CVE-2020-11190

Q: What is the severity of CVE-2020-11190?

CVE-2020-11190 has a CVSS score of 9.1 (CRITICAL). CVE-2020-11190 is a buffer over-read vulnerability in Qualcomm Snapdragon chipsets that allows attackers to read memory beyond allocated buffers when parsing SDP values. This can lead to information disclosure or potentially code execution. Affected devices include Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, and Wearables platforms.

9.1 CRITICAL

Buffer Overflow

📋 TL;DR

CVE-2020-11190 is a buffer over-read vulnerability in Qualcomm Snapdragon chipsets that allows attackers to read memory beyond allocated buffers when parsing SDP values. This can lead to information disclosure or potentially code execution. Affected devices include Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, and Wearables platforms.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon IoT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables

Versions: Multiple Snapdragon chipset versions prior to March 2021 security updates

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in firmware/software stack on affected Snapdragon platforms. Specific device models vary by manufacturer implementation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Information disclosure including memory contents, potentially exposing sensitive data or cryptographic keys.

🟢

If Mitigated

Limited information disclosure with proper memory protections and exploit mitigations in place.

🌐 Internet-Facing: MEDIUM - Requires specific conditions and network access to vulnerable services using SDP.

🏢 Internal Only: MEDIUM - Internal network access to affected devices could enable exploitation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malformed SDP packets to vulnerable services. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2021 security updates and later

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply March 2021 or later security patches. 3. Reboot device after update. 4. Verify patch installation.

🔧 Temporary Workarounds

Network segmentation

all

Isolate affected devices from untrusted networks to limit attack surface

Disable unnecessary SDP services

linux

Turn off Bluetooth SDP services if not required for device functionality

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor for abnormal memory access patterns or crashes in affected services

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer's security bulletin. Review Qualcomm advisory for specific chipset versions.

Check Version:

On Android: Settings > About phone > Android security patch level. On embedded systems: Check manufacturer documentation.

Verify Fix Applied:

Verify firmware version is March 2021 or later. Check that security patch level includes March 2021 updates.

📡 Detection & Monitoring

Log Indicators:

Memory access violations
Service crashes in Bluetooth/SDP components
Unexpected process terminations

Network Indicators:

Unusual SDP packet patterns
Malformed Bluetooth service discovery requests

SIEM Query:

Process:name="bluetoothd" AND (EventID:1000 OR ExceptionCode:0xc0000005)

📊 Metadata

CVE ID: CVE-2020-11190

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: March 17, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 Firmware by Qualcomm

Apq8009w Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8037 Firmware by Qualcomm

Apq8053 Firmware by Qualcomm

Apq8084 Firmware by Qualcomm

Apq8096au Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Ar8151 Firmware by Qualcomm

Csr6030 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Mdm8207 Firmware by Qualcomm

Mdm9150 Firmware by Qualcomm

Mdm9205 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9207 Firmware by Qualcomm

Mdm9230 Firmware by Qualcomm

Mdm9250 Firmware by Qualcomm

Mdm9330 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9630 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9645 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Mdm9655 Firmware by Qualcomm

Msm8108 Firmware by Qualcomm

Msm8208 Firmware by Qualcomm

Msm8209 Firmware by Qualcomm

Msm8608 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Msm8917 Firmware by Qualcomm

Msm8920 Firmware by Qualcomm

Msm8937 Firmware by Qualcomm

Msm8940 Firmware by Qualcomm

Msm8953 Firmware by Qualcomm

Msm8976 Firmware by Qualcomm

Msm8976sg Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Pm215 Firmware by Qualcomm

Pm3003a Firmware by Qualcomm

Pm4125 Firmware by Qualcomm

Pm4250 Firmware by Qualcomm

Pm439 Firmware by Qualcomm

Pm456 Firmware by Qualcomm

Pm6125 Firmware by Qualcomm

Pm6150 Firmware by Qualcomm

Pm6150a Firmware by Qualcomm

Pm6150l Firmware by Qualcomm

Pm6250 Firmware by Qualcomm

Pm640a Firmware by Qualcomm

Pm640l Firmware by Qualcomm

Pm640p Firmware by Qualcomm

Pm660 Firmware by Qualcomm

Pm660a Firmware by Qualcomm

Pm660l Firmware by Qualcomm

Pm670 Firmware by Qualcomm

Pm670l Firmware by Qualcomm

Pm7150a Firmware by Qualcomm

Pm7150l Firmware by Qualcomm

Pm7250 Firmware by Qualcomm

Pm7250b Firmware by Qualcomm

Pm8004 Firmware by Qualcomm

Pm8005 Firmware by Qualcomm

Pm8008 Firmware by Qualcomm

Pm8009 Firmware by Qualcomm

Pm8150 Firmware by Qualcomm

Pm8150a Firmware by Qualcomm

Pm8150b Firmware by Qualcomm

Pm8150c Firmware by Qualcomm

Pm8150l Firmware by Qualcomm

Pm8250 Firmware by Qualcomm

Pm855 Firmware by Qualcomm

Pm855a Firmware by Qualcomm

Pm855b Firmware by Qualcomm

Pm855l Firmware by Qualcomm