CVE-2020-11209

Description

Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

Affected products

• Qualcomm, Inc. / Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon MobileSD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439 – SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

References

• MISChttps://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin
• MISChttps://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
• MISChttps://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/