CVE-2020-11208 HIGH

Published: 2020-11-12 | Last Modified: 2024-11-21 | Status: Modified

Description

Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

Additional Descriptions (1)

Un Problema fuera de límites en los servicios DSP mientras se procesan los argumentos recibidos debido a una comprobación inapropiada de la longitud recibida como argumento en versiones SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

CVSS Metrics

Base Score: 7.8 (HIGH)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 5.9

Base Score: 7.2 (HIGH)

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector	LOCAL
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	COMPLETE
Integrity Impact	COMPLETE
Availability Impact	COMPLETE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 10.0

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-191

Affected Products

Vendor	Product	Version	Update	Type
qualcomm	sd820_firmware	-	<built-in method update of dict object at 0x7c3c40d4ec80>	Operating System
qualcomm	sd821_firmware	-	<built-in method update of dict object at 0x7c3c46895cc0>	Operating System
qualcomm	qcs603_firmware	-	<built-in method update of dict object at 0x7c3c48282b80>	Operating System
qualcomm	qcs605_firmware	-	<built-in method update of dict object at 0x7c3c32746380>	Operating System
qualcomm	sda855_firmware	-	<built-in method update of dict object at 0x7c3c40d4d900>	Operating System
qualcomm	sa6155p_firmware	-	<built-in method update of dict object at 0x7c3c40d4e300>	Operating System
qualcomm	sa6145p_firmware	-	<built-in method update of dict object at 0x7c3c40dd5740>	Operating System
qualcomm	sa6155_firmware	-	<built-in method update of dict object at 0x7c3c46897840>	Operating System
qualcomm	sa6155p_firmware	-	<built-in method update of dict object at 0x7c3c40d4fb00>	Operating System
qualcomm	sd855_firmware	-	<built-in method update of dict object at 0x7c3c40d4ff00>	Operating System
qualcomm	sd675_firmware	-	<built-in method update of dict object at 0x7c3c40d4f540>	Operating System
qualcomm	sd660_firmware	-	<built-in method update of dict object at 0x7c3c46894280>	Operating System
qualcomm	sd429_firmware	-	<built-in method update of dict object at 0x7c3c32746e80>	Operating System
qualcomm	sd439_firmware	-	<built-in method update of dict object at 0x7c3c2b143700>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sd820_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sd820:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sd821_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sd821:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:qcs603_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:qcs603:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:qcs605_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:qcs605:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sda855_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sda855:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sa6155p_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sa6155p:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sa6145p_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sa6145p:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sa6155_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sa6155:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sa6155p_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sa6155p:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sd855_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sd855:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sd675_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sd675:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sd660_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sd660:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sd429_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sd429:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sd439_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sd439:-:::::::*`

References

https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
Source: [email protected]

Third Party Advisory
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/
Source: [email protected]

Exploit Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin
Source: [email protected]

Vendor Advisory
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/
Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin
Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory