CVE-2020-11307

Q: What is the severity of CVE-2020-11307?

CVE-2020-11307 has a CVSS score of 9.8 (CRITICAL). A buffer overflow vulnerability in Qualcomm Snapdragon modem firmware allows attackers to execute arbitrary code or cause denial of service. This affects numerous Snapdragon-based devices across automotive, compute, connectivity, consumer IoT, industrial IoT, and wearables platforms. Attackers can exploit this by sending specially crafted packets to the modem.

9.8 CRITICAL

📋 TL;DR

A buffer overflow vulnerability in Qualcomm Snapdragon modem firmware allows attackers to execute arbitrary code or cause denial of service. This affects numerous Snapdragon-based devices across automotive, compute, connectivity, consumer IoT, industrial IoT, and wearables platforms. Attackers can exploit this by sending specially crafted packets to the modem.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon Wearables

Versions: Specific chipset versions not detailed in public advisory; affected by improper array index check in modem firmware.

Operating Systems: Android, Linux-based embedded systems, QNX, Other embedded OS using Snapdragon chips

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable Snapdragon modem firmware; exact chip models and firmware versions require checking Qualcomm bulletins.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel/system privileges leading to complete device compromise, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Device crash/reboot (denial of service) or limited code execution in modem context, potentially enabling further attacks.

🟢

If Mitigated

No impact if patched; limited to denial of service if exploit attempts are detected and blocked.

🌐 Internet-Facing: HIGH - Modem interfaces can be reached via cellular networks, making devices potentially exploitable remotely without physical access.

🏢 Internal Only: MEDIUM - Requires network access to modem interface, which may be restricted in some configurations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending crafted packets to modem interface; no public exploit code available but buffer overflows in modem firmware are attractive targets.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Refer to device manufacturer/OEM updates for specific firmware versions

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply Qualcomm-provided patches through OEM update channels. 3. Reboot device after update. 4. Verify modem firmware version is updated.

🔧 Temporary Workarounds

Network segmentation

all

Restrict access to modem interfaces from untrusted networks

Firewall rules

all

Block unnecessary modem protocol traffic at network perimeter

🧯 If You Can't Patch

Isolate affected devices on segmented networks with strict access controls
Monitor for unusual modem activity or crash logs indicating exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check device manufacturer security bulletins for affected models; examine modem firmware version against patched versions.

Check Version:

Device-specific commands vary by OEM; typically through Android settings (Settings > About phone > Baseband version) or modem diagnostic tools.

Verify Fix Applied:

Confirm modem firmware has been updated to version containing Qualcomm's July 2021 security patches.

📡 Detection & Monitoring

Log Indicators:

Modem crash logs
Unexpected modem resets
Kernel panic messages related to modem

Network Indicators:

Unusual modem protocol traffic patterns
Malformed packets to modem ports

SIEM Query:

Search for modem crash events or baseband exceptions in device logs

📊 Metadata

CVE ID: CVE-2020-11307

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-129

Published: July 13, 2021

Last Updated: November 21, 2024

🔗 References

https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/july-2021-bulletin Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009w Firmware by Qualcomm

Apq8017 Firmware by Qualcomm

Apq8053 Firmware by Qualcomm

Apq8064au Firmware by Qualcomm

Apq8096au Firmware by Qualcomm

Aqt1000 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Msm8917 Firmware by Qualcomm

Msm8937 Firmware by Qualcomm

Msm8953 Firmware by Qualcomm

Msm8996au Firmware by Qualcomm

Pm8937 Firmware by Qualcomm

Qca6320 Firmware by Qualcomm

Qca6390 Firmware by Qualcomm

Qca6391 Firmware by Qualcomm

Qca6420 Firmware by Qualcomm

Qca6421 Firmware by Qualcomm

Qca6426 Firmware by Qualcomm

Qca6430 Firmware by Qualcomm

Qca6431 Firmware by Qualcomm

Qca6436 Firmware by Qualcomm

Qca6564 Firmware by Qualcomm

Qca6564a Firmware by Qualcomm

Qca6564au Firmware by Qualcomm

Qca6574 Firmware by Qualcomm

Qca6574a Firmware by Qualcomm

Qca6574au Firmware by Qualcomm

Qca6595 Firmware by Qualcomm

Qca6595au Firmware by Qualcomm

Qca6696 Firmware by Qualcomm

Qcm2290 Firmware by Qualcomm

Qcm4290 Firmware by Qualcomm

Qcm6125 Firmware by Qualcomm

Qcs2290 Firmware by Qualcomm

Qcs4290 Firmware by Qualcomm

Qcs603 Firmware by Qualcomm

Qcs605 Firmware by Qualcomm

Qcs610 Firmware by Qualcomm

Qcs6125 Firmware by Qualcomm

Qualcomm215 Firmware by Qualcomm

Sa6145p Firmware by Qualcomm

Sa6150p Firmware by Qualcomm

Sa6155 Firmware by Qualcomm

Sa6155p Firmware by Qualcomm

Sa8145p Firmware by Qualcomm

Sa8150p Firmware by Qualcomm

Sa8155 Firmware by Qualcomm

Sa8155p Firmware by Qualcomm

Sa8195p Firmware by Qualcomm

Sd 455 Firmware by Qualcomm

Sd 636 Firmware by Qualcomm

Sd 675 Firmware by Qualcomm

Sd205 Firmware by Qualcomm

Sd210 Firmware by Qualcomm

Sd429 Firmware by Qualcomm

Sd439 Firmware by Qualcomm

Sd450 Firmware by Qualcomm

Sd460 Firmware by Qualcomm

Sd480 Firmware by Qualcomm

Sd632 Firmware by Qualcomm

Sd660 Firmware by Qualcomm

Sd662 Firmware by Qualcomm

Sd665 Firmware by Qualcomm

Sd670 Firmware by Qualcomm

Sd675 Firmware by Qualcomm

Sd678 Firmware by Qualcomm

Sd690 5g Firmware by Qualcomm

Sd720g Firmware by Qualcomm

Sd730 Firmware by Qualcomm

Sd750g Firmware by Qualcomm

Sd765 Firmware by Qualcomm

Sd765g Firmware by Qualcomm

Sd768g Firmware by Qualcomm

Sd778g Firmware by Qualcomm

Sd780g Firmware by Qualcomm

Sd835 Firmware by Qualcomm

Sd855 Firmware by Qualcomm