CVE-2020-11215

Q: What is the severity of CVE-2020-11215?

CVE-2020-11215 has a CVSS score of 9.1 (CRITICAL). CVE-2020-11215 is an out-of-bounds read vulnerability in Qualcomm Snapdragon chipsets due to improper length validation when processing VSA attributes. This allows attackers to read memory beyond allocated buffers, potentially exposing sensitive information. Affected devices include those using Snapdragon Auto, Compute, Connectivity, Mobile, and other Qualcomm platforms.

9.1 CRITICAL

📋 TL;DR

CVE-2020-11215 is an out-of-bounds read vulnerability in Qualcomm Snapdragon chipsets due to improper length validation when processing VSA attributes. This allows attackers to read memory beyond allocated buffers, potentially exposing sensitive information. Affected devices include those using Snapdragon Auto, Compute, Connectivity, Mobile, and other Qualcomm platforms.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer Electronics Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wired Infrastructure and Networking

Versions: Multiple Snapdragon chipset versions prior to December 2020 security updates

Operating Systems: Android, Linux-based systems using affected Snapdragon chipsets

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in firmware/hardware layer, affecting all devices with vulnerable chipsets regardless of OS configuration

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or persistent backdoor installation

🟠

Likely Case

Information disclosure including memory contents, potential denial of service through system crashes

🟢

If Mitigated

Limited impact with proper network segmentation and exploit mitigations, though information disclosure still possible

🌐 Internet-Facing: HIGH - Many affected devices are internet-connected (mobile, IoT, automotive)

🏢 Internal Only: MEDIUM - Requires network access to vulnerable services, but internal systems may be exposed

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted VSA attributes to vulnerable services, but specific exploit details are not publicly documented

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: December 2020 security updates and later

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for available firmware updates. 2. Apply December 2020 or later security patches from device OEM. 3. Reboot device after update installation. 4. Verify patch installation through device settings.

🔧 Temporary Workarounds

Network segmentation

all

Isolate affected devices from untrusted networks and limit access to vulnerable services

Service restriction

linux

Disable unnecessary services using VSA attribute processing if possible

🧯 If You Can't Patch

Segment affected devices in isolated network zones with strict access controls
Implement network monitoring for unusual VSA attribute traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer's security bulletin. Use 'getprop ro.build.fingerprint' on Android devices to check build date.

Check Version:

Android: 'getprop ro.build.version.security_patch'. Linux: Check manufacturer firmware version documentation.

Verify Fix Applied:

Verify device has December 2020 or later security patch level. Check Android security patch level in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

System crashes related to VSA processing
Memory access violation logs
Unexpected service restarts

Network Indicators:

Unusual VSA attribute traffic patterns
Multiple connection attempts to vulnerable services
Anomalous packet sizes in VSA communications

SIEM Query:

source="*kernel*" AND ("VSA" OR "out of bounds" OR "memory violation") OR dest_port IN [vulnerable_service_ports] AND packet_size > threshold

📊 Metadata

CVE ID: CVE-2020-11215

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE: CWE-125

Published: January 21, 2021

Last Updated: November 21, 2024

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 by Qualcomm

Ar8031 by Qualcomm

Ar8035 by Qualcomm

Ar9380 by Qualcomm

Csr8811 by Qualcomm

Csra6620 by Qualcomm

Csra6640 by Qualcomm

Csrb31024 by Qualcomm

Ipq4018 by Qualcomm

Ipq4028 by Qualcomm

Ipq4029 by Qualcomm

Ipq5010 by Qualcomm

Ipq5018 by Qualcomm

Ipq6000 by Qualcomm

Ipq6010 by Qualcomm

Ipq6018 by Qualcomm

Ipq6028 by Qualcomm

Ipq8064 by Qualcomm

Ipq8069 by Qualcomm

Ipq8070 by Qualcomm

Ipq8070a by Qualcomm

Ipq8071 by Qualcomm

Ipq8071a by Qualcomm

Ipq8072 by Qualcomm

Ipq8072a by Qualcomm

Ipq8074 by Qualcomm

Ipq8074a by Qualcomm

Ipq8076 by Qualcomm

Ipq8076a by Qualcomm

Ipq8078 by Qualcomm

Ipq8078a by Qualcomm

Ipq8173 by Qualcomm

Ipq8174 by Qualcomm

Pm3003a by Qualcomm

Pm4125 by Qualcomm

Pm456 by Qualcomm

Pm6125 by Qualcomm

Pm6150 by Qualcomm

Pm6150a by Qualcomm

Pm6150l by Qualcomm

Pm6250 by Qualcomm

Pm6350 by Qualcomm

Pm640a by Qualcomm

Pm640l by Qualcomm

Pm640p by Qualcomm

Pm660 by Qualcomm

Pm660a by Qualcomm

Pm660l by Qualcomm

Pm670 by Qualcomm

Pm670a by Qualcomm

Pm670l by Qualcomm

Pm7150a by Qualcomm

Pm7150l by Qualcomm

Pm7250 by Qualcomm

Pm7250b by Qualcomm

Pm8004 by Qualcomm

Pm8005 by Qualcomm

Pm8008 by Qualcomm

Pm8009 by Qualcomm

Pm8150 by Qualcomm

Pm8150a by Qualcomm

Pm8150b by Qualcomm

Pm8150c by Qualcomm

Pm8150l by Qualcomm

Pm8250 by Qualcomm

Pm8350 by Qualcomm

Pm8350b by Qualcomm

Pm8350bh by Qualcomm

Pm8350c by Qualcomm

Pm855 by Qualcomm

Pm855a by Qualcomm

Pm855b by Qualcomm

Pm855l by Qualcomm

Pm855p by Qualcomm

Pm8998 by Qualcomm

Pmc1000h by Qualcomm

Pmd9655 by Qualcomm