CVE-2020-11217
7.8 HIGH
📋 TL;DR
This CVE describes a double free or invalid memory access vulnerability in Qualcomm's audio driver when reading Speaker Protection parameters. It affects Snapdragon Compute, Connectivity, Industrial IoT, and Mobile platforms. Successful exploitation could allow attackers to execute arbitrary code or cause denial of service.
💻 Affected Systems
Products:
- Snapdragon Compute
- Snapdragon Connectivity
- Snapdragon Industrial IOT
- Snapdragon Mobile
Versions: Specific affected versions not detailed in references; check Qualcomm advisory for exact versions
Operating Systems: Android, Linux-based systems using affected Snapdragon chips
Default Config Vulnerable:
⚠️ Yes
Notes: Vulnerability is in Qualcomm's audio driver code, affecting devices with specific Snapdragon chipsets. Exact device models depend on chipset implementation.
📦 What is this software?
Pm3003a by Qualcomm
Pm4125 by Qualcomm
Pm6125 by Qualcomm
Pm6150a by Qualcomm
Pm6150l by Qualcomm
Pm6350 by Qualcomm
Pm660 by Qualcomm
Pm660a by Qualcomm
Pm660l by Qualcomm
Pm7150a by Qualcomm
Pm7150l by Qualcomm
Pm7250 by Qualcomm
Pm7250b by Qualcomm
Pm7350c by Qualcomm
Pm8008 by Qualcomm
Pm8009 by Qualcomm
Pm8150a by Qualcomm
Pm8150b by Qualcomm
Pm8150c by Qualcomm
Pm8150l by Qualcomm
Pm8250 by Qualcomm
Pm8350 by Qualcomm
Pm8350b by Qualcomm
Pm8350bh by Qualcomm
Pm8350bhs by Qualcomm
Pm8350c by Qualcomm
Pmi632 by Qualcomm
Pmk7350 by Qualcomm
Pmk8002 by Qualcomm
Pmk8003 by Qualcomm
Pmk8350 by Qualcomm
Pmr525 by Qualcomm
Pmr735a by Qualcomm
Pmr735b by Qualcomm
Pmx55 by Qualcomm
Qat3514 by Qualcomm
Qat3516 by Qualcomm
Qat3518 by Qualcomm
Qat3519 by Qualcomm
Qat3522 by Qualcomm
Qat3550 by Qualcomm
Qat3555 by Qualcomm
Qat5515 by Qualcomm
Qat5516 by Qualcomm
Qat5522 by Qualcomm
Qat5533 by Qualcomm
Qat5568 by Qualcomm
Qbt2000 by Qualcomm
Qca6390 by Qualcomm
Qca6391 by Qualcomm
Qca6421 by Qualcomm
Qca6426 by Qualcomm
Qca6431 by Qualcomm
Qca6436 by Qualcomm
Qcm2290 by Qualcomm
Qcm4290 by Qualcomm
Qcs2290 by Qualcomm
Qcs4290 by Qualcomm
Qdm2301 by Qualcomm
Qdm2305 by Qualcomm
Qdm2307 by Qualcomm
Qdm2308 by Qualcomm
Qdm2310 by Qualcomm
Qdm3301 by Qualcomm
Qdm3302 by Qualcomm
Qdm4643 by Qualcomm
Qdm4650 by Qualcomm
Qdm5579 by Qualcomm
Qdm5620 by Qualcomm
Qdm5621 by Qualcomm
Qdm5650 by Qualcomm
Qdm5652 by Qualcomm
Qdm5670 by Qualcomm
Qdm5671 by Qualcomm
Qdm5677 by Qualcomm
Qdm5679 by Qualcomm
Qet4100 by Qualcomm
Qet4101 by Qualcomm
Qet5100 by Qualcomm
Qet5100m by Qualcomm
Qet6100 by Qualcomm
Qet6110 by Qualcomm
Qfs2530 by Qualcomm
Qfs2580 by Qualcomm
Qfs2608 by Qualcomm
Qfs2630 by Qualcomm
Qln4642 by Qualcomm
Qln4650 by Qualcomm
Qln5020 by Qualcomm
Qln5030 by Qualcomm
Qln5040 by Qualcomm
Qpa2625 by Qualcomm
Qpa4340 by Qualcomm
Qpa4360 by Qualcomm
Qpa5461 by Qualcomm
Qpa5580 by Qualcomm
Qpa5581 by Qualcomm
Qpa6560 by Qualcomm
Qpa8673 by Qualcomm
Qpa8686 by Qualcomm
Qpa8801 by Qualcomm
Qpa8802 by Qualcomm
Qpa8803 by Qualcomm
Qpa8821 by Qualcomm
Qpa8842 by Qualcomm
Qpm4621 by Qualcomm
Qpm4630 by Qualcomm
Qpm4640 by Qualcomm
Qpm4641 by Qualcomm
Qpm4650 by Qualcomm
Qpm5620 by Qualcomm
Qpm5621 by Qualcomm
Qpm5641 by Qualcomm
Qpm5657 by Qualcomm
Qpm5658 by Qualcomm
Qpm5670 by Qualcomm
Qpm5677 by Qualcomm
Qpm5679 by Qualcomm
Qpm5870 by Qualcomm
Qpm5875 by Qualcomm
Qpm6582 by Qualcomm
Qpm6585 by Qualcomm
Qpm6621 by Qualcomm
Qpm6670 by Qualcomm
Qpm8820 by Qualcomm
Qpm8830 by Qualcomm
Qpm8870 by Qualcomm
Qpm8895 by Qualcomm
Qsm7250 by Qualcomm
Qtc800h by Qualcomm
Qtc800s by Qualcomm
Qtc801s by Qualcomm
Qtm525 by Qualcomm
Rsw8577 by Qualcomm
Sd460 by Qualcomm
Sd660 by Qualcomm
Sd662 by Qualcomm
Sd6905g by Qualcomm
Sd750g by Qualcomm
Sd765 by Qualcomm
Sd765g by Qualcomm
Sd768g by Qualcomm
Sd8655g by Qualcomm
Sd8885g by Qualcomm
Sdr425 by Qualcomm
Sdr660 by Qualcomm
Sdr735 by Qualcomm
Sdr735g by Qualcomm
Sdr8250 by Qualcomm
Sdr865 by Qualcomm
Sdx55m by Qualcomm
Sdxr25g by Qualcomm
Sm4125 by Qualcomm
Sm4350 by Qualcomm
Sm7250p by Qualcomm
Sm7350 by Qualcomm
Smb1351 by Qualcomm
Smb1354 by Qualcomm
Smb1355 by Qualcomm
Smb1390 by Qualcomm
Smb1394 by Qualcomm
Smb1395 by Qualcomm
Smb1396 by Qualcomm
Smb1398 by Qualcomm
Smr525 by Qualcomm
Smr526 by Qualcomm
Smr545 by Qualcomm
Smr546 by Qualcomm
Wcd9335 by Qualcomm
Wcd9341 by Qualcomm
Wcd9370 by Qualcomm
Wcd9375 by Qualcomm
Wcd9380 by Qualcomm
Wcd9385 by Qualcomm
Wcn3910 by Qualcomm
Wcn3950 by Qualcomm
Wcn3980 by Qualcomm
Wcn3988 by Qualcomm
Wcn3990 by Qualcomm
Wcn3991 by Qualcomm
Wcn3998 by Qualcomm
Wcn6740 by Qualcomm
Wcn6750 by Qualcomm
Wcn6850 by Qualcomm
Wcn6851 by Qualcomm
Wcn6856 by Qualcomm
Wgr7640 by Qualcomm
Wsa8810 by Qualcomm
Wsa8815 by Qualcomm
Wsa8830 by Qualcomm
Wsa8835 by Qualcomm
Wtr2965 by Qualcomm
Wtr3925 by Qualcomm
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with kernel privileges leading to complete system compromise, data theft, or persistent backdoor installation.
Likely Case
Local privilege escalation allowing attackers to gain elevated privileges on affected devices, potentially leading to data access or further system manipulation.
If Mitigated
Denial of service through system crash or instability if memory corruption occurs but code execution fails.
🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH
🎯 Exploit Status
Public PoC:
✅ No
Weaponized:
UNKNOWN
Unauthenticated Exploit:
✅ No
Complexity:
MEDIUM
Exploitation requires local access to trigger the vulnerable audio driver function. No public exploit code was mentioned in the references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check device manufacturer for specific patch versions
Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin
Restart Required: Yes
Instructions:
1. Check with device manufacturer for available security updates. 2. Apply the latest firmware/OS update from your device manufacturer. 3. Reboot device after update installation.
🔧 Temporary Workarounds
Disable vulnerable audio features
allIf possible, disable Speaker Protection or related audio features that trigger the vulnerable code path
Device-specific commands would vary by manufacturer
🧯 If You Can't Patch
- Restrict physical and network access to affected devices
- Implement strict application control to prevent unauthorized processes from accessing audio subsystems
🔍 How to Verify
Check if Vulnerable:
Check device chipset model and firmware version against Qualcomm's advisory. Use 'getprop ro.boot.hardware' or similar commands on Android devices.Check Version:
Android: 'getprop ro.build.fingerprint' or 'getprop ro.build.version.security_patch'Verify Fix Applied:
Verify firmware version has been updated to a version after December 2020 that includes the Qualcomm security patch.📡 Detection & Monitoring
Log Indicators:
- Kernel panic logs
- Audio driver crash reports
- Memory corruption warnings in system logs
Network Indicators:
- Unusual local process attempting audio driver interactions
SIEM Query:
Search for kernel panic events or audio service crashes on affected devices