CVE-2020-11197

Q: What is the severity of CVE-2020-11197?

CVE-2020-11197 has a CVSS score of 9.8 (CRITICAL). This CVE describes an integer overflow vulnerability in Qualcomm Snapdragon chipsets when parsing malformed TS clip data with zero streams. Successful exploitation could allow remote code execution or denial of service. Affected devices include various Snapdragon-based automotive, mobile, IoT, and wearable products.

9.8 CRITICAL

Remote Code Execution Denial of Service

📋 TL;DR

This CVE describes an integer overflow vulnerability in Qualcomm Snapdragon chipsets when parsing malformed TS clip data with zero streams. Successful exploitation could allow remote code execution or denial of service. Affected devices include various Snapdragon-based automotive, mobile, IoT, and wearable products.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables

Versions: Specific chipset versions not detailed in bulletin; refer to Qualcomm security bulletin for exact affected versions.

Operating Systems: Android, Linux-based embedded systems, Other Qualcomm-supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability triggers when parsing TS (Transport Stream) media files with invalid data and zero streams. Affects devices using vulnerable Snapdragon chipsets regardless of OS layer.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker gains full control of affected device, potentially leading to data theft, persistent backdoor installation, or device bricking.

🟠

Likely Case

Remote denial of service causing device crashes or instability, potentially requiring physical reset.

🟢

If Mitigated

With proper network segmentation and input validation, impact limited to isolated systems with minimal data exposure.

🌐 Internet-Facing: HIGH - Affects devices that process media streams from untrusted sources, common in mobile and IoT devices.

🏢 Internal Only: MEDIUM - Lower risk if devices only process trusted internal media streams, but still vulnerable to insider threats.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious TS media files. No public exploit code known, but CVSS 9.8 suggests high attack feasibility.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to device manufacturer updates; Qualcomm provided fixes to OEMs in December 2020.

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply latest security patches from device vendor. 3. Reboot device after update. 4. Verify patch installation through version checks.

🔧 Temporary Workarounds

Disable untrusted media processing

all

Restrict media file parsing from untrusted sources via application controls.

Network segmentation

all

Isolate affected devices from untrusted networks to limit attack surface.

🧯 If You Can't Patch

Segment affected devices on isolated network segments
Implement strict input validation for media files from external sources

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer's patched versions. Use 'getprop ro.build.fingerprint' on Android devices to identify chipset.

Check Version:

Android: 'getprop ro.build.version.security_patch'. Linux: Check /proc/cpuinfo for chipset details.

Verify Fix Applied:

Confirm firmware version matches or exceeds patched version from manufacturer advisory. Test with known safe TS files.

📡 Detection & Monitoring

Log Indicators:

Unexpected process crashes in media parsing services
Kernel panic logs related to memory corruption
Abnormal TS file processing errors

Network Indicators:

Unusual media file transfers to affected devices
Network traffic spikes followed by device unresponsiveness

SIEM Query:

source="device_logs" AND ("TS parser" OR "media crash") AND severity=HIGH

📊 Metadata

CVE ID: CVE-2020-11197

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: January 21, 2021

Last Updated: November 21, 2024

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 by Qualcomm

Apq8009w by Qualcomm

Apq8017 by Qualcomm

Apq8037 by Qualcomm

Apq8053 by Qualcomm

Apq8064au by Qualcomm

Apq8096au by Qualcomm

Aqt1000 by Qualcomm

Ar8031 by Qualcomm

Ar8151 by Qualcomm

Csra6620 by Qualcomm

Csra6640 by Qualcomm

Mdm9206 by Qualcomm

Mdm9650 by Qualcomm

Msm8909w by Qualcomm

Msm8917 by Qualcomm

Msm8920 by Qualcomm

Msm8937 by Qualcomm

Msm8940 by Qualcomm

Msm8953 by Qualcomm

Msm8996au by Qualcomm

Pm215 by Qualcomm

Pm3003a by Qualcomm

Pm4125 by Qualcomm

Pm439 by Qualcomm

Pm456 by Qualcomm

Pm6125 by Qualcomm

Pm6150 by Qualcomm

Pm6150a by Qualcomm

Pm6150l by Qualcomm

Pm6250 by Qualcomm

Pm6350 by Qualcomm

Pm640a by Qualcomm

Pm640l by Qualcomm

Pm640p by Qualcomm

Pm660 by Qualcomm

Pm660a by Qualcomm

Pm660l by Qualcomm

Pm670 by Qualcomm

Pm670a by Qualcomm

Pm670l by Qualcomm

Pm7150a by Qualcomm

Pm7150l by Qualcomm

Pm7250 by Qualcomm

Pm7250b by Qualcomm

Pm7350c by Qualcomm

Pm8004 by Qualcomm

Pm8005 by Qualcomm

Pm8008 by Qualcomm

Pm8009 by Qualcomm

Pm8150a by Qualcomm

Pm8150b by Qualcomm

Pm8150c by Qualcomm

Pm8150l by Qualcomm

Pm8250 by Qualcomm

Pm8350 by Qualcomm

Pm8350b by Qualcomm

Pm8350bh by Qualcomm

Pm8350bhs by Qualcomm

Pm8350c by Qualcomm

Pm855 by Qualcomm

Pm855b by Qualcomm

Pm855l by Qualcomm

Pm855p by Qualcomm

Pm8909 by Qualcomm

Pm8916 by Qualcomm

Pm8937 by Qualcomm

Pm8940 by Qualcomm

Pm8953 by Qualcomm

Pm8996 by Qualcomm

Pm8998 by Qualcomm

Pmd9607 by Qualcomm

Pmd9655 by Qualcomm

Pme605 by Qualcomm

Pmi632 by Qualcomm

Pmi8937 by Qualcomm

Pmi8952 by Qualcomm