CVE-2020-11283

Q: What is the severity of CVE-2020-11283?

CVE-2020-11283 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows remote attackers to execute arbitrary code on affected devices by exploiting a buffer overflow in MKV video file processing. It affects Qualcomm Snapdragon chipsets across multiple product categories including automotive, mobile, IoT, and wearables. Attackers can trigger this by tricking users into playing a malicious MKV file.

9.8 CRITICAL

Remote Code Execution Buffer Overflow

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on affected devices by exploiting a buffer overflow in MKV video file processing. It affects Qualcomm Snapdragon chipsets across multiple product categories including automotive, mobile, IoT, and wearables. Attackers can trigger this by tricking users into playing a malicious MKV file.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables

Versions: Specific chipset versions not detailed in bulletin; affected by firmware versions prior to February 2021 patches

Operating Systems: Android, Linux-based embedded systems, QNX, Windows IoT

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using vulnerable Qualcomm firmware; exact device models depend on manufacturer implementation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root privileges, allowing attackers to install persistent malware, steal sensitive data, or brick devices.

🟠

Likely Case

Remote code execution leading to data theft, surveillance capabilities, or device takeover for botnet participation.

🟢

If Mitigated

Denial of service or application crash if exploit fails or security controls limit impact.

🌐 Internet-Facing: HIGH - Malicious MKV files can be delivered via web downloads, email attachments, or messaging apps.

🏢 Internal Only: MEDIUM - Internal file sharing or compromised internal systems could spread malicious files.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction to play malicious file, but no authentication needed once file is accessed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware updates released in February 2021 security bulletin

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM update channels. 3. Reboot device after update installation.

🔧 Temporary Workarounds

Disable MKV file playback

all

Block or restrict MKV file processing in media players

Device-specific configuration; consult manufacturer documentation

Application sandboxing

all

Run media players with reduced privileges to limit exploit impact

Implementation varies by OS and device

🧯 If You Can't Patch

Implement network filtering to block MKV files from untrusted sources
Use application allowlisting to restrict which apps can process media files

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against manufacturer's patched versions; examine if MKV playback is enabled

Check Version:

Device-specific commands (e.g., Android: 'getprop ro.build.version.security_patch')

Verify Fix Applied:

Confirm firmware version is post-February 2021 and test with known safe MKV files

📡 Detection & Monitoring

Log Indicators:

Media player crashes when processing MKV files
Unexpected process execution from media applications
Memory access violation errors in system logs

Network Indicators:

Downloads of MKV files from suspicious sources
Unusual outbound connections from media applications

SIEM Query:

Example: 'process:media.player AND (event:crash OR event:buffer_overflow)'

📊 Metadata

CVE ID: CVE-2020-11283

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: February 22, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 by Qualcomm

Apq8009w by Qualcomm

Apq8017 by Qualcomm

Apq8053 by Qualcomm

Apq8064au by Qualcomm

Apq8096au by Qualcomm

Aqt1000 by Qualcomm

Ar8031 by Qualcomm

Ar8151 by Qualcomm

Csra6620 by Qualcomm

Csra6640 by Qualcomm

Fsm10055 by Qualcomm

Fsm10056 by Qualcomm

Mdm9206 by Qualcomm

Mdm9650 by Qualcomm

Msm8909w by Qualcomm

Msm8917 by Qualcomm

Msm8937 by Qualcomm

Msm8953 by Qualcomm

Msm8996au by Qualcomm

Pm215 by Qualcomm

Pm3003a by Qualcomm

Pm4125 by Qualcomm

Pm439 by Qualcomm

Pm456 by Qualcomm

Pm6125 by Qualcomm

Pm6150 by Qualcomm

Pm6150a by Qualcomm

Pm6150l by Qualcomm

Pm6250 by Qualcomm

Pm6350 by Qualcomm

Pm640a by Qualcomm

Pm640l by Qualcomm

Pm640p by Qualcomm

Pm660 by Qualcomm

Pm660a by Qualcomm

Pm660l by Qualcomm

Pm670 by Qualcomm

Pm670a by Qualcomm

Pm670l by Qualcomm

Pm7150a by Qualcomm

Pm7150l by Qualcomm

Pm7250 by Qualcomm

Pm7250b by Qualcomm

Pm7350c by Qualcomm

Pm8004 by Qualcomm

Pm8005 by Qualcomm

Pm8008 by Qualcomm

Pm8009 by Qualcomm

Pm8150a by Qualcomm

Pm8150b by Qualcomm

Pm8150c by Qualcomm

Pm8150l by Qualcomm

Pm8250 by Qualcomm

Pm8350 by Qualcomm

Pm8350b by Qualcomm

Pm8350bh by Qualcomm

Pm8350bhs by Qualcomm

Pm8350c by Qualcomm

Pm855 by Qualcomm

Pm855b by Qualcomm

Pm855l by Qualcomm

Pm855p by Qualcomm

Pm8909 by Qualcomm

Pm8916 by Qualcomm

Pm8937 by Qualcomm

Pm8953 by Qualcomm

Pm8996 by Qualcomm

Pm8998 by Qualcomm

Pmd9607 by Qualcomm

Pmd9655 by Qualcomm

Pme605 by Qualcomm

Pmi632 by Qualcomm

Pmi8937 by Qualcomm

Pmi8952 by Qualcomm

Pmi8994 by Qualcomm

Pmi8996 by Qualcomm