Is the Fairphone 3/3+ affected by CVE-2020-11292?

florian.n · May 7, 2021, 2:56pm

A recently disclosed vulnerability by Check Point Research (Security probe of Qualcomm MSM data services - Check Point Research) seems to identify a “High rated vulnerability” in the Qualcomm MSM Interface.

Regarding an article of Ars Technica (Fix for critical Qualcomm chip flaw is making its way to Android devices | Ars Technica):

Check Point spokesman Ekram Ahmed told me that Qualcomm has released a patch and disclosed the bug to all customers who use the chip. Because of the intricacies involved, it’s not yet clear which vulnerable Android devices are fixed and which ones aren’t.

I couldn’t find if the FP 3/3+ is affected?

Are there any additional ressources i could check out?

martine · May 7, 2021, 6:01pm

From what I read the vulnerability is only found in ‘higher end phones.’ They are pretty vague which phones exactly are affected.

DeepSea · May 7, 2021, 7:16pm

https://www.techrepublic.com/article/android-phones-may-be-vulnerable-to-security-flaw-in-qualcomm-chip/

From the article:

Qualcomm confirmed that the fix was provided to device makers last December and that many have already rolled out the necessary updates to users. Further, the vulnerability and the fix will be included in the next Android security bulletin due out in June.

AlbertJP · May 8, 2021, 8:41am

From what I read, it is not clear which Qualcomm SoCs are affected but some websites suggest all of them, meaning it would affect the FP2 as well.

Both the FP2 and FP3 have received updates since December so it could be that this is patched but the changelogs don’t provide this information as they were written before disclosure.

DeepSea · May 8, 2021, 9:34am

That does not matter, CVE’s can be mentioned at any time, even before disclosure…

system · November 4, 2021, 9:35am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.