CVE-2020-11261
published 2021-06-09CVE-2020-11261: Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute…
PriorityP180high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-01
Exploited in the wild
EPSS
1.77%
75.4th percentile
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2020-11261 affects the Qualcomm Display component on Android devices; patch reference is Android Security Bulletin 2021-01-01 with internal reference A-161373974 / QC-CR#2742124 ↗
- →CVE-2020-11261 is a memory corruption vulnerability triggered when a user application requests memory allocation of a huge size; detection should focus on anomalous large memory allocation requests from user-space to the Qualcomm graphics/display driver ↗
- →CVE-2020-11261 has been confirmed as actively exploited in the wild against Android devices using Qualcomm chips; prioritize detection and patching on such devices ↗
- →CISA has added CVE-2020-11261 to its Known Exploited Vulnerabilities catalog, classifying it as an Improper Input Validation vulnerability; organizations should apply vendor updates per the required action ↗
- ·Affected platforms span a wide range of Qualcomm Snapdragon product lines; scope of exposure is broad across mobile, wearable, IoT, and automotive segments ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5cwq-39c4-23v7: Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon
ghsa_unreviewed·2022-05-24
CVE-2020-11261 [HIGH] CWE-20 GHSA-5cwq-39c4-23v7: Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Project0
The More You Know, The More You Know You Don’t Know - Project Zero
project_zero·2022-04-01
CVE-2016-4654 The More You Know, The More You Know You Don’t Know - Project Zero
A Year in Review of 0-days Used In-the-Wild in 2021
Posted by Maddie Stone, Google Project Zero
This is our third annual year in review of 0-days exploited in-the-wild [2020, 2019]. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what we think the trends and takeaways are. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a group, looking for trends, gaps, lessons learned, successes, etc. If you’re interested in the analysis of individual exploits, please check out our root cause analysis repository.
We perform and share this analysis in order to make 0-day hard. We want it to be more costly, more resource intensive, and overall more difficult for
VulnCheck
Qualcomm Multiple Chipsets Improper Input Validation Vulnerability
vulncheck·2020·CVSS 7.8
CVE-2020-11261 [HIGH] CWE-20 Qualcomm Multiple Chipsets Improper Input Validation Vulnerability
Qualcomm Multiple Chipsets Improper Input Validation Vulnerability
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Affected: Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exp
Project0
Project Zero RCA: CVE-2023-33107: Qualcomm Adreno GPU KGSL_IOCTL_GPUOBJ_IMPORT integer overflow
project_zero·CVSS 8.4
CVE-2023-33107 [HIGH] Project Zero RCA: CVE-2023-33107: Qualcomm Adreno GPU KGSL_IOCTL_GPUOBJ_IMPORT integer overflow
# CVE-2023-33107: Qualcomm Adreno GPU KGSL_IOCTL_GPUOBJ_IMPORT integer overflow
*Benoît Sevens and Jann Horn*
## The Basics
**Disclosure or Patch Date:** October 2, 2023
**Product:** Qualcomm Adreno GPU
**Advisory:** https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2023-bulletin.html
**Affected Versions:** N/A
**First Patched Version:** N/A
**Issue/Bug Report:** N/A
**Patch CL:** https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/d66b799c804083ea5226cfffac6d6c4e7ad4968b
**Bug-Introducing CL:** N/A
**Reporter(s):** Jann Horn of Google's Project Zero and Benoît Sevens of Google's Threat Analysis Group
## The Code
**Proof-of-concept:** Not public
**Exploit sample:** Not public
**Did you have access to the exploit sample when doing the analysis?*
Project0
Project Zero RCA: CVE-2021-1905: Qualcomm Adreno GPU memory mapping use-after-free
project_zero·CVSS 8.4
CVE-2021-1905 [HIGH] Project Zero RCA: CVE-2021-1905: Qualcomm Adreno GPU memory mapping use-after-free
# CVE-2021-1905: Qualcomm Adreno GPU memory mapping use-after-free
*Ben Hawkes, Project Zero*
## The Basics
**Disclosure or Patch Date:** 1 May 2021
**Product:** Qualcomm Adreno GPU
**Advisory:** https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin
**Affected Versions:** Prior to Android 2021-05-01 security patch level
Note: the Qualcomm Adreno GPU kernel driver may be used in other platforms aside from Android, but the following analysis was performed with Android in mind, since Android is a high priority area of interest for Project Zero.
**First Patched Version:** Android 2021-05-01 security patch level
**Issue/Bug Report:** N/A
**Patch CL:**\
https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=d236d315145f8250523ce9e14897d62e5d6639fc \
http
CISA
Qualcomm Multiple Chipsets Improper Input Validation Vulnerability
cisa·2021-12-01·CVSS 7.8
CVE-2020-11261 [HIGH] CWE-20 Qualcomm Multiple Chipsets Improper Input Validation Vulnerability
Vulnerability: Qualcomm Multiple Chipsets Improper Input Validation Vulnerability
Affected: Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-11261
Remediation Due Date: 2022-06-01
Android
CVE-2020-11261: Display
vendor_android·2021-01-01·CVSS 7.8
CVE-2020-11261 [HIGH] CVE-2020-11261: Display
Android Security Bulletin 2021-01-01
CVE: CVE-2020-11261
Severity: HIGH
Component: Display
References: A-161373974
QC-CR#2742124
No detection rules found.
No public exploits indexed.
2021-06-09
Published
2021-12-01
Added to CISA KEV
Exploited in the wild