CVE-2020-11163

Q: What is the severity of CVE-2020-11163?

CVE-2020-11163 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote code execution via buffer overflow in Qualcomm Snapdragon chipsets when processing IKEv2 parameters from ePDG servers. Attackers can exploit this to execute arbitrary code with system privileges. Affected devices include automotive, mobile, IoT, and compute platforms using vulnerable Snapdragon chipsets.

9.8 CRITICAL

Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows remote code execution via buffer overflow in Qualcomm Snapdragon chipsets when processing IKEv2 parameters from ePDG servers. Attackers can exploit this to execute arbitrary code with system privileges. Affected devices include automotive, mobile, IoT, and compute platforms using vulnerable Snapdragon chipsets.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile

Versions: Specific chipset versions not detailed in advisory

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires IKEv2 VPN functionality with ePDG server communication

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary code with kernel privileges, potentially leading to persistent backdoors, data theft, or device bricking.

🟠

Likely Case

Remote code execution leading to device compromise, data exfiltration, or integration into botnets.

🟢

If Mitigated

Denial of service or limited information disclosure if exploit attempts are detected and blocked.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access to trigger IKEv2 parameter updates

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm February 2021 security bulletin

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable IKEv2 VPN functionality

linux

Disable IKEv2 VPN services if not required

systemctl stop ikev2-service
systemctl disable ikev2-service

Network segmentation

all

Restrict ePDG server communication to trusted networks

🧯 If You Can't Patch

Implement strict network filtering to block untrusted ePDG server connections
Deploy intrusion detection systems to monitor for buffer overflow attempts

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm advisory

Check Version:

cat /proc/cpuinfo | grep -i qualcomm

Verify Fix Applied:

Verify firmware version has been updated to post-February 2021 patch level

📡 Detection & Monitoring

Log Indicators:

Unusual IKEv2 parameter update failures
Kernel panic or crash logs
Memory corruption warnings

Network Indicators:

Suspicious IKEv2 traffic patterns
Unexpected ePDG server connections

SIEM Query:

source="kernel" AND ("buffer overflow" OR "segmentation fault") AND process="ikev2"

📊 Metadata

CVE ID: CVE-2020-11163

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-129

Published: February 22, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8017 Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Msm8917 Firmware by Qualcomm

Pm215 Firmware by Qualcomm

Pm3003a Firmware by Qualcomm

Pm4125 Firmware by Qualcomm

Pm4250 Firmware by Qualcomm

Pm439 Firmware by Qualcomm

Pm456 Firmware by Qualcomm

Pm6125 Firmware by Qualcomm

Pm6150 Firmware by Qualcomm

Pm6150a Firmware by Qualcomm

Pm6150l Firmware by Qualcomm

Pm6250 Firmware by Qualcomm

Pm640a Firmware by Qualcomm

Pm640l Firmware by Qualcomm

Pm640p Firmware by Qualcomm

Pm7150a Firmware by Qualcomm

Pm7150l Firmware by Qualcomm

Pm7250 Firmware by Qualcomm

Pm7250b Firmware by Qualcomm

Pm8004 Firmware by Qualcomm

Pm8008 Firmware by Qualcomm

Pm8009 Firmware by Qualcomm

Pm8150 Firmware by Qualcomm

Pm8150a Firmware by Qualcomm

Pm8150b Firmware by Qualcomm

Pm8150c Firmware by Qualcomm

Pm8150l Firmware by Qualcomm

Pm8250 Firmware by Qualcomm

Pm855 Firmware by Qualcomm

Pm855a Firmware by Qualcomm

Pm855b Firmware by Qualcomm

Pm855l Firmware by Qualcomm

Pm855p Firmware by Qualcomm

Pm8909 Firmware by Qualcomm

Pm8916 Firmware by Qualcomm

Pm8937 Firmware by Qualcomm

Pmc1000h Firmware by Qualcomm

Pmi632 Firmware by Qualcomm

Pmi8937 Firmware by Qualcomm

Pmi8952 Firmware by Qualcomm

Pmk8002 Firmware by Qualcomm

Pmm855au Firmware by Qualcomm

Pmr525 Firmware by Qualcomm

Pmr735a Firmware by Qualcomm

Pmx24 Firmware by Qualcomm

Pmx50 Firmware by Qualcomm

Pmx55 Firmware by Qualcomm

Qat3516 Firmware by Qualcomm

Qat3518 Firmware by Qualcomm

Qat3519 Firmware by Qualcomm

Qat3522 Firmware by Qualcomm

Qat3550 Firmware by Qualcomm

Qat3555 Firmware by Qualcomm

Qat5515 Firmware by Qualcomm

Qat5516 Firmware by Qualcomm

Qat5522 Firmware by Qualcomm

Qat5533 Firmware by Qualcomm

Qbt1500 Firmware by Qualcomm

Qbt2000 Firmware by Qualcomm

Qca6174a Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm