Login Sign Up

CVE-2020-3625

7.8 HIGH
Buffer Overflow

📋 TL;DR

This is a buffer overflow vulnerability in Qualcomm Snapdragon chipsets that occurs when querying DSP capabilities. Attackers could exploit this to execute arbitrary code or cause denial of service. Affected devices include Snapdragon Auto, Consumer IoT, and Mobile platforms using SM8250 and SXR2130 chipsets.

💻 Affected Systems

Products:
  • Snapdragon Auto
  • Snapdragon Consumer IOT
  • Snapdragon Mobile
Versions: SM8250, SXR2130 chipset versions prior to May 2020 security patches
Operating Systems: Android, Linux-based automotive/embedded systems
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is in the chipset firmware/driver layer, affecting all devices using these specific Qualcomm chipsets.

📦 What is this software?

Sm8250 Firmware by Qualcomm

View all CVEs affecting Sm8250 Firmware →

Sxr2130 Firmware by Qualcomm

View all CVEs affecting Sxr2130 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing attackers to gain elevated permissions on already compromised devices.

🟢

If Mitigated

Denial of service causing device instability or crashes if exploit attempts are blocked.

🌐 Internet-Facing: MEDIUM - Requires local access or malware foothold, but could be chained with other exploits for remote attacks.
🏢 Internal Only: HIGH - Once an attacker gains initial access, this vulnerability enables privilege escalation to kernel level.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access or ability to execute code on the device. Buffer overflow in DSP query functionality could be leveraged for privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: May 2020 security patch level or later

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin

Restart Required: Yes

Instructions:

1. Check device manufacturer for available firmware updates. 2. Apply May 2020 or later security patches. 3. Reboot device after update. 4. Verify patch level in device settings.

🔧 Temporary Workarounds

Restrict DSP access

linux

Limit which applications can access DSP capabilities through SELinux policies or application permissions.

# Configure SELinux to restrict DSP access
# setsebool -P allow_dsp_access 0

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and internet access
  • Implement strict application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check device chipset model and security patch level. Devices with SM8250/SXR2130 chipsets and pre-May 2020 patches are vulnerable.

Check Version:

# For Android: adb shell getprop ro.build.version.security_patch
# Check chipset: adb shell getprop ro.board.platform

Verify Fix Applied:

Verify security patch level is May 2020 or later in device settings > About phone > Android security patch level.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • DSP service crashes
  • Permission denied errors for DSP access

Network Indicators:

  • Unusual outbound connections from privileged processes
  • Anomalous inter-process communication

SIEM Query:

source="kernel" AND ("panic" OR "oops") AND "DSP" OR source="auditd" AND "avc: denied" AND "dsp"

📊 Metadata

CVE ID: CVE-2020-3625
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: June 2, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-3625, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)