CVE-2020-11206

Q: What is the severity of CVE-2020-11206?

CVE-2020-11206 has a CVSS score of 7.8 (HIGH). CVE-2020-11206 is a buffer overflow vulnerability in Qualcomm's FastRPC component that allows attackers to execute arbitrary code or cause denial of service. The vulnerability affects numerous Qualcomm Snapdragon chipsets across automotive, mobile, compute, and IoT devices. Attackers can exploit this by sending specially crafted parameters to trigger memory corruption.

7.8 HIGH

Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2020-11206 is a buffer overflow vulnerability in Qualcomm's FastRPC component that allows attackers to execute arbitrary code or cause denial of service. The vulnerability affects numerous Qualcomm Snapdragon chipsets across automotive, mobile, compute, and IoT devices. Attackers can exploit this by sending specially crafted parameters to trigger memory corruption.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile

Versions: All versions prior to security patches released in November 2020

Operating Systems: Android, Linux-based systems using affected Qualcomm chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Affects specific chip models including APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing remote code execution with kernel privileges, enabling complete control over affected devices.

🟠

Likely Case

Local privilege escalation from user space to kernel space, allowing attackers to bypass security controls and gain elevated access.

🟢

If Mitigated

Denial of service or application crashes if exploit attempts are detected and blocked by security controls.

🌐 Internet-Facing: MEDIUM - Exploitation typically requires local access, but could be combined with other vulnerabilities for remote attacks.

🏢 Internal Only: HIGH - Local attackers or malicious apps can exploit this vulnerability to escalate privileges and compromise devices.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access or ability to execute code on the device. The vulnerability was demonstrated at Pwn2Own 2021 and detailed in public research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security patches released in November 2020 and later

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for available firmware updates. 2. Apply the latest security patches from Qualcomm. 3. Reboot device after patch installation. 4. Verify patch application through version checks.

🔧 Temporary Workarounds

Restrict FastRPC access

linux

Limit which applications can access FastRPC interfaces through SELinux policies or application sandboxing

# Configure SELinux policies to restrict FastRPC access
# Review and restrict application permissions

🧯 If You Can't Patch

Implement strict application vetting and only allow trusted applications to run on affected devices
Deploy runtime application self-protection (RASP) or memory protection solutions to detect buffer overflow attempts

🔍 How to Verify

Check if Vulnerable:

Check device firmware version and compare against patched versions in Qualcomm's November 2020 security bulletin

Check Version:

adb shell getprop ro.build.version.security_patch (for Android devices)

Verify Fix Applied:

Verify that security patch level is November 2020 or later and check for specific FastRPC component updates

📡 Detection & Monitoring

Log Indicators:

Unexpected FastRPC process crashes
Memory access violations in kernel logs
Suspicious privilege escalation attempts

Network Indicators:

Unusual inter-process communication patterns
Abnormal FastRPC interface usage

SIEM Query:

source="kernel" AND ("segmentation fault" OR "buffer overflow" OR "FastRPC")

📊 Metadata

CVE ID: CVE-2020-11206

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Published: November 12, 2020

Last Updated: November 21, 2024

🔗 References

https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/ Third Party Advisory
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ Exploit,Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin Vendor Advisory
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/ Third Party Advisory
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ Exploit,Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8098 Firmware by Qualcomm

Msm8998 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qsm8250 Firmware by Qualcomm

Qsm8350 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sc7180 Firmware by Qualcomm

Sda640 Firmware by Qualcomm

Sda660 Firmware by Qualcomm

Sda845 Firmware by Qualcomm

Sda855 Firmware by Qualcomm

Sdm640 Firmware by Qualcomm

Sdm660 Firmware by Qualcomm

Sdm830 Firmware by Qualcomm

Sdm845 Firmware by Qualcomm

Sdm850 Firmware by Qualcomm

Sdx50m Firmware by Qualcomm

Sdx55 Firmware by Qualcomm

Sdx55m Firmware by Qualcomm

Sm4250 Firmware by Qualcomm

Sm4250p Firmware by Qualcomm

Sm6115 Firmware by Qualcomm

Sm6115p Firmware by Qualcomm

Sm6125 Firmware by Qualcomm

Sm6150 Firmware by Qualcomm

Sm6150p Firmware by Qualcomm

Sm6250 Firmware by Qualcomm

Sm6250p Firmware by Qualcomm

Sm6350 Firmware by Qualcomm

Sm7125 Firmware by Qualcomm

Sm7150 Firmware by Qualcomm

Sm7150p Firmware by Qualcomm

Sm7225 Firmware by Qualcomm

Sm7250 Firmware by Qualcomm

Sm7250p Firmware by Qualcomm

Sm8150 Firmware by Qualcomm

Sm8150p Firmware by Qualcomm

Sm8250 Firmware by Qualcomm

Sm8350 Firmware by Qualcomm

Sm8350p Firmware by Qualcomm

Sxr2130 Firmware by Qualcomm

Sxr2130p Firmware by Qualcomm