CVE-2020-11268

Q: What is the severity of CVE-2020-11268?

CVE-2020-11268 has a CVSS score of 7.5 (HIGH). CVE-2020-11268 is a vulnerability in Qualcomm Snapdragon chipsets where processing a specially crafted System Information Block (SIB) message can cause a User Equipment (UE) reset, leading to denial of service. This affects automotive and mobile devices using vulnerable Snapdragon chipsets. Attackers could disrupt device connectivity by sending malicious SIB messages.

7.5 HIGH

Denial of Service

📋 TL;DR

CVE-2020-11268 is a vulnerability in Qualcomm Snapdragon chipsets where processing a specially crafted System Information Block (SIB) message can cause a User Equipment (UE) reset, leading to denial of service. This affects automotive and mobile devices using vulnerable Snapdragon chipsets. Attackers could disrupt device connectivity by sending malicious SIB messages.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Mobile

Versions: Multiple Snapdragon chipsets - specific versions detailed in Qualcomm advisory

Operating Systems: Android-based systems, Automotive OS platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Snapdragon chipsets regardless of OS configuration. The vulnerability is in the baseband processor firmware.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent denial of service causing complete loss of cellular connectivity on affected devices, potentially disrupting critical automotive systems or mobile communications.

🟠

Likely Case

Temporary service disruption requiring device reboot to restore connectivity, affecting user experience and device availability.

🟢

If Mitigated

Limited impact with proper network filtering and updated firmware, potentially preventing exploitation entirely.

🌐 Internet-Facing: MEDIUM - Requires proximity to target device for cellular network exploitation, but could be exploited via rogue base stations or network-level attacks.

🏢 Internal Only: LOW - Primarily affects cellular network interfaces rather than internal enterprise networks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires ability to send crafted SIB messages to target devices, which could be achieved through rogue base stations or network-level attacks. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to Qualcomm security bulletin for specific chipset firmware updates

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for firmware updates. 2. Apply Qualcomm-provided firmware patches. 3. Reboot device after update. 4. Verify patch installation through device settings.

🔧 Temporary Workarounds

Network filtering

all

Implement network-level filtering to block malicious SIB messages

Airplane mode toggle

all

Temporarily disable cellular radio when not needed to reduce attack surface

🧯 If You Can't Patch

Isolate affected devices from untrusted cellular networks when possible
Implement physical security controls to prevent proximity-based attacks

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and firmware version against Qualcomm advisory. Use device settings > About phone > Baseband version.

Check Version:

adb shell getprop gsm.version.baseband (for Android devices)

Verify Fix Applied:

Verify firmware version has been updated to patched version specified by device manufacturer.

📡 Detection & Monitoring

Log Indicators:

Unexpected UE resets
Baseband processor crashes
Cellular connection drops

Network Indicators:

Unusual SIB message patterns
Rogue base station detection

SIEM Query:

Search for baseband crash logs or cellular service interruption events in device logs

📊 Metadata

CVE ID: CVE-2020-11268

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

Published: May 7, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 by Qualcomm

Apq8016 by Qualcomm

Apq8074 by Qualcomm

Apq8084 by Qualcomm

Apq8094 by Qualcomm

Ar6003 by Qualcomm

Mdm8215 by Qualcomm

Mdm8215m by Qualcomm

Mdm8615m by Qualcomm

Mdm9215 by Qualcomm

Mdm9235m by Qualcomm

Mdm9310 by Qualcomm

Mdm9609 by Qualcomm

Mdm9615 by Qualcomm

Mdm9615m by Qualcomm

Mdm9635m by Qualcomm

Mdm9640 by Qualcomm

Mdm9645 by Qualcomm

Msm8108 by Qualcomm

Msm8208 by Qualcomm

Msm8209 by Qualcomm

Msm8216 by Qualcomm

Msm8274 by Qualcomm

Msm8608 by Qualcomm

Msm8674 by Qualcomm

Msm8916 by Qualcomm

Msm8929 by Qualcomm

Msm8939 by Qualcomm

Msm8974 by Qualcomm

Msm8974p by Qualcomm

Msm8994 by Qualcomm

Pm8018 by Qualcomm

Pm8841 by Qualcomm

Pm8909 by Qualcomm

Pm8916 by Qualcomm

Pm8941 by Qualcomm

Pm8994 by Qualcomm

Pmd9635 by Qualcomm

Pmd9645 by Qualcomm

Pmi8994 by Qualcomm

Qca1990 by Qualcomm

Qca6174 by Qualcomm

Qca6174a by Qualcomm

Qca6584 by Qualcomm

Qfe1035 by Qualcomm

Qfe1040 by Qualcomm

Qfe1045 by Qualcomm

Qfe1100 by Qualcomm

Qfe1101 by Qualcomm

Qfe1520 by Qualcomm

Qfe1550 by Qualcomm

Qfe2101 by Qualcomm

Qfe2310 by Qualcomm

Qfe2320 by Qualcomm

Qfe2330 by Qualcomm

Qfe2340 by Qualcomm

Qfe2520 by Qualcomm

Qfe2550 by Qualcomm

Qfe2720 by Qualcomm

Qfe3100 by Qualcomm

Qfe3320 by Qualcomm

Qfe3335 by Qualcomm

Qfe3340 by Qualcomm

Qfe3345 by Qualcomm

Sd210 by Qualcomm

Smb1360 by Qualcomm

Wcd9306 by Qualcomm

Wcd9330 by Qualcomm

Wcn3610 by Qualcomm

Wcn3620 by Qualcomm

Wcn3660 by Qualcomm

Wcn3660a by Qualcomm

Wcn3660b by Qualcomm

Wcn3680 by Qualcomm

Wcn3680b by Qualcomm

Wfr1620 by Qualcomm

Wgr7640 by Qualcomm