CVE-2020-11185
7.8 HIGH
📋 TL;DR
CVE-2020-11185 is an out-of-bounds write vulnerability in Qualcomm WLAN drivers that allows attackers to execute arbitrary code or cause denial of service by sending specially crafted firmware responses. This affects devices using vulnerable Snapdragon chipsets across automotive, mobile, networking, and consumer electronics products. Attackers could potentially gain kernel-level privileges on affected systems.
💻 Affected Systems
Products:
- Snapdragon Auto
- Snapdragon Connectivity
- Snapdragon Consumer Electronics Connectivity
- Snapdragon Mobile
- Snapdragon Wired Infrastructure and Networking
Versions: Various chipset-specific firmware versions prior to December 2020 patches
Operating Systems: Android, Linux-based embedded systems, Automotive OS variants
Default Config Vulnerable:
⚠️ Yes
Notes: Affects devices with vulnerable Qualcomm WLAN firmware. Exact impact depends on chipset model and OEM implementation.
📦 What is this software?
Ar9380 by Qualcomm
Csr8811 by Qualcomm
Ipq4018 by Qualcomm
Ipq4019 by Qualcomm
Ipq4028 by Qualcomm
Ipq4029 by Qualcomm
Ipq6000 by Qualcomm
Ipq6005 by Qualcomm
Ipq6010 by Qualcomm
Ipq6018 by Qualcomm
Ipq6028 by Qualcomm
Ipq8064 by Qualcomm
Ipq8065 by Qualcomm
Ipq8068 by Qualcomm
Ipq8070 by Qualcomm
Ipq8070a by Qualcomm
Ipq8071 by Qualcomm
Ipq8071a by Qualcomm
Ipq8072 by Qualcomm
Ipq8072a by Qualcomm
Ipq8074 by Qualcomm
Ipq8074a by Qualcomm
Ipq8076 by Qualcomm
Ipq8076a by Qualcomm
Ipq8078 by Qualcomm
Ipq8078a by Qualcomm
Ipq8173 by Qualcomm
Ipq8174 by Qualcomm
Pm3003a by Qualcomm
Pm7350c by Qualcomm
Pm8008 by Qualcomm
Pm8009 by Qualcomm
Pm8350 by Qualcomm
Pm8350b by Qualcomm
Pm8350bh by Qualcomm
Pm8350bhs by Qualcomm
Pm8350c by Qualcomm
Pmk7350 by Qualcomm
Pmk8002 by Qualcomm
Pmk8350 by Qualcomm
Pmm6155au by Qualcomm
Pmm8155au by Qualcomm
Pmm8195au by Qualcomm
Pmm855au by Qualcomm
Pmr525 by Qualcomm
Pmr735a by Qualcomm
Pmr735b by Qualcomm
Pmx55 by Qualcomm
Qat3514 by Qualcomm
Qat3516 by Qualcomm
Qat3518 by Qualcomm
Qat3519 by Qualcomm
Qat3555 by Qualcomm
Qat5515 by Qualcomm
Qat5516 by Qualcomm
Qat5522 by Qualcomm
Qat5568 by Qualcomm
Qca4024 by Qualcomm
Qca6175a by Qualcomm
Qca6390 by Qualcomm
Qca6391 by Qualcomm
Qca6428 by Qualcomm
Qca6438 by Qualcomm
Qca6564a by Qualcomm
Qca6564au by Qualcomm
Qca6574 by Qualcomm
Qca6574a by Qualcomm
Qca6574au by Qualcomm
Qca6584au by Qualcomm
Qca6595 by Qualcomm
Qca6595au by Qualcomm
Qca6696 by Qualcomm
Qca7500 by Qualcomm
Qca8072 by Qualcomm
Qca8075 by Qualcomm
Qca8081 by Qualcomm
Qca9880 by Qualcomm
Qca9886 by Qualcomm
Qca9888 by Qualcomm
Qca9889 by Qualcomm
Qca9898 by Qualcomm
Qca9980 by Qualcomm
Qca9984 by Qualcomm
Qca9985 by Qualcomm
Qca9990 by Qualcomm
Qca9992 by Qualcomm
Qca9994 by Qualcomm
Qcn5021 by Qualcomm
Qcn5022 by Qualcomm
Qcn5024 by Qualcomm
Qcn5052 by Qualcomm
Qcn5054 by Qualcomm
Qcn5064 by Qualcomm
Qcn5121 by Qualcomm
Qcn5122 by Qualcomm
Qcn5124 by Qualcomm
Qcn5152 by Qualcomm
Qcn5154 by Qualcomm
Qcn5164 by Qualcomm
Qcn5550 by Qualcomm
Qcn7605 by Qualcomm
Qcn7606 by Qualcomm
Qcn9000 by Qualcomm
Qcn9074 by Qualcomm
Qdm2307 by Qualcomm
Qdm2308 by Qualcomm
Qdm2310 by Qualcomm
Qdm3301 by Qualcomm
Qdm3302 by Qualcomm
Qdm4643 by Qualcomm
Qdm4650 by Qualcomm
Qdm5579 by Qualcomm
Qdm5620 by Qualcomm
Qdm5621 by Qualcomm
Qdm5670 by Qualcomm
Qdm5671 by Qualcomm
Qdm5677 by Qualcomm
Qdm5679 by Qualcomm
Qet5100 by Qualcomm
Qet5100m by Qualcomm
Qet6100 by Qualcomm
Qet6110 by Qualcomm
Qfs2530 by Qualcomm
Qfs2580 by Qualcomm
Qfs2608 by Qualcomm
Qfs2630 by Qualcomm
Qln4642 by Qualcomm
Qln4650 by Qualcomm
Qln5020 by Qualcomm
Qln5030 by Qualcomm
Qln5040 by Qualcomm
Qpa2625 by Qualcomm
Qpa5461 by Qualcomm
Qpa5580 by Qualcomm
Qpa5581 by Qualcomm
Qpa6560 by Qualcomm
Qpa8801 by Qualcomm
Qpa8802 by Qualcomm
Qpa8803 by Qualcomm
Qpa8821 by Qualcomm
Qpa8842 by Qualcomm
Qpm4621 by Qualcomm
Qpm4630 by Qualcomm
Qpm4640 by Qualcomm
Qpm4641 by Qualcomm
Qpm4650 by Qualcomm
Qpm5621 by Qualcomm
Qpm5641 by Qualcomm
Qpm5670 by Qualcomm
Qpm5677 by Qualcomm
Qpm5679 by Qualcomm
Qpm5870 by Qualcomm
Qpm5875 by Qualcomm
Qpm6585 by Qualcomm
Qpm6621 by Qualcomm
Qpm6670 by Qualcomm
Qpm8820 by Qualcomm
Qpm8870 by Qualcomm
Qtm525 by Qualcomm
Sa6145p by Qualcomm
Sa6155p by Qualcomm
Sa8150p by Qualcomm
Sa8155 by Qualcomm
Sa8155p by Qualcomm
Sa8195p by Qualcomm
Sd8885g by Qualcomm
Sdr660g by Qualcomm
Sdr735 by Qualcomm
Sdr735g by Qualcomm
Sdr8250 by Qualcomm
Sdr865 by Qualcomm
Sdx55 by Qualcomm
Sdx55m by Qualcomm
Sm7350 by Qualcomm
Smb1394 by Qualcomm
Smb1395 by Qualcomm
Smb1396 by Qualcomm
Smb1398 by Qualcomm
Smr525 by Qualcomm
Smr526 by Qualcomm
Smr545 by Qualcomm
Smr546 by Qualcomm
Wcd9341 by Qualcomm
Wcd9380 by Qualcomm
Wcd9385 by Qualcomm
Wcn3910 by Qualcomm
Wcn3991 by Qualcomm
Wcn3998 by Qualcomm
Wcn6740 by Qualcomm
Wcn6750 by Qualcomm
Wcn6850 by Qualcomm
Wcn6851 by Qualcomm
Wcn6856 by Qualcomm
Wsa8830 by Qualcomm
Wsa8835 by Qualcomm
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with kernel privileges leading to complete system compromise, data theft, or persistent backdoor installation.
Likely Case
Local privilege escalation or denial of service affecting WLAN functionality on vulnerable devices.
If Mitigated
Limited impact with proper network segmentation and updated firmware preventing exploitation.
🌐 Internet-Facing: MEDIUM - Requires WLAN access but could be exploited via malicious access points or network packets.
🏢 Internal Only: HIGH - Internal attackers with network access could exploit this for privilege escalation.
🎯 Exploit Status
Public PoC:
✅ No
Weaponized:
UNKNOWN
Unauthenticated Exploit:
✅ No
Complexity:
MEDIUM
Exploitation requires sending malicious firmware responses to the WLAN driver, which typically requires local network access or compromised firmware.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware updates released in December 2020 security bulletins
Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin
Restart Required: Yes
Instructions:
1. Check device manufacturer for available firmware updates. 2. Apply Qualcomm-provided patches through OEM update channels. 3. Reboot device after update installation. 4. Verify patch application through version checks.
🔧 Temporary Workarounds
Network Segmentation
allIsolate vulnerable devices from untrusted networks to limit attack surface
WLAN Access Control
allRestrict WLAN connections to trusted access points only
🧯 If You Can't Patch
- Isolate affected devices in separate network segments with strict firewall rules
- Disable WLAN functionality if not required, using wired connections instead
🔍 How to Verify
Check if Vulnerable:
Check device firmware version against Qualcomm security bulletin. Use 'cat /proc/version' or device-specific firmware check commands.Check Version:
Device-specific: For Android devices, check Settings > About Phone > Build Number. For embedded systems, consult OEM documentation.Verify Fix Applied:
Verify firmware version has been updated to post-December 2020 patches. Check with OEM-specific update verification tools.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- WLAN driver crash reports
- Unexpected firmware response errors
Network Indicators:
- Unusual WLAN traffic patterns
- Malformed network packets targeting WLAN drivers
SIEM Query:
source="kernel" AND ("WLAN driver" OR "firmware response") AND ("panic" OR "crash" OR "out of bounds")