CVE-2020-11225

Q: What is the severity of CVE-2020-11225?

CVE-2020-11225 has a CVSS score of 9.8 (CRITICAL). CVE-2020-11225 is a buffer overflow vulnerability in Qualcomm WLAN drivers affecting numerous Snapdragon platforms. Attackers can exploit this by sending specially crafted packets to trigger out-of-bounds memory access, potentially leading to remote code execution or system crashes. This affects devices across automotive, mobile, IoT, and networking sectors using vulnerable Snapdragon chipsets.

9.8 CRITICAL

📋 TL;DR

CVE-2020-11225 is a buffer overflow vulnerability in Qualcomm WLAN drivers affecting numerous Snapdragon platforms. Attackers can exploit this by sending specially crafted packets to trigger out-of-bounds memory access, potentially leading to remote code execution or system crashes. This affects devices across automotive, mobile, IoT, and networking sectors using vulnerable Snapdragon chipsets.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer Electronics Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wired Infrastructure and Networking

Versions: Specific chipset versions not detailed in public advisory; affected by driver implementations before December 2020 patches

Operating Systems: Android, Linux-based embedded systems, Automotive OS variants

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in WLAN driver firmware; all devices with affected Snapdragon chipsets and unpatched drivers are vulnerable regardless of OS configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges, allowing complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service through system crashes or instability, with potential for limited code execution in constrained environments.

🟢

If Mitigated

System remains stable with proper patching; attackers cannot exploit the vulnerability to gain unauthorized access.

🌐 Internet-Facing: HIGH - WLAN interfaces are typically exposed to network traffic, making remote exploitation possible without physical access.

🏢 Internal Only: MEDIUM - Internal network access still provides attack vectors, though typically with more limited scope than internet-facing exposure.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious WLAN packets but doesn't require authentication. No public exploit code has been disclosed as of knowledge cutoff.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Driver updates included in December 2020 security bulletins

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided driver patches through OEM updates. 3. Reboot device after update installation. 4. Verify patch application through version checks.

🔧 Temporary Workarounds

Disable WLAN Interface

linux

Temporarily disable wireless networking to prevent exploitation until patches can be applied

nmcli radio wifi off
ip link set wlan0 down
ifconfig wlan0 down

Network Segmentation

all

Isolate vulnerable devices on separate network segments with strict firewall rules

🧯 If You Can't Patch

Implement strict network access controls to limit WLAN traffic to trusted sources only
Deploy intrusion detection systems to monitor for anomalous WLAN packet patterns

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm's December 2020 security bulletin; devices with Snapdragon chipsets and pre-December 2020 WLAN drivers are likely vulnerable.

Check Version:

cat /sys/class/net/wlan0/device/firmware_version (Linux) or check device settings > about phone > baseband version (Android)

Verify Fix Applied:

Verify firmware version has been updated post-December 2020; check with manufacturer for specific patch verification procedures.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
WLAN driver crash reports
Unexpected system reboots
Memory access violation errors in system logs

Network Indicators:

Unusual WLAN packet patterns
Malformed 802.11 frames
Excessive retransmission attempts
Anomalous broadcast/multicast traffic

SIEM Query:

source="kernel" AND ("panic" OR "oops" OR "segfault") AND ("wlan" OR "wireless" OR "802.11")

📊 Metadata

CVE ID: CVE-2020-11225

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: January 21, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin Broken Link
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin Patch,Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin Broken Link

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8064au by Qualcomm

Apq8096au by Qualcomm

Aqt1000 by Qualcomm

Ar8031 by Qualcomm

Ar8035 by Qualcomm

Ar9380 by Qualcomm

Csr8811 by Qualcomm

Csra6620 by Qualcomm

Csra6640 by Qualcomm

Csrb31024 by Qualcomm

Fsm10055 by Qualcomm

Fsm10056 by Qualcomm

Ipq4018 by Qualcomm

Ipq4019 by Qualcomm

Ipq4028 by Qualcomm

Ipq4029 by Qualcomm

Ipq5010 by Qualcomm

Ipq5018 by Qualcomm

Ipq6000 by Qualcomm

Ipq6005 by Qualcomm

Ipq6010 by Qualcomm

Ipq6018 by Qualcomm

Ipq6028 by Qualcomm

Ipq8064 by Qualcomm

Ipq8065 by Qualcomm

Ipq8068 by Qualcomm

Ipq8069 by Qualcomm

Ipq8070 by Qualcomm

Ipq8070a by Qualcomm

Ipq8071 by Qualcomm

Ipq8071a by Qualcomm

Ipq8072 by Qualcomm

Ipq8072a by Qualcomm

Ipq8074 by Qualcomm

Ipq8074a by Qualcomm

Ipq8076 by Qualcomm

Ipq8076a by Qualcomm

Ipq8078 by Qualcomm

Ipq8078a by Qualcomm

Ipq8173 by Qualcomm

Ipq8174 by Qualcomm

Mdm9650 by Qualcomm

Msm8996au by Qualcomm

Pm3003a by Qualcomm

Pm4125 by Qualcomm

Pm456 by Qualcomm

Pm6125 by Qualcomm

Pm6150 by Qualcomm

Pm6150a by Qualcomm

Pm6150l by Qualcomm

Pm6250 by Qualcomm

Pm6350 by Qualcomm

Pm640a by Qualcomm

Pm640l by Qualcomm

Pm640p by Qualcomm

Pm660 by Qualcomm

Pm660a by Qualcomm

Pm660l by Qualcomm

Pm7150a by Qualcomm

Pm7150l by Qualcomm

Pm7250 by Qualcomm

Pm7250b by Qualcomm

Pm7350c by Qualcomm

Pm8004 by Qualcomm

Pm8005 by Qualcomm

Pm8008 by Qualcomm

Pm8009 by Qualcomm

Pm8150 by Qualcomm

Pm8150a by Qualcomm

Pm8150b by Qualcomm

Pm8150c by Qualcomm

Pm8150l by Qualcomm

Pm8250 by Qualcomm

Pm8350 by Qualcomm

Pm8350b by Qualcomm

Pm8350bh by Qualcomm

Pm8350bhs by Qualcomm