CVE-2020-11209 MEDIUM

Published: 2020-11-12 | Last Modified: 2024-11-21 | Status: Modified

Description

Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

Additional Descriptions (1)

Una autorización inapropiada en el proceso DSP podría permitir a los usuarios no autorizados degradar las versiones de la biblioteca en versiones SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector	LOCAL
Attack Complexity	LOW
Privileges Required	LOW
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	NONE
Integrity Impact	HIGH
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Base Score: 2.1 (LOW)

AV:L/AC:L/Au:N/C:N/I:P/A:N

Access Vector	LOCAL
Access Complexity	LOW
Authentication	NONE
Confidentiality Impact	NONE
Integrity Impact	PARTIAL
Availability Impact	NONE

Source: [email protected]

Type: Primary

Exploitability Score: 3.9

Impact Score: 2.9

Weaknesses

Source	Type	Description
[email protected]	Primary	en CWE-863

Affected Products

Vendor	Product	Version	Update	Type
qualcomm	sd820_firmware	-	<built-in method update of dict object at 0x7c3c40d55a00>	Operating System
qualcomm	sd821_firmware	-	<built-in method update of dict object at 0x7c3c40d55100>	Operating System
qualcomm	qcs603_firmware	-	<built-in method update of dict object at 0x7c3c40d56180>	Operating System
qualcomm	qcs605_firmware	-	<built-in method update of dict object at 0x7c3c2910cac0>	Operating System
qualcomm	sda855_firmware	-	<built-in method update of dict object at 0x7c3c40d55b40>	Operating System
qualcomm	sa6155p_firmware	-	<built-in method update of dict object at 0x7c3c40d55500>	Operating System
qualcomm	sa6145p_firmware	-	<built-in method update of dict object at 0x7c3c40d54fc0>	Operating System
qualcomm	sa6155_firmware	-	<built-in method update of dict object at 0x7c3bf3e4fec0>	Operating System
qualcomm	sa6155p_firmware	-	<built-in method update of dict object at 0x7c3bf3e4f1c0>	Operating System
qualcomm	sd855_firmware	-	<built-in method update of dict object at 0x7c3c40d55380>	Operating System
qualcomm	sd_675_firmware	-	<built-in method update of dict object at 0x7c3c40d57500>	Operating System
qualcomm	sd660_firmware	-	<built-in method update of dict object at 0x7c3c2910d900>	Operating System
qualcomm	sd429_firmware	-	<built-in method update of dict object at 0x7c3c40d55700>	Operating System
qualcomm	sd439_firmware	-	<built-in method update of dict object at 0x7c3c48403040>	Operating System

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sd820_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sd820:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sd821_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sd821:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:qcs603_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:qcs603:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:qcs605_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:qcs605:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sda855_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sda855:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sa6155p_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sa6155p:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sa6145p_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sa6145p:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sa6155_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sa6155:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sa6155p_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sa6155p:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sd855_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sd855:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sd_675_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sd_675:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sd660_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sd660:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sd429_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sd429:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:qualcomm:sd439_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:h:qualcomm:sd439:-:::::::*`

References

https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
Source: [email protected]

Third Party Advisory
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/
Source: [email protected]

Exploit Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin
Source: [email protected]

Broken Link Vendor Advisory
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/
Source: af854a3a-2127-422b-91ae-364da2661108

Exploit Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin
Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link Vendor Advisory