CVE-2020-11176

9.8 CRITICAL

Remote Code Execution Denial of Service

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code or cause denial of service via heap overflow during IPSec certificate validation in Qualcomm Snapdragon chipsets. It affects devices using vulnerable Snapdragon processors across automotive, compute, mobile, and IoT platforms. Attackers can exploit this by sending malicious certificates to IPSec servers.

💻 Affected Systems

Products:

• Snapdragon Auto
• Snapdragon Compute
• Snapdragon Connectivity
• Snapdragon Consumer IOT
• Snapdragon Industrial IOT
• Snapdragon IoT
• Snapdragon Mobile

Versions: Multiple Snapdragon chipset versions prior to June 2021 patches

Operating Systems: Android, Linux-based IoT/embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in Qualcomm firmware/drivers, affects devices regardless of OS if using vulnerable Snapdragon chipsets

📦 What is this software?

Apq8017 Firmware by Qualcomm

View all CVEs affecting Apq8017 Firmware →

Apq8053 Firmware by Qualcomm

View all CVEs affecting Apq8053 Firmware →

Aqt1000 Firmware by Qualcomm

View all CVEs affecting Aqt1000 Firmware →

Ar8035 Firmware by Qualcomm

View all CVEs affecting Ar8035 Firmware →

Csrb31024 Firmware by Qualcomm

View all CVEs affecting Csrb31024 Firmware →

Msm8917 Firmware by Qualcomm

View all CVEs affecting Msm8917 Firmware →

Msm8920 Firmware by Qualcomm

View all CVEs affecting Msm8920 Firmware →

Msm8940 Firmware by Qualcomm

View all CVEs affecting Msm8940 Firmware →

Msm8953 Firmware by Qualcomm

View all CVEs affecting Msm8953 Firmware →

Msm8976 Firmware by Qualcomm

View all CVEs affecting Msm8976 Firmware →

Msm8976sg Firmware by Qualcomm

View all CVEs affecting Msm8976sg Firmware →

Qca6174a Firmware by Qualcomm

View all CVEs affecting Qca6174a Firmware →

Qca6390 Firmware by Qualcomm

View all CVEs affecting Qca6390 Firmware →

Qca6391 Firmware by Qualcomm

View all CVEs affecting Qca6391 Firmware →

Qca6420 Firmware by Qualcomm

View all CVEs affecting Qca6420 Firmware →

Qca6421 Firmware by Qualcomm

View all CVEs affecting Qca6421 Firmware →

Qca6426 Firmware by Qualcomm

View all CVEs affecting Qca6426 Firmware →

Qca6430 Firmware by Qualcomm

View all CVEs affecting Qca6430 Firmware →

Qca6431 Firmware by Qualcomm

View all CVEs affecting Qca6431 Firmware →

Qca6436 Firmware by Qualcomm

View all CVEs affecting Qca6436 Firmware →

Qca6564au Firmware by Qualcomm

View all CVEs affecting Qca6564au Firmware →

Qca6574a Firmware by Qualcomm

View all CVEs affecting Qca6574a Firmware →

Qca6574au Firmware by Qualcomm

View all CVEs affecting Qca6574au Firmware →

Qca6584au Firmware by Qualcomm

View all CVEs affecting Qca6584au Firmware →

Qca6595au Firmware by Qualcomm

View all CVEs affecting Qca6595au Firmware →

Qca6696 Firmware by Qualcomm

View all CVEs affecting Qca6696 Firmware →

Qca8337 Firmware by Qualcomm

View all CVEs affecting Qca8337 Firmware →

Qca9377 Firmware by Qualcomm

View all CVEs affecting Qca9377 Firmware →

Qca9379 Firmware by Qualcomm

View all CVEs affecting Qca9379 Firmware →

Qcm4290 Firmware by Qualcomm

View all CVEs affecting Qcm4290 Firmware →

Qcm6125 Firmware by Qualcomm

View all CVEs affecting Qcm6125 Firmware →

Qcs410 Firmware by Qualcomm

View all CVEs affecting Qcs410 Firmware →

Qcs4290 Firmware by Qualcomm

View all CVEs affecting Qcs4290 Firmware →

Qcs610 Firmware by Qualcomm

View all CVEs affecting Qcs610 Firmware →

Qcs6125 Firmware by Qualcomm

View all CVEs affecting Qcs6125 Firmware →

Sa415m Firmware by Qualcomm

View all CVEs affecting Sa415m Firmware →

Sa515m Firmware by Qualcomm

View all CVEs affecting Sa515m Firmware →

Sa8155 Firmware by Qualcomm

View all CVEs affecting Sa8155 Firmware →

Sa8155p Firmware by Qualcomm

View all CVEs affecting Sa8155p Firmware →

Sc8180x Firmware by Qualcomm

View all CVEs affecting Sc8180x Firmware →

Sd 675 Firmware by Qualcomm

View all CVEs affecting Sd 675 Firmware →

Sd 8c Firmware by Qualcomm

View all CVEs affecting Sd 8c Firmware →

Sd 8cx Firmware by Qualcomm

View all CVEs affecting Sd 8cx Firmware →

Sd450 Firmware by Qualcomm

View all CVEs affecting Sd450 Firmware →

Sd480 Firmware by Qualcomm

View all CVEs affecting Sd480 Firmware →

Sd665 Firmware by Qualcomm

View all CVEs affecting Sd665 Firmware →

Sd670 Firmware by Qualcomm

View all CVEs affecting Sd670 Firmware →

Sd675 Firmware by Qualcomm

View all CVEs affecting Sd675 Firmware →

Sd678 Firmware by Qualcomm

View all CVEs affecting Sd678 Firmware →

Sd690 5g Firmware by Qualcomm

View all CVEs affecting Sd690 5g Firmware →

Sd720g Firmware by Qualcomm

View all CVEs affecting Sd720g Firmware →

Sd730 Firmware by Qualcomm

View all CVEs affecting Sd730 Firmware →

Sd750g Firmware by Qualcomm

View all CVEs affecting Sd750g Firmware →

Sd765 Firmware by Qualcomm

View all CVEs affecting Sd765 Firmware →

Sd765g Firmware by Qualcomm

View all CVEs affecting Sd765g Firmware →

Sd768g Firmware by Qualcomm

View all CVEs affecting Sd768g Firmware →

Sd845 Firmware by Qualcomm

View all CVEs affecting Sd845 Firmware →

Sd855 Firmware by Qualcomm

View all CVEs affecting Sd855 Firmware →

Sd865 5g Firmware by Qualcomm

View all CVEs affecting Sd865 5g Firmware →

Sd870 Firmware by Qualcomm

View all CVEs affecting Sd870 Firmware →

Sd888 5g Firmware by Qualcomm

View all CVEs affecting Sd888 5g Firmware →

Sdx24 Firmware by Qualcomm

View all CVEs affecting Sdx24 Firmware →

Sdx50m Firmware by Qualcomm

View all CVEs affecting Sdx50m Firmware →

Sdx55 Firmware by Qualcomm

View all CVEs affecting Sdx55 Firmware →

Sdx55 Firmware by Qualcomm

View all CVEs affecting Sdx55 Firmware →

Sdx55m Firmware by Qualcomm

View all CVEs affecting Sdx55m Firmware →

Sdxr2 5g Firmware by Qualcomm

View all CVEs affecting Sdxr2 5g Firmware →

Sm6250 Firmware by Qualcomm

View all CVEs affecting Sm6250 Firmware →

Sm6250p Firmware by Qualcomm

View all CVEs affecting Sm6250p Firmware →

Sm7250p Firmware by Qualcomm

View all CVEs affecting Sm7250p Firmware →

Wcd9326 Firmware by Qualcomm

View all CVEs affecting Wcd9326 Firmware →

Wcd9335 Firmware by Qualcomm

View all CVEs affecting Wcd9335 Firmware →

Wcd9340 Firmware by Qualcomm

View all CVEs affecting Wcd9340 Firmware →

Wcd9341 Firmware by Qualcomm

View all CVEs affecting Wcd9341 Firmware →

Wcd9360 Firmware by Qualcomm

View all CVEs affecting Wcd9360 Firmware →

Wcd9370 Firmware by Qualcomm

View all CVEs affecting Wcd9370 Firmware →

Wcd9371 Firmware by Qualcomm

View all CVEs affecting Wcd9371 Firmware →

Wcd9375 Firmware by Qualcomm

View all CVEs affecting Wcd9375 Firmware →

Wcd9380 Firmware by Qualcomm

View all CVEs affecting Wcd9380 Firmware →

Wcd9385 Firmware by Qualcomm

View all CVEs affecting Wcd9385 Firmware →

Wcn3615 Firmware by Qualcomm

View all CVEs affecting Wcn3615 Firmware →

Wcn3660b Firmware by Qualcomm

View all CVEs affecting Wcn3660b Firmware →

Wcn3680b Firmware by Qualcomm

View all CVEs affecting Wcn3680b Firmware →

Wcn3910 Firmware by Qualcomm

View all CVEs affecting Wcn3910 Firmware →

Wcn3950 Firmware by Qualcomm

View all CVEs affecting Wcn3950 Firmware →

Wcn3980 Firmware by Qualcomm

View all CVEs affecting Wcn3980 Firmware →

Wcn3988 Firmware by Qualcomm

View all CVEs affecting Wcn3988 Firmware →

Wcn3990 Firmware by Qualcomm

View all CVEs affecting Wcn3990 Firmware →

Wcn3991 Firmware by Qualcomm

View all CVEs affecting Wcn3991 Firmware →

Wcn3998 Firmware by Qualcomm

View all CVEs affecting Wcn3998 Firmware →

Wcn6750 Firmware by Qualcomm

View all CVEs affecting Wcn6750 Firmware →

Wcn6850 Firmware by Qualcomm

View all CVEs affecting Wcn6850 Firmware →

Wcn6851 Firmware by Qualcomm

View all CVEs affecting Wcn6851 Firmware →

Wcn6855 Firmware by Qualcomm

View all CVEs affecting Wcn6855 Firmware →

Wcn6856 Firmware by Qualcomm

View all CVEs affecting Wcn6856 Firmware →

Whs9410 Firmware by Qualcomm

View all CVEs affecting Whs9410 Firmware →

Wsa8810 Firmware by Qualcomm

View all CVEs affecting Wsa8810 Firmware →

Wsa8815 Firmware by Qualcomm

View all CVEs affecting Wsa8815 Firmware →

Wsa8830 Firmware by Qualcomm

View all CVEs affecting Wsa8830 Firmware →

Wsa8835 Firmware by Qualcomm

View all CVEs affecting Wsa8835 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation

🟠

Likely Case

Denial of service causing device crashes or instability, potentially leading to remote control

🟢

If Mitigated

Limited impact if IPSec is disabled or network segmentation prevents external access

🌐 Internet-Facing: HIGH - IPSec servers exposed to internet could be directly exploited

🏢 Internal Only: MEDIUM - Internal IPSec connections could be exploited by compromised internal systems

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malicious certificates to IPSec servers, but specific exploit details are not publicly documented

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Vendor-specific firmware updates released June 2021

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/june-2021-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM update channels. 3. Reboot device after update.

🔧 Temporary Workarounds

Disable IPSec

all

Temporarily disable IPSec VPN functionality if not required

Copy

Device-specific - consult manufacturer documentation

Network Segmentation

all

Restrict access to IPSec servers to trusted networks only

Copy

firewall rules to limit IPSec port 500/4500 access

🧯 If You Can't Patch

• Implement strict network access controls to limit IPSec server exposure
• Monitor IPSec connections for anomalous certificate patterns

🔍 How to Verify

Check if Vulnerable:

Copy

Check device firmware version against manufacturer's patched versions list

Check Version:

Copy

Device-specific - typically 'getprop' on Android or manufacturer diagnostic tools

Verify Fix Applied:

Copy

Confirm firmware version is post-June 2021 and check Qualcomm security bulletin for specific patch levels

📡 Detection & Monitoring

Log Indicators:

• IPSec connection failures
• Certificate validation errors
• System crashes during VPN handshake

Network Indicators:

• Unusual IPSec connection attempts
• Malformed certificate packets to port 500/4500

SIEM Query:

Copy

source_port:500 OR source_port:4500 AND (certificate_error OR heap_overflow)

📊 Metadata

CVE ID: CVE-2020-11176

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: June 9, 2021

Last Updated: November 21, 2024

🔗 References

• https://www.qualcomm.com/company/product-security/bulletins/june-2021-bulletin Vendor Advisory
• https://www.qualcomm.com/company/product-security/bulletins/june-2021-bulletin Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-11176, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)

CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)

CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)