CVE-2020-11161

Q: What is the severity of CVE-2020-11161?

CVE-2020-11161 has a CVSS score of 7.1 (HIGH). This vulnerability allows out-of-bounds memory access in Qualcomm Snapdragon chipsets when processing negative width values from external components. It affects multiple Snapdragon product lines including Auto, Compute, Mobile, and IoT variants. Attackers could potentially exploit this to execute arbitrary code or cause denial of service.

7.1 HIGH

📋 TL;DR

This vulnerability allows out-of-bounds memory access in Qualcomm Snapdragon chipsets when processing negative width values from external components. It affects multiple Snapdragon product lines including Auto, Compute, Mobile, and IoT variants. Attackers could potentially exploit this to execute arbitrary code or cause denial of service.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Voice & Music

Versions: Specific chipset versions not detailed in public advisory

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Qualcomm chipsets across multiple product categories; exact chip models require checking Qualcomm's security bulletin

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation

🟠

Likely Case

Denial of service (device crash/reboot) or limited information disclosure

🟢

If Mitigated

Contained impact with proper memory protections and exploit mitigations

🌐 Internet-Facing: MEDIUM - Requires external component interaction but could be triggered remotely

🏢 Internal Only: MEDIUM - Could be exploited through malicious apps or local access

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires triggering specific memory alignment calculations with negative width values

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm January 2021 security bulletin for specific chipset updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

Restart Required: Yes

Instructions:

1. Check Qualcomm security bulletin for affected chipset versions. 2. Obtain firmware updates from device manufacturer. 3. Apply firmware updates following manufacturer instructions. 4. Reboot device to activate patches.

🔧 Temporary Workarounds

Input validation for external components

all

Implement strict input validation for width parameters from external sources

🧯 If You Can't Patch

Isolate affected devices from untrusted networks
Implement strict app vetting and installation controls

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's security bulletin

Check Version:

Device-specific commands vary by manufacturer (e.g., 'getprop ro.build.fingerprint' on Android)

Verify Fix Applied:

Verify firmware version has been updated to patched version from manufacturer

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Memory access violation errors
Unexpected device reboots

Network Indicators:

Unusual external component communication patterns

SIEM Query:

Device logs containing 'segmentation fault', 'memory violation', or 'kernel panic' near external component interactions

📊 Metadata

CVE ID: CVE-2020-11161

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: June 9, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8053 Firmware by Qualcomm

Apq8064au Firmware by Qualcomm

Apq8096au Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8151 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Pm215 Firmware by Qualcomm

Pm3003a Firmware by Qualcomm

Pm6125 Firmware by Qualcomm

Pm6150 Firmware by Qualcomm

Pm6150l Firmware by Qualcomm

Pm670 Firmware by Qualcomm

Pm670a Firmware by Qualcomm

Pm670l Firmware by Qualcomm

Pm7350c Firmware by Qualcomm

Pm8005 Firmware by Qualcomm

Pm8008 Firmware by Qualcomm

Pm8009 Firmware by Qualcomm

Pm8150a Firmware by Qualcomm

Pm8150b Firmware by Qualcomm

Pm8150c Firmware by Qualcomm

Pm8150l Firmware by Qualcomm

Pm8250 Firmware by Qualcomm

Pm8350 Firmware by Qualcomm

Pm8350b Firmware by Qualcomm

Pm8350bh Firmware by Qualcomm

Pm8350bhs Firmware by Qualcomm

Pm8350c Firmware by Qualcomm

Pm855 Firmware by Qualcomm

Pm855b Firmware by Qualcomm

Pm855l Firmware by Qualcomm

Pm8909 Firmware by Qualcomm

Pm8953 Firmware by Qualcomm

Pm8998 Firmware by Qualcomm

Pmd9607 Firmware by Qualcomm

Pmd9655 Firmware by Qualcomm

Pme605 Firmware by Qualcomm

Pmi632 Firmware by Qualcomm

Pmi8952 Firmware by Qualcomm

Pmk7350 Firmware by Qualcomm

Pmk8002 Firmware by Qualcomm

Pmk8350 Firmware by Qualcomm

Pmm6155au Firmware by Qualcomm

Pmm8996au Firmware by Qualcomm

Pmr525 Firmware by Qualcomm

Pmr735a Firmware by Qualcomm

Pmr735b Firmware by Qualcomm

Pmx20 Firmware by Qualcomm

Pmx55 Firmware by Qualcomm

Qat3514 Firmware by Qualcomm

Qat3516 Firmware by Qualcomm

Qat3518 Firmware by Qualcomm

Qat3519 Firmware by Qualcomm

Qat3522 Firmware by Qualcomm

Qat3555 Firmware by Qualcomm

Qat5515 Firmware by Qualcomm

Qat5516 Firmware by Qualcomm

Qat5522 Firmware by Qualcomm

Qat5568 Firmware by Qualcomm

Qbt2000 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca9367 Firmware by Qualcomm

Qca9377 Firmware by Qualcomm

Qca9379 Firmware by Qualcomm