers can exploit this by crafting malicious audio files to potentially execute arbitrary code or cause denial of service. This affects billions of devices across automotive, mobile, IoT, and networking products using vulnerable Snapdragon processors.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon IoT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables
Snapdragon Wired Infrastructure and Networking

Versions: Multiple Snapdragon chipset versions prior to December 2020 security updates

Operating Systems: Android, Linux-based embedded systems, Automotive OS variants

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in the ALAC decoder implementation within Qualcomm's audio processing components. All devices with affected chipsets are vulnerable when processing ALAC audio files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, persistent backdoor installation, or device bricking.

🟠

Likely Case

Application crash or denial of service during audio playback, with potential for limited code execution in the audio processing context.

🟢

If Mitigated

Controlled crash of the media player application without system compromise if proper sandboxing and memory protections are in place.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user to play a malicious ALAC audio file. No authentication needed if attacker can deliver the file via web, email, messaging apps, or other media sharing methods.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: December 2020 security updates from Qualcomm and device manufacturers

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for available security updates. 2. Apply December 2020 or later security patches. 3. For embedded/IoT devices, contact vendor for firmware updates. 4. Reboot device after update installation.

🔧 Temporary Workarounds

Disable ALAC playback

all

Remove or disable ALAC codec support in media players

# Requires modifying media player configuration or removing ALAC libraries
# Example for Android: pm disable com.android.media or similar media services

File type filtering

linux

Block ALAC (.m4a, .alac) files at network perimeter

# Example iptables rule to block ALAC files
iptables -A INPUT -m string --string "ftypM4A" --algo bm -j DROP

🧯 If You Can't Patch

Implement application sandboxing to limit media player privileges
Deploy network filtering to block ALAC files and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check device security patch level - if before December 2020, likely vulnerable. Use Qualcomm's security bulletin to check specific chipset models.

Check Version:

# Android: getprop ro.build.version.security_patch
# Linux-based: check vendor firmware version

Verify Fix Applied:

Verify security patch level is December 2020 or later. Test with known safe ALAC files to ensure playback works without crashes.

📡 Detection & Monitoring

Log Indicators:

Media player crashes during audio playback
Kernel panic or system crashes when playing audio files
Unexpected memory access violations in audio services

Network Indicators:

ALAC file downloads from untrusted sources
Sudden increase in .m4a/.alac file transfers

SIEM Query:

source="*media*" AND (event="crash" OR event="segfault") AND process="*audio*" OR file_extension="m4a" OR file_extension="alac"

📊 Metadata

CVE ID: CVE-2020-11140

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: January 21, 2021

Last Updated: November 21, 2024

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8017 by Qualcomm

Apq8037 by Qualcomm

Apq8052 by Qualcomm

Apq8053 by Qualcomm

Apq8056 by Qualcomm

Apq8062 by Qualcomm

Apq8064au by Qualcomm

Apq8076 by Qualcomm

Apq8084 by Qualcomm

Apq8096au by Qualcomm

Aqt1000 by Qualcomm

Ar8031 by Qualcomm

Ar8035 by Qualcomm

Ar8151 by Qualcomm

Csra6620 by Qualcomm

Csra6640 by Qualcomm

Mdm8635m by Qualcomm

Mdm9225 by Qualcomm

Mdm9225m by Qualcomm

Mdm9230 by Qualcomm

Mdm9235m by Qualcomm

Mdm9330 by Qualcomm

Mdm9625 by Qualcomm

Mdm9625m by Qualcomm

Mdm9630 by Qualcomm

Mdm9635m by Qualcomm

Mdm9640 by Qualcomm

Mdm9645 by Qualcomm

Mdm9650 by Qualcomm

Mdm9655 by Qualcomm

Msm8226 by Qualcomm

Msm8610 by Qualcomm

Msm8626 by Qualcomm

Msm8917 by Qualcomm

Msm8920 by Qualcomm

Msm8937 by Qualcomm

Msm8940 by Qualcomm

Msm8952 by Qualcomm

Msm8953 by Qualcomm

Msm8956 by Qualcomm

Msm8962 by Qualcomm

Msm8976 by Qualcomm

Msm8976sg by Qualcomm

Msm8996au by Qualcomm

Pm215 by Qualcomm

Pm3003a by Qualcomm

Pm4125 by Qualcomm

Pm439 by Qualcomm

Pm456 by Qualcomm

Pm6125 by Qualcomm

Pm6150 by Qualcomm

Pm6150a by Qualcomm

Pm6150l by Qualcomm

Pm6250 by Qualcomm

Pm6350 by Qualcomm

Pm640a by Qualcomm

Pm640l by Qualcomm

Pm640p by Qualcomm

Pm660 by Qualcomm

Pm660a by Qualcomm

Pm660l by Qualcomm

Pm670 by Qualcomm

Pm670a by Qualcomm

Pm670l by Qualcomm

Pm7150a by Qualcomm

Pm7150l by Qualcomm

Pm7250 by Qualcomm

Pm7250b by Qualcomm

Pm7350c by Qualcomm

Pm8004 by Qualcomm

Pm8005 by Qualcomm

Pm8008 by Qualcomm

Pm8009 by Qualcomm

Pm8019 by Qualcomm

Pm8110 by Qualcomm

Pm8150 by Qualcomm

Pm8150a by Qualcomm