Vulnerability Description
Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Qcm6125 Firmware | - |
| Qualcomm | Qcm6125 | - |
| Qualcomm | Qcs410 Firmware | - |
| Qualcomm | Qcs410 | - |
| Qualcomm | Qcs603 Firmware | - |
| Qualcomm | Qcs603 | - |
| Qualcomm | Qcs605 Firmware | - |
| Qualcomm | Qcs605 | - |
| Qualcomm | Qcs610 Firmware | - |
| Qualcomm | Qcs610 | - |
| Qualcomm | Qcs6125 Firmware | - |
| Qualcomm | Qcs6125 | - |
| Qualcomm | Sa6145P Firmware | - |
| Qualcomm | Sa6145P | - |
| Qualcomm | Sa6155 Firmware | - |
| Qualcomm | Sa6155 | - |
| Qualcomm | Sa6155P Firmware | - |
| Qualcomm | Sa6155P | - |
| Qualcomm | Sa8155 Firmware | - |
| Qualcomm | Sa8155 | - |
Related Weaknesses (CWE)
References
- https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/Third Party Advisory
- https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ExploitThird Party Advisory
- https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletBroken LinkVendor Advisory
- https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/Third Party Advisory
- https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ExploitThird Party Advisory
- https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletBroken LinkVendor Advisory
FAQ
What is CVE-2020-11201?
CVE-2020-11201 is a vulnerability with a CVSS score of 7.8 (HIGH). Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snap...
How severe is CVE-2020-11201?
CVE-2020-11201 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11201?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Qcm6125 Firmware, Qualcomm Qcm6125, Qualcomm Qcs410 Firmware, Qualcomm Qcs410, Qualcomm Qcs603 Firmware.