CVE-2020-11173 : Security Advisory and Response

A vulnerability in Qualcomm Snapdragon products could allow two threads running simultaneously from user space to lead to a race condition in the fastRPC driver.

Understanding CVE-2020-11173

This CVE affects a wide range of Qualcomm Snapdragon products and versions.

What is CVE-2020-11173?

The vulnerability in Qualcomm Snapdragon products could result in a race condition when two threads run simultaneously from user space.

The Impact of CVE-2020-11173

The vulnerability could potentially be exploited by attackers to execute arbitrary code or disrupt the normal operation of affected devices.

Technical Details of CVE-2020-11173

Qualcomm Snapdragon products are affected by this vulnerability.

Vulnerability Description

The issue involves a race condition in the fastRPC driver when two threads run concurrently from user space.

Affected Systems and Versions

Products: Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables, Wired Infrastructure, and Networking
Versions: Agatti, APQ8053, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8953, Nicobar, QCA6390, QCS404, QCS405, QCS610, Rennell, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM632, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Exploitation Mechanism

The vulnerability can be exploited by running two threads simultaneously from user space, triggering a race condition in the fastRPC driver.

Mitigation and Prevention

Steps to address and prevent the CVE-2020-11173 vulnerability.

Immediate Steps to Take

Apply security patches provided by Qualcomm promptly.
Monitor Qualcomm's security bulletins for updates and advisories.

Long-Term Security Practices

Regularly update firmware and software on affected devices.
Implement secure coding practices to prevent similar vulnerabilities.

Patching and Updates

Install the latest firmware and software updates from Qualcomm to mitigate the vulnerability.