CVE-2020-11241

Q: What is the severity of CVE-2020-11241?

CVE-2020-11241 has a CVSS score of 7.5 (HIGH). This vulnerability allows an attacker to trigger an out-of-bounds read in Qualcomm Snapdragon chipsets when processing EAPOL keys with insufficient length in NAN shared key descriptor attributes. This affects numerous Snapdragon-powered devices across automotive, mobile, IoT, and networking segments. Attackers could potentially read adjacent memory contents.

7.5 HIGH

📋 TL;DR

This vulnerability allows an attacker to trigger an out-of-bounds read in Qualcomm Snapdragon chipsets when processing EAPOL keys with insufficient length in NAN shared key descriptor attributes. This affects numerous Snapdragon-powered devices across automotive, mobile, IoT, and networking segments. Attackers could potentially read adjacent memory contents.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer Electronics Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon IoT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wired Infrastructure and Networking

Versions: Specific chipset versions not detailed in bulletin; affected by firmware/driver implementations

Operating Systems: Android, Linux-based embedded systems, Other Qualcomm-supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in wireless/Wi-Fi subsystem handling; devices must have Wi-Fi/NAN capabilities enabled.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of sensitive memory contents, potential system crash, or remote code execution if combined with other vulnerabilities.

🟠

Likely Case

System instability, denial of service, or limited information disclosure from adjacent memory regions.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls preventing malicious EAPOL packets.

🌐 Internet-Facing: MEDIUM - Requires network access and ability to send crafted EAPOL packets, but many affected devices may have wireless interfaces exposed.

🏢 Internal Only: HIGH - Internal attackers with network access could exploit this more easily against vulnerable devices on the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted EAPOL packets to vulnerable devices; attacker needs network proximity/access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates from device manufacturers/OEMs

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM update channels. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Disable Wi-Fi/NAN features

all

Temporarily disable Wi-Fi and NAN (Neighbor Awareness Networking) capabilities if not required.

Device-specific commands vary by platform; typically through network settings or configuration files.

Network segmentation

all

Isolate vulnerable devices on separate network segments with strict access controls.

Configure firewall rules to restrict EAPOL traffic to trusted sources only.

🧯 If You Can't Patch

Implement strict network access controls to limit who can send EAPOL packets to vulnerable devices.
Monitor network traffic for anomalous EAPOL packets and implement intrusion detection rules.

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer security bulletins; examine Qualcomm chipset model and driver versions.

Check Version:

Device-specific commands (e.g., on Android: 'getprop ro.build.fingerprint' or check Settings > About phone)

Verify Fix Applied:

Verify firmware version has been updated to a version listed as patched by the device manufacturer.

📡 Detection & Monitoring

Log Indicators:

System crashes or reboots related to Wi-Fi/wireless drivers
Kernel panic logs mentioning EAPOL or NAN processing

Network Indicators:

Unusual EAPOL packet patterns or malformed key exchanges on wireless networks

SIEM Query:

Example: 'event_category:"wireless" AND (EAPOL OR NAN) AND (error OR crash OR malformed)'

📊 Metadata

CVE ID: CVE-2020-11241

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: June 9, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 Firmware by Qualcomm

Apq8096au Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Ar8031 Firmware by Qualcomm

Ar8035 Firmware by Qualcomm

Ar9380 Firmware by Qualcomm

Csr8811 Firmware by Qualcomm

Csra6620 Firmware by Qualcomm

Csra6640 Firmware by Qualcomm

Csrb31024 Firmware by Qualcomm

Ipq4018 Firmware by Qualcomm

Ipq4028 Firmware by Qualcomm

Ipq4029 Firmware by Qualcomm

Ipq5010 Firmware by Qualcomm

Ipq5018 Firmware by Qualcomm

Ipq6000 Firmware by Qualcomm

Ipq6005 Firmware by Qualcomm

Ipq6010 Firmware by Qualcomm

Ipq6018 Firmware by Qualcomm

Ipq6028 Firmware by Qualcomm

Ipq8064 Firmware by Qualcomm

Ipq8069 Firmware by Qualcomm

Ipq8070 Firmware by Qualcomm

Ipq8070a Firmware by Qualcomm

Ipq8071 Firmware by Qualcomm

Ipq8071a Firmware by Qualcomm

Ipq8072 Firmware by Qualcomm

Ipq8072a Firmware by Qualcomm

Ipq8074 Firmware by Qualcomm

Ipq8074a Firmware by Qualcomm

Ipq8076 Firmware by Qualcomm

Ipq8076a Firmware by Qualcomm

Ipq8078 Firmware by Qualcomm

Ipq8078a Firmware by Qualcomm

Ipq8173 Firmware by Qualcomm

Ipq8174 Firmware by Qualcomm

Mdm9250 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9626 Firmware by Qualcomm

Mdm9628 Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Mdm9655 Firmware by Qualcomm

Msm8994 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Pm3003a Firmware by Qualcomm

Pm4125 Firmware by Qualcomm

Pm456 Firmware by Qualcomm

Pm6125 Firmware by Qualcomm

Pm6150 Firmware by Qualcomm

Pm6150a Firmware by Qualcomm

Pm6150l Firmware by Qualcomm

Pm6250 Firmware by Qualcomm

Pm6350 Firmware by Qualcomm

Pm640a Firmware by Qualcomm

Pm640l Firmware by Qualcomm

Pm640p Firmware by Qualcomm

Pm660 Firmware by Qualcomm

Pm660a Firmware by Qualcomm

Pm660l Firmware by Qualcomm

Pm670 Firmware by Qualcomm

Pm670a Firmware by Qualcomm

Pm670l Firmware by Qualcomm

Pm7150a Firmware by Qualcomm

Pm7150l Firmware by Qualcomm

Pm7250 Firmware by Qualcomm

Pm7250b Firmware by Qualcomm

Pm8004 Firmware by Qualcomm

Pm8005 Firmware by Qualcomm

Pm8008 Firmware by Qualcomm

Pm8009 Firmware by Qualcomm

Pm8150 Firmware by Qualcomm

Pm8150a Firmware by Qualcomm

Pm8150b Firmware by Qualcomm

Pm8150c Firmware by Qualcomm

Pm8150l Firmware by Qualcomm

Pm8250 Firmware by Qualcomm