CVE-2020-11202

Q: What is the severity of CVE-2020-11202?

CVE-2020-11202 has a CVSS score of 7.8 (HIGH). This CVE describes a buffer overflow/underflow vulnerability in Qualcomm Snapdragon chipsets where improper type casting leads to memory corruption. It affects numerous Snapdragon-powered devices across automotive, compute, IoT, and mobile platforms. Successful exploitation could allow attackers to execute arbitrary code or cause denial of service.

7.8 HIGH

Buffer Overflow

📋 TL;DR

This CVE describes a buffer overflow/underflow vulnerability in Qualcomm Snapdragon chipsets where improper type casting leads to memory corruption. It affects numerous Snapdragon-powered devices across automotive, compute, IoT, and mobile platforms. Successful exploitation could allow attackers to execute arbitrary code or cause denial of service.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile

Versions: Specific chipsets: QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA845, SDM640, SDM670, SDM710, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P

Operating Systems: Android, Linux-based automotive/embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability resides in Qualcomm's DSP library, affecting devices using these specific Snapdragon chipsets regardless of OS version.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation from user to kernel space, denial of service crashes, or information disclosure through memory leaks.

🟢

If Mitigated

Limited impact with proper memory protection mechanisms and exploit mitigations in place, potentially reduced to denial of service.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access or ability to execute code on the device. Demonstrated at Pwn2Own 2021 and detailed in Check Point research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm November 2020 security bulletin for specific patch versions per chipset

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM updates. 3. Reboot device after update installation. 4. Verify patch application through version checks.

🔧 Temporary Workarounds

Memory Protection Hardening

linux

Enable ASLR, DEP, and other memory protection features to reduce exploit reliability

echo 2 > /proc/sys/kernel/randomize_va_space
setprop ro.kernel.qemu 0

🧯 If You Can't Patch

Restrict physical and network access to affected devices
Implement application sandboxing and privilege separation to limit exploit impact

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's affected list

Check Version:

getprop ro.bootloader or cat /proc/cpuinfo | grep -i qualcomm

Verify Fix Applied:

Verify firmware version has been updated to post-November 2020 patches from device manufacturer

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
DSP service crashes
Memory access violation errors in system logs

Network Indicators:

Unusual outbound connections from DSP services
Anomalous inter-process communication patterns

SIEM Query:

source="kernel" AND ("panic" OR "oops") AND "dsp" OR source="system" AND "segmentation fault" AND "qualcomm"

📊 Metadata

CVE ID: CVE-2020-11202

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: November 12, 2020

Last Updated: November 21, 2024

🔗 References

https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/ Third Party Advisory
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ Exploit,Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin Broken Link,Vendor Advisory
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/ Third Party Advisory
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ Exploit,Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin Broken Link,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Qcm6125 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs603 Firmware by Qualcomm

Qcs605 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sda640 Firmware by Qualcomm

Sda670 Firmware by Qualcomm

Sda845 Firmware by Qualcomm

Sdm640 Firmware by Qualcomm

Sdm670 Firmware by Qualcomm

Sdm710 Firmware by Qualcomm

Sdm830 Firmware by Qualcomm

Sdm845 Firmware by Qualcomm

Sdx50m Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sm6125 Firmware by Qualcomm

Sm6150 Firmware by Qualcomm

Sm6150p Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Sm6250p Firmware by Qualcomm

Sm7125 Firmware by Qualcomm

Sm7150 Firmware by Qualcomm

Sm7150p Firmware by Qualcomm

Sm8150 Firmware by Qualcomm

Sm8150p Firmware by Qualcomm