CVE-2020-11223

Q: What is the severity of CVE-2020-11223?

CVE-2020-11223 has a CVSS score of 7.8 (HIGH). This vulnerability allows attackers to execute arbitrary code or cause denial of service by exploiting an out-of-bounds write in Qualcomm camera drivers. It affects devices using Snapdragon processors across automotive, compute, consumer IoT, industrial IoT, mobile, and wearable platforms.

7.8 HIGH

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code or cause denial of service by exploiting an out-of-bounds write in Qualcomm camera drivers. It affects devices using Snapdragon processors across automotive, compute, consumer IoT, industrial IoT, mobile, and wearable platforms.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Wearables

Versions: Multiple Snapdragon chipset versions

Operating Systems: Android, Linux-based embedded systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with Qualcomm camera hardware and vulnerable driver versions. Requires local access or malicious app installation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise with kernel-level privileges leading to persistent backdoor installation, data theft, or complete device control.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated permissions, potentially leading to data access or further system compromise.

🟢

If Mitigated

Limited impact with proper sandboxing and SELinux policies, potentially resulting only in application crashes.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access or malicious app with camera permissions. No public exploit code available as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Varies by device manufacturer and chipset

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for security updates. 2. Apply latest firmware/OS updates. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Camera Permission Restriction

android

Restrict camera access to trusted applications only

SELinux Enforcement

linux

Ensure SELinux is in enforcing mode to limit impact

getenforce

🧯 If You Can't Patch

Isolate affected devices from critical networks
Implement application allowlisting to prevent malicious app installation

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against manufacturer security bulletins

Check Version:

adb shell getprop ro.build.fingerprint (Android) or cat /proc/version (Linux)

Verify Fix Applied:

Verify security patch level includes February 2021 or later Qualcomm updates

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Camera service crashes
Permission escalation attempts

Network Indicators:

Unusual outbound connections from camera-related processes

SIEM Query:

Process:name=camera AND EventID=1000 OR EventID=41

📊 Metadata

CVE ID: CVE-2020-11223

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: February 22, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Aqt1000 Firmware by Qualcomm

Pm3003a Firmware by Qualcomm

Pm456 Firmware by Qualcomm

Pm6150 Firmware by Qualcomm

Pm6150a Firmware by Qualcomm

Pm6150l Firmware by Qualcomm

Pm6250 Firmware by Qualcomm

Pm6350 Firmware by Qualcomm

Pm660 Firmware by Qualcomm

Pm660a Firmware by Qualcomm

Pm660l Firmware by Qualcomm

Pm7150a Firmware by Qualcomm

Pm7150l Firmware by Qualcomm

Pm7250 Firmware by Qualcomm

Pm7250b Firmware by Qualcomm

Pm7350c Firmware by Qualcomm

Pm8004 Firmware by Qualcomm

Pm8008 Firmware by Qualcomm

Pm8009 Firmware by Qualcomm

Pm8150a Firmware by Qualcomm

Pm8150b Firmware by Qualcomm

Pm8150c Firmware by Qualcomm

Pm8150l Firmware by Qualcomm

Pm8250 Firmware by Qualcomm

Pm8350 Firmware by Qualcomm

Pm8350b Firmware by Qualcomm

Pm8350bh Firmware by Qualcomm

Pm8350bhs Firmware by Qualcomm

Pm8350c Firmware by Qualcomm

Pm855 Firmware by Qualcomm

Pm855b Firmware by Qualcomm

Pm855l Firmware by Qualcomm

Pm855p Firmware by Qualcomm

Pmi632 Firmware by Qualcomm

Pmk7350 Firmware by Qualcomm

Pmk8002 Firmware by Qualcomm

Pmk8003 Firmware by Qualcomm

Pmk8350 Firmware by Qualcomm

Pmr735a Firmware by Qualcomm

Pmr735b Firmware by Qualcomm

Pmx50 Firmware by Qualcomm

Pmx55 Firmware by Qualcomm

Qat3514 Firmware by Qualcomm

Qat3516 Firmware by Qualcomm

Qat3518 Firmware by Qualcomm

Qat3519 Firmware by Qualcomm

Qat3522 Firmware by Qualcomm

Qat3550 Firmware by Qualcomm

Qat3555 Firmware by Qualcomm

Qat5515 Firmware by Qualcomm

Qat5516 Firmware by Qualcomm

Qat5522 Firmware by Qualcomm

Qat5533 Firmware by Qualcomm

Qat5568 Firmware by Qualcomm

Qbt1500 Firmware by Qualcomm

Qbt2000 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6584au Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qcs410 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qdm2301 Firmware by Qualcomm

Qdm2305 Firmware by Qualcomm

Qdm2307 Firmware by Qualcomm

Qdm2308 Firmware by Qualcomm

Qdm2310 Firmware by Qualcomm

Qdm3301 Firmware by Qualcomm

Qdm3302 Firmware by Qualcomm

Qdm4643 Firmware by Qualcomm

Qdm4650 Firmware by Qualcomm

Qdm5579 Firmware by Qualcomm

Qdm5620 Firmware by Qualcomm