CVE-2020-11212

Q: What is the severity of CVE-2020-11212?

CVE-2020-11212 has a CVSS score of 9.8 (CRITICAL). CVE-2020-11212 is a critical out-of-bounds read vulnerability in Qualcomm Snapdragon chipsets that allows attackers to read memory beyond allocated boundaries while parsing NAN beacons. This affects numerous Snapdragon product lines across automotive, mobile, IoT, and networking devices. Successful exploitation could lead to information disclosure or potentially remote code execution.

9.8 CRITICAL

📋 TL;DR

CVE-2020-11212 is a critical out-of-bounds read vulnerability in Qualcomm Snapdragon chipsets that allows attackers to read memory beyond allocated boundaries while parsing NAN beacons. This affects numerous Snapdragon product lines across automotive, mobile, IoT, and networking devices. Successful exploitation could lead to information disclosure or potentially remote code execution.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer Electronics Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon IoT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wired Infrastructure and Networking

Versions: Multiple chipset versions across these product lines (specific versions in Qualcomm advisory)

Operating Systems: Android, Linux-based embedded systems, Various RTOS implementations

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in firmware/hardware layer, affects devices with vulnerable Snapdragon chips regardless of OS configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Information disclosure including sensitive memory contents, potential denial of service, and system instability.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, potentially only denial of service.

🌐 Internet-Facing: HIGH - Affects wireless communication components that process external NAN beacons from untrusted sources.

🏢 Internal Only: MEDIUM - Requires proximity or network access, but internal attackers could exploit via crafted beacons.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious NAN beacons but doesn't require authentication. Complexity depends on specific chipset implementation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by device manufacturer - check with OEM for specific firmware updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM update channels. 3. Reboot device after update. 4. Verify patch installation.

🔧 Temporary Workarounds

Disable NAN functionality

all

Turn off Neighbor Awareness Networking features if not required

Device-specific commands vary by manufacturer

Network segmentation

all

Isolate vulnerable devices from untrusted networks

🧯 If You Can't Patch

Segment affected devices on isolated network segments
Implement strict network access controls and monitor for anomalous NAN beacon activity

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm advisory. Use 'getprop ro.boot.hardware' or similar on Android devices.

Check Version:

Android: 'getprop ro.build.version.security_patch' and 'getprop ro.boot.hardware'. Linux: Check /proc/cpuinfo and firmware version.

Verify Fix Applied:

Verify firmware version has been updated to manufacturer-provided patched version. Check Qualcomm security bulletin for specific fixed versions.

📡 Detection & Monitoring

Log Indicators:

Kernel panics
Memory access violation logs
WiFi/NAN subsystem crashes
Unexpected system reboots

Network Indicators:

Unusual NAN beacon patterns
Malformed wireless packets
Anomalous neighbor discovery traffic

SIEM Query:

Wireless logs containing NAN beacon parsing errors OR system logs with memory access violations in WiFi/NAN subsystems

📊 Metadata

CVE ID: CVE-2020-11212

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-125

Published: January 21, 2021

Last Updated: November 21, 2024

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 by Qualcomm

Apq8016 by Qualcomm

Apq8017 by Qualcomm

Apq8037 by Qualcomm

Apq8039 by Qualcomm

Apq8053 by Qualcomm

Apq8064au by Qualcomm

Apq8076 by Qualcomm

Apq8092 by Qualcomm

Apq8094 by Qualcomm

Apq8096au by Qualcomm

Aqt1000 by Qualcomm

Ar8031 by Qualcomm

Ar8035 by Qualcomm

Ar8151 by Qualcomm

Ar9380 by Qualcomm

Csr6030 by Qualcomm

Csr8811 by Qualcomm

Csra6620 by Qualcomm

Csra6640 by Qualcomm

Csrb31024 by Qualcomm

Ipq4018 by Qualcomm

Ipq4028 by Qualcomm

Ipq4029 by Qualcomm

Ipq5010 by Qualcomm

Ipq5018 by Qualcomm

Ipq6000 by Qualcomm

Ipq6005 by Qualcomm

Ipq6010 by Qualcomm

Ipq6018 by Qualcomm

Ipq6028 by Qualcomm

Ipq8064 by Qualcomm

Ipq8069 by Qualcomm

Ipq8070 by Qualcomm

Ipq8070a by Qualcomm

Ipq8071 by Qualcomm

Ipq8071a by Qualcomm

Ipq8072 by Qualcomm

Ipq8072a by Qualcomm

Ipq8074 by Qualcomm

Ipq8074a by Qualcomm

Ipq8076 by Qualcomm

Ipq8076a by Qualcomm

Ipq8078 by Qualcomm

Ipq8078a by Qualcomm

Ipq8173 by Qualcomm

Ipq8174 by Qualcomm

Mdm8215 by Qualcomm

Mdm9206 by Qualcomm

Mdm9215 by Qualcomm

Mdm9250 by Qualcomm

Mdm9310 by Qualcomm

Mdm9607 by Qualcomm

Mdm9615 by Qualcomm

Mdm9626 by Qualcomm

Mdm9628 by Qualcomm

Mdm9640 by Qualcomm

Mdm9645 by Qualcomm

Mdm9650 by Qualcomm

Mdm9655 by Qualcomm

Msm8108 by Qualcomm

Msm8208 by Qualcomm

Msm8209 by Qualcomm

Msm8608 by Qualcomm

Msm8916 by Qualcomm

Msm8917 by Qualcomm

Msm8920 by Qualcomm

Msm8929 by Qualcomm

Msm8937 by Qualcomm

Msm8939 by Qualcomm

Msm8940 by Qualcomm

Msm8953 by Qualcomm

Msm8976 by Qualcomm

Msm8992 by Qualcomm

Msm8994 by Qualcomm

Msm8996au by Qualcomm

Pm215 by Qualcomm