CVE-2020-11144

Q: What is the severity of CVE-2020-11144?

CVE-2020-11144 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows attackers to cause a buffer over-read while processing invalid DL ROHC packets for decompression in Qualcomm Snapdragon chipsets. It affects multiple Snapdragon product lines including Auto, Compute, Mobile, and IoT devices. The lack of size validation for compressed packets enables potential information disclosure or denial of service.

9.1 CRITICAL

Denial of Service Buffer Overflow

📋 TL;DR

This vulnerability allows attackers to cause a buffer over-read while processing invalid DL ROHC packets for decompression in Qualcomm Snapdragon chipsets. It affects multiple Snapdragon product lines including Auto, Compute, Mobile, and IoT devices. The lack of size validation for compressed packets enables potential information disclosure or denial of service.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon IoT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables

Versions: Multiple chipset versions prior to December 2020 security updates

Operating Systems: Android, Linux-based embedded systems, QNX, Other embedded OS using Snapdragon chips

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in firmware/baseband layer, affecting all devices using vulnerable Snapdragon chips regardless of OS configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Denial of service (device crash/reboot) or information disclosure from memory contents.

🟢

If Mitigated

Limited impact with proper network segmentation and packet filtering in place.

🌐 Internet-Facing: HIGH - Affected devices exposed to internet could be remotely exploited via malicious ROHC packets.

🏢 Internal Only: MEDIUM - Requires network access but could be exploited internally via rogue devices or compromised endpoints.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted ROHC packets to vulnerable devices. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: December 2020 security updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm December 2020 security patch. 3. Reboot device. 4. Verify patch installation through version checks.

🔧 Temporary Workarounds

Network Packet Filtering

all

Block or filter ROHC packets at network perimeter

iptables -A INPUT -p udp --dport 554 -j DROP # Example ROHC port blocking

Disable ROHC Compression

linux

Disable Robust Header Compression feature if not required

echo 0 > /proc/sys/net/ipv4/ip_no_pmtu_disc # May affect ROHC

🧯 If You Can't Patch

Segment affected devices into isolated network zones
Implement strict network monitoring for anomalous ROHC traffic

🔍 How to Verify

Check if Vulnerable:

Check chipset version and firmware date. Devices with Snapdragon chips and firmware older than December 2020 are likely vulnerable.

Check Version:

cat /proc/cpuinfo | grep -i qualcomm && cat /proc/version

Verify Fix Applied:

Verify firmware version includes December 2020 security patches. Check Qualcomm advisory for specific chipset patch versions.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Baseband processor crashes
Unexpected device reboots

Network Indicators:

Anomalous ROHC packet patterns
Spike in malformed UDP packets on ROHC ports

SIEM Query:

source="network_firewall" AND (protocol="ROHC" OR port=554) AND packet_size>threshold

📊 Metadata

CVE ID: CVE-2020-11144

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-20

Published: January 21, 2021

Last Updated: November 21, 2024

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 by Qualcomm

Apq8009w by Qualcomm

Apq8017 by Qualcomm

Apq8037 by Qualcomm

Apq8053 by Qualcomm

Apq8084 by Qualcomm

Apq8096au by Qualcomm

Aqt1000 by Qualcomm

Ar6003 by Qualcomm

Ar8035 by Qualcomm

Ar8151 by Qualcomm

Csr6030 by Qualcomm

Csrb31024 by Qualcomm

Fsm10055 by Qualcomm

Mdm8207 by Qualcomm

Mdm8215 by Qualcomm

Mdm8215m by Qualcomm

Mdm8615m by Qualcomm

Mdm9150 by Qualcomm

Mdm9205 by Qualcomm

Mdm9206 by Qualcomm

Mdm9207 by Qualcomm

Mdm9215 by Qualcomm

Mdm9230 by Qualcomm

Mdm9250 by Qualcomm

Mdm9310 by Qualcomm

Mdm9330 by Qualcomm

Mdm9607 by Qualcomm

Mdm9615 by Qualcomm

Mdm9615m by Qualcomm

Mdm9625 by Qualcomm

Mdm9628 by Qualcomm

Mdm9630 by Qualcomm

Mdm9635m by Qualcomm

Mdm9640 by Qualcomm

Mdm9645 by Qualcomm

Mdm9650 by Qualcomm

Mdm9655 by Qualcomm

Msm8108 by Qualcomm

Msm8208 by Qualcomm

Msm8209 by Qualcomm

Msm8608 by Qualcomm

Msm8909w by Qualcomm

Msm8917 by Qualcomm

Msm8920 by Qualcomm

Msm8937 by Qualcomm

Msm8940 by Qualcomm

Msm8953 by Qualcomm

Msm8976 by Qualcomm

Msm8976sg by Qualcomm

Msm8996au by Qualcomm

Pm215 by Qualcomm

Pm3003a by Qualcomm

Pm4125 by Qualcomm

Pm439 by Qualcomm

Pm456 by Qualcomm

Pm6125 by Qualcomm

Pm6150 by Qualcomm

Pm6150a by Qualcomm

Pm6150l by Qualcomm

Pm6250 by Qualcomm

Pm640a by Qualcomm

Pm640l by Qualcomm

Pm640p by Qualcomm

Pm660 by Qualcomm

Pm660a by Qualcomm

Pm660l by Qualcomm

Pm670 by Qualcomm

Pm670l by Qualcomm

Pm7150a by Qualcomm

Pm7150l by Qualcomm

Pm7250 by Qualcomm

Pm7250b by Qualcomm

Pm8004 by Qualcomm

Pm8005 by Qualcomm

Pm8008 by Qualcomm

Pm8009 by Qualcomm