CVEs-PoC/2020/CVE-2020-11228.md

### [CVE-2020-11228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11228)
![](https://img.shields.io/static/v1?label=Product&message=Snapdragon%20Auto%2C%20Snapdragon%20Compute%2C%20Snapdragon%20Connectivity%2C%20Snapdragon%20Consumer%20IOT%2C%20Snapdragon%20Industrial%20IOT%2C%20Snapdragon%20Mobile%2C%20Snapdragon%20Wired%20Infrastructure%20and%20Networking&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20Access%20Control%20in%20Core&color=brighgreen)

### Description

Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

### POC

#### Reference
- https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin

#### Github
- https://github.com/TinyNiko/android_bulletin_notes