CVE-2020-3691

Q: What is the severity of CVE-2020-3691?

CVE-2020-3691 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows integer underflow in Qualcomm Snapdragon audio processing, potentially leading to out-of-bounds memory access. Attackers could exploit this to execute arbitrary code or cause denial of service. Affected devices include various Snapdragon-based products across automotive, mobile, IoT, and networking segments.

9.8 CRITICAL

Denial of Service

📋 TL;DR

This vulnerability allows integer underflow in Qualcomm Snapdragon audio processing, potentially leading to out-of-bounds memory access. Attackers could exploit this to execute arbitrary code or cause denial of service. Affected devices include various Snapdragon-based products across automotive, mobile, IoT, and networking segments.

💻 Affected Systems

Products:

Snapdragon Auto
Snapdragon Compute
Snapdragon Connectivity
Snapdragon Consumer IOT
Snapdragon Industrial IOT
Snapdragon IoT
Snapdragon Mobile
Snapdragon Voice & Music
Snapdragon Wearables
Snapdragon Wired Infrastructure and Networking

Versions: Multiple Snapdragon chipset versions prior to December 2020 patches

Operating Systems: Android, Linux-based embedded systems, Various RTOS implementations

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is in Qualcomm's audio processing firmware/drivers, affecting devices regardless of OS configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel privileges leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Denial of service (device crash/reboot) or limited information disclosure through memory corruption.

🟢

If Mitigated

Controlled crash without code execution if memory protections are enabled, but still disruptive.

🌐 Internet-Facing: HIGH - Many affected devices are internet-connected (mobile, IoT, networking) and could be remotely targeted.

🏢 Internal Only: MEDIUM - Internal devices could be exploited through network access or malicious apps.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires crafting malicious audio content, but no public exploit code is available. The vulnerability is remotely triggerable via audio processing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: December 2020 security updates from Qualcomm and device manufacturers

Vendor Advisory: https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

Restart Required: Yes

Instructions:

1. Check with device manufacturer for available firmware updates. 2. Apply December 2020 or later security patches. 3. For Android devices, install latest system updates from manufacturer. 4. For embedded systems, update Qualcomm firmware/drivers.

🔧 Temporary Workarounds

Disable vulnerable audio processing

all

Disable or restrict audio processing features that handle untrusted content

Network segmentation

all

Isolate affected devices from untrusted networks

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor for abnormal audio processing behavior or device crashes

🔍 How to Verify

Check if Vulnerable:

Check device firmware/software version against manufacturer's patched versions. For Android: Settings > About phone > Android security patch level (should be December 2020 or later).

Check Version:

Android: adb shell getprop ro.build.version.security_patch | Linux-based: check firmware version via manufacturer tools

Verify Fix Applied:

Confirm installation of December 2020 or later security patches from device manufacturer.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Audio service crashes
Memory corruption errors in system logs

Network Indicators:

Unexpected audio file transfers to devices
Network traffic spikes during audio processing

SIEM Query:

source="kernel" AND ("panic" OR "oops" OR "segfault") AND process="audio"

📊 Metadata

CVE ID: CVE-2020-3691

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-191

Published: January 21, 2021

Last Updated: November 21, 2024

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Apq8009 by Qualcomm

Apq8009w by Qualcomm

Apq8017 by Qualcomm

Apq8030 by Qualcomm

Apq8037 by Qualcomm

Apq8052 by Qualcomm

Apq8053 by Qualcomm

Apq8056 by Qualcomm

Apq8060a by Qualcomm

Apq8062 by Qualcomm

Apq8064 by Qualcomm

Apq8064au by Qualcomm

Apq8076 by Qualcomm

Apq8084 by Qualcomm

Apq8096au by Qualcomm

Aqt1000 by Qualcomm

Ar6003 by Qualcomm

Ar8031 by Qualcomm

Ar8035 by Qualcomm

Ar8151 by Qualcomm

Ar9374 by Qualcomm

Csra6620 by Qualcomm

Csra6640 by Qualcomm

Csrb31024 by Qualcomm

Mdm8215 by Qualcomm

Mdm8215m by Qualcomm

Mdm8615m by Qualcomm

Mdm8635m by Qualcomm

Mdm9206 by Qualcomm

Mdm9215 by Qualcomm

Mdm9225 by Qualcomm

Mdm9225m by Qualcomm

Mdm9230 by Qualcomm

Mdm9235m by Qualcomm

Mdm9310 by Qualcomm

Mdm9330 by Qualcomm

Mdm9607 by Qualcomm

Mdm9615 by Qualcomm

Mdm9615m by Qualcomm

Mdm9625 by Qualcomm

Mdm9625m by Qualcomm

Mdm9628 by Qualcomm

Mdm9630 by Qualcomm

Mdm9635m by Qualcomm

Mdm9640 by Qualcomm

Mdm9645 by Qualcomm

Mdm9650 by Qualcomm

Mdm9655 by Qualcomm

Mpq8064 by Qualcomm

Msm8108 by Qualcomm

Msm8208 by Qualcomm

Msm8209 by Qualcomm

Msm8226 by Qualcomm

Msm8227 by Qualcomm

Msm8230 by Qualcomm

Msm8608 by Qualcomm

Msm8610 by Qualcomm

Msm8626 by Qualcomm

Msm8627 by Qualcomm

Msm8630 by Qualcomm

Msm8909w by Qualcomm

Msm8917 by Qualcomm

Msm8920 by Qualcomm

Msm8930 by Qualcomm

Msm8937 by Qualcomm

Msm8940 by Qualcomm

Msm8952 by Qualcomm

Msm8953 by Qualcomm

Msm8956 by Qualcomm

Msm8960 by Qualcomm

Msm8960sg by Qualcomm

Msm8962 by Qualcomm

Msm8976 by Qualcomm

Msm8976sg by Qualcomm

Msm8996au by Qualcomm

Pm215 by Qualcomm

Pm3003a by Qualcomm