CVE Vulnerabilities

CVE-2020-11151

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Published: Jan 21, 2021 | Modified: Jul 21, 2021
CVSS 3.x
6.4
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Weakness

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Affected Software

Name Vendor Start Version End Version
Qca6574au Qualcomm - -
Qca6584au Qualcomm - -
Sdx55 Qualcomm - -
Sa6155p Qualcomm - -
Qca6390 Qualcomm - -
Qcm4290 Qualcomm - -
Qcs4290 Qualcomm - -
Sa8150p Qualcomm - -
Sa8155 Qualcomm - -
Sa8195p Qualcomm - -
Sda429w Qualcomm - -
Sdx55m Qualcomm - -
Sm7250p Qualcomm - -
Sd675 Qualcomm - -
Pm3003a Qualcomm - -
Pm6125 Qualcomm - -
Pm6150 Qualcomm - -
Pm6150a Qualcomm - -
Pm6150l Qualcomm - -
Pm6350 Qualcomm - -
Pm640a Qualcomm - -
Pm640l Qualcomm - -
Pm640p Qualcomm - -
Pm7150a Qualcomm - -
Pm7150l Qualcomm - -
Pm7250 Qualcomm - -
Pm7250b Qualcomm - -
Pm8008 Qualcomm - -
Pm8009 Qualcomm - -
Pm8150a Qualcomm - -
Pm8150b Qualcomm - -
Pm8150c Qualcomm - -
Pm8150l Qualcomm - -
Pm8250 Qualcomm - -
Pmi632 Qualcomm - -
Pmk8002 Qualcomm - -
Pmk8003 Qualcomm - -
Pmm8195au Qualcomm - -
Pmm855au Qualcomm - -
Pmr525 Qualcomm - -
Pmr735a Qualcomm - -
Pmr735b Qualcomm - -
Pmx55 Qualcomm - -
Qat3516 Qualcomm - -
Qat3518 Qualcomm - -
Qat3519 Qualcomm - -
Qat3522 Qualcomm - -
Qat3550 Qualcomm - -
Qat3555 Qualcomm - -
Qat5515 Qualcomm - -
Qat5516 Qualcomm - -
Qat5522 Qualcomm - -
Qat5533 Qualcomm - -
Qbt1500 Qualcomm - -
Qbt2000 Qualcomm - -
Qca6391 Qualcomm - -
Qca6421 Qualcomm - -
Qca6426 Qualcomm - -
Qca6431 Qualcomm - -
Qca6436 Qualcomm - -
Qca6574a Qualcomm - -
Qca6595 Qualcomm - -
Qca6595au Qualcomm - -
Qca6696 Qualcomm - -
Qdm2301 Qualcomm - -
Qdm2305 Qualcomm - -
Qdm2307 Qualcomm - -
Qdm2308 Qualcomm - -
Qdm2310 Qualcomm - -
Qdm3301 Qualcomm - -
Qdm5620 Qualcomm - -
Qdm5621 Qualcomm - -
Qdm5650 Qualcomm - -
Qdm5652 Qualcomm - -
Qdm5670 Qualcomm - -
Qdm5671 Qualcomm - -
Qdm5677 Qualcomm - -
Qdm5679 Qualcomm - -
Qet4101 Qualcomm - -
Qet5100 Qualcomm - -
Qet6100 Qualcomm - -
Qet6110 Qualcomm - -
Qfs2530 Qualcomm - -
Qfs2580 Qualcomm - -
Qln4642 Qualcomm - -
Qln4650 Qualcomm - -
Qln5020 Qualcomm - -
Qln5030 Qualcomm - -
Qln5040 Qualcomm - -
Qpa2625 Qualcomm - -
Qpa4360 Qualcomm - -
Qpa5580 Qualcomm - -
Qpa5581 Qualcomm - -
Qpa6560 Qualcomm - -
Qpa8673 Qualcomm - -
Qpa8686 Qualcomm - -
Qpa8801 Qualcomm - -
Qpa8802 Qualcomm - -
Qpa8803 Qualcomm - -
Qpa8821 Qualcomm - -
Qpa8842 Qualcomm - -
Qpm4650 Qualcomm - -
Qpm5621 Qualcomm - -
Qpm5658 Qualcomm - -
Qpm5670 Qualcomm - -
Qpm5677 Qualcomm - -
Qpm5679 Qualcomm - -
Qpm6582 Qualcomm - -
Qpm6585 Qualcomm - -
Qpm8820 Qualcomm - -
Qpm8830 Qualcomm - -
Qpm8870 Qualcomm - -
Qpm8895 Qualcomm - -
Qsm7250 Qualcomm - -
Qsw8574 Qualcomm - -
Qtc410s Qualcomm - -
Qtc800h Qualcomm - -
Qtc801s Qualcomm - -
Qtm525 Qualcomm - -
Sd460 Qualcomm - -
Sd662 Qualcomm - -
Sd665 Qualcomm - -
Sd750g Qualcomm - -
Sd765 Qualcomm - -
Sd765g Qualcomm - -
Sd768g Qualcomm - -
Sdr425 Qualcomm - -
Sdr660 Qualcomm - -
Sdr660g Qualcomm - -
Sdr735 Qualcomm - -
Sdr8250 Qualcomm - -
Sdr865 Qualcomm - -
Smb1354 Qualcomm - -
Smb1355 Qualcomm - -
Smb1390 Qualcomm - -
Smb1395 Qualcomm - -
Smb1396 Qualcomm - -
Smr525 Qualcomm - -
Smr526 Qualcomm - -
Wcd9341 Qualcomm - -
Wcd9370 Qualcomm - -
Wcd9375 Qualcomm - -
Wcd9380 Qualcomm - -
Wcd9385 Qualcomm - -
Wcn3610 Qualcomm - -
Wcn3660b Qualcomm - -
Wcn3950 Qualcomm - -
Wcn3980 Qualcomm - -
Wcn3988 Qualcomm - -
Wcn3991 Qualcomm - -
Wcn3998 Qualcomm - -
Wcn6750 Qualcomm - -
Wcn6850 Qualcomm - -
Wcn6851 Qualcomm - -
Wgr7640 Qualcomm - -
Wsa8810 Qualcomm - -
Wsa8815 Qualcomm - -
Wsa8830 Qualcomm - -
Wsa8835 Qualcomm - -
Wtr2965 Qualcomm - -
Wtr3925 Qualcomm - -
Wcn3620 Qualcomm - -
Sd6905g Qualcomm - -
Sd8655g Qualcomm - -
Sdxr25g Qualcomm - -

Extended Description

This can have security implications when the expected synchronization is in security-critical code, such as recording whether a user is authenticated or modifying important state information that should not be influenced by an outsider. A race condition occurs within concurrent environments, and is effectively a property of a code sequence. Depending on the context, a code sequence may be in the form of a function call, a small number of instructions, a series of program invocations, etc. A race condition violates these properties, which are closely related:

A race condition exists when an “interfering code sequence” can still access the shared resource, violating exclusivity. Programmers may assume that certain code sequences execute too quickly to be affected by an interfering code sequence; when they are not, this violates atomicity. For example, the single “x++” statement may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read (the original value of x), followed by a computation (x+1), followed by a write (save the result to x). The interfering code sequence could be “trusted” or “untrusted.” A trusted interfering code sequence occurs within the product; it cannot be modified by the attacker, and it can only be invoked indirectly. An untrusted interfering code sequence can be authored directly by the attacker, and typically it is external to the vulnerable product.

Potential Mitigations

  • Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
  • Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).

References