Vulnerability Description
Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Sd820 Firmware | - |
| Qualcomm | Sd820 | - |
| Qualcomm | Sd821 Firmware | - |
| Qualcomm | Sd821 | - |
| Qualcomm | Qcs603 Firmware | - |
| Qualcomm | Qcs603 | - |
| Qualcomm | Qcs605 Firmware | - |
| Qualcomm | Qcs605 | - |
| Qualcomm | Sda855 Firmware | - |
| Qualcomm | Sda855 | - |
| Qualcomm | Sa6155P Firmware | - |
| Qualcomm | Sa6155P | - |
| Qualcomm | Sa6145P Firmware | - |
| Qualcomm | Sa6145P | - |
| Qualcomm | Sa6155 Firmware | - |
| Qualcomm | Sa6155 | - |
| Qualcomm | Sd855 Firmware | - |
| Qualcomm | Sd855 | - |
| Qualcomm | Sd 675 Firmware | - |
| Qualcomm | Sd 675 | - |
Related Weaknesses (CWE)
References
- https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/Third Party Advisory
- https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ExploitThird Party Advisory
- https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletBroken LinkVendor Advisory
- https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/Third Party Advisory
- https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ExploitThird Party Advisory
- https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletBroken LinkVendor Advisory
FAQ
What is CVE-2020-11209?
CVE-2020-11209 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675,...
How severe is CVE-2020-11209?
CVE-2020-11209 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11209?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Sd820 Firmware, Qualcomm Sd820, Qualcomm Sd821 Firmware, Qualcomm Sd821, Qualcomm Qcs603 Firmware.