Multiple vulnerabilities in Qualcomm chipsets



| Updated: 2025-05-17
Risk Low
Patch available YES
Number of vulnerabilities 50
CVE-ID CVE-2020-3624
CVE-2019-14056
CVE-2019-14065
CVE-2019-14089
CVE-2019-14115
CVE-2019-14119
CVE-2020-11122
CVE-2020-11133
CVE-2020-3611
CVE-2020-3620
CVE-2020-3622
CVE-2020-3629
CVE-2019-14025
CVE-2020-3636
CVE-2020-3640
CVE-2020-3643
CVE-2020-3644
CVE-2020-3666
CVE-2020-3668
CVE-2020-3669
CVE-2020-3675
CVE-2019-14117
CVE-2020-11120
CVE-2019-14052
CVE-2019-13999
CVE-2020-11116
CVE-2019-10562
CVE-2020-11115
CVE-2020-11118
CVE-2020-11117
CVE-2020-3702
CVE-2019-14074
CVE-2020-11128
CVE-2020-3646
CVE-2020-3647
CVE-2020-3648
CVE-2020-11158
CVE-2019-10628
CVE-2019-13995
CVE-2019-10629
CVE-2019-13994
CVE-2019-13998
CVE-2020-3619
CVE-2020-3621
CVE-2020-3667
CVE-2018-13903
CVE-2019-10527
CVE-2019-10596
CVE-2019-10615
CVE-2019-13992
CWE-ID CWE-190
CWE-415
CWE-320
CWE-200
CWE-367
CWE-822
CWE-121
CWE-284
CWE-20
CWE-120
CWE-823
CWE-131
CWE-126
CWE-416
CWE-457
CWE-287
CWE-310
CWE-129
CWE-476
Exploitation vector Local network
Public exploit N/A
Vulnerable software
APQ8009
Hardware solutions / Firmware

APQ8017
Hardware solutions / Firmware

APQ8053
Hardware solutions / Firmware

APQ8096AU
Hardware solutions / Firmware

APQ8098
Hardware solutions / Firmware

Kamorta
Hardware solutions / Firmware

MDM9150
Hardware solutions / Firmware

MDM9206
Hardware solutions / Firmware

MDM9207C
Hardware solutions / Firmware

MDM9607
Hardware solutions / Firmware

MDM9640
Hardware solutions / Firmware

MDM9650
Hardware solutions / Firmware

MSM8905
Hardware solutions / Firmware

MSM8909W
Hardware solutions / Firmware

MSM8917
Hardware solutions / Firmware

MSM8920
Hardware solutions / Firmware

MSM8937
Hardware solutions / Firmware

MSM8940
Hardware solutions / Firmware

MSM8953
Hardware solutions / Firmware

MSM8996AU
Hardware solutions / Firmware

MSM8998
Hardware solutions / Firmware

Nicobar
Hardware solutions / Firmware

QCM2150
Hardware solutions / Firmware

QCN7605
Hardware solutions / Firmware

QCS605
Hardware solutions / Firmware

QM215
Hardware solutions / Firmware

Rennell
Hardware solutions / Firmware

Saipan
Hardware solutions / Firmware

SC8180X
Hardware solutions / Firmware

SDA660
Hardware solutions / Firmware

SDA845
Hardware solutions / Firmware

SDM429
Hardware solutions / Firmware

SDM429W
Hardware solutions / Firmware

SDM439
Hardware solutions / Firmware

SDM450
Hardware solutions / Firmware

SDM630
Hardware solutions / Firmware

SDM632
Hardware solutions / Firmware

SDM636
Hardware solutions / Firmware

SDM660
Hardware solutions / Firmware

SDM670
Hardware solutions / Firmware

SDM710
Hardware solutions / Firmware

SDM845
Hardware solutions / Firmware

SDX20
Hardware solutions / Firmware

SDX24
Hardware solutions / Firmware

SDX55
Hardware solutions / Firmware

SM6150
Hardware solutions / Firmware

SM7150
Hardware solutions / Firmware

SM8150
Hardware solutions / Firmware

SXR1130
Hardware solutions / Firmware

QCS405
Hardware solutions / Firmware

SA6155P
Hardware solutions / Firmware

SXR2130
Hardware solutions / Firmware

SM8250
Hardware solutions / Firmware

MSM8996
Hardware solutions / Firmware

IPQ8074
Hardware solutions / Firmware

IPQ4019
Hardware solutions / Firmware

IPQ8064
Hardware solutions / Firmware

QCA6174A
Hardware solutions / Firmware

QCA6574AU
Hardware solutions / Firmware

QCA9377
Hardware solutions / Firmware

QCA9379
Hardware solutions / Firmware

QCA9531
Hardware solutions / Firmware

QCA9558
Hardware solutions / Firmware

QCA9980
Hardware solutions / Firmware

MDM9205
Mobile applications / Mobile firmware & hardware

MDM9615
Mobile applications / Mobile firmware & hardware

MDM9625
Mobile applications / Mobile firmware & hardware

MDM9635M
Mobile applications / Mobile firmware & hardware

MDM9645
Mobile applications / Mobile firmware & hardware

MDM9655
Mobile applications / Mobile firmware & hardware

MSM8909
Mobile applications / Mobile firmware & hardware

QCS610
Mobile applications / Mobile firmware & hardware

SA415M
Mobile applications / Mobile firmware & hardware

SA515M
Mobile applications / Mobile firmware & hardware

SC7180
Mobile applications / Mobile firmware & hardware

SDM850
Mobile applications / Mobile firmware & hardware

QCS404
Mobile applications / Mobile firmware & hardware

APQ8076
Mobile applications / Mobile firmware & hardware

IPQ6018
Mobile applications / Mobile firmware & hardware

Bitra
Mobile applications / Mobile firmware & hardware

QCA8081
Mobile applications / Mobile firmware & hardware

QCA6574
Mobile applications / Mobile firmware & hardware

QCA6584AU
Mobile applications / Mobile firmware & hardware

QCA9563
Mobile applications / Mobile firmware & hardware

QCA9880
Mobile applications / Mobile firmware & hardware

QCA9886
Mobile applications / Mobile firmware & hardware

QCN5500
Mobile applications / Mobile firmware & hardware

QCN5502
Mobile applications / Mobile firmware & hardware

QCA6390
Mobile applications / Mobile firmware & hardware

IPQ5018
Mobile applications / Mobile firmware & hardware

QCA4531
Mobile applications / Mobile firmware & hardware

QCN550x
Mobile applications / Mobile firmware & hardware

QCA955x
Mobile applications / Mobile firmware & hardware

QCA956x
Mobile applications / Mobile firmware & hardware

AR938x
Mobile applications / Mobile firmware & hardware

AR958x
Mobile applications / Mobile firmware & hardware

AR934x
Mobile applications / Mobile firmware & hardware

AR9331
Mobile applications / Mobile firmware & hardware

AR9287
Mobile applications / Mobile firmware & hardware

QCA9565
Mobile applications / Mobile firmware & hardware

QCA9462
Mobile applications / Mobile firmware & hardware

QCA9485
Mobile applications / Mobile firmware & hardware

IPS PDF releases prior to IPS System 2020.
Mobile applications / Mobile firmware & hardware

QCN7606
Mobile applications / Mobile firmware & hardware

Vendor Qualcomm

Security Bulletin

This security bulletin contains information about 50 vulnerabilities.

1) Integer overflow

EUVDB-ID: #VU109338

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3624

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Storage. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9207C: All versions

MDM9607: All versions

MDM9615: All versions

MDM9625: All versions

MDM9635M: All versions

MDM9640: All versions

MDM9645: All versions

MDM9650: All versions

MDM9655: All versions

MSM8905: All versions

MSM8909: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCM2150: All versions

QCN7605: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SA515M: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SXR1130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Integer overflow

EUVDB-ID: #VU109326

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-14056

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in TrustZone. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9607: All versions

MDM9650: All versions

Nicobar: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

Rennell: All versions

SA6155P: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM630: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Double Free

EUVDB-ID: #VU109327

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-14065

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in TrustZone. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8098: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9607: All versions

MDM9650: All versions

MSM8905: All versions

MSM8909: All versions

MSM8998: All versions

Nicobar: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

Rennell: All versions

SA515M: All versions

SA6155P: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM630: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Key Management Errors

EUVDB-ID: #VU109329

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-14089

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in HLOS. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Kamorta: All versions

Nicobar: All versions

QCS404: All versions

QCS610: All versions

Rennell: All versions

SA515M: All versions

SA6155P: All versions

SC7180: All versions

SC8180X: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Exposure of sensitive information to an unauthorized actor

EUVDB-ID: #VU109330

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-14115

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8076: All versions

APQ8096AU: All versions

APQ8098: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9607: All versions

MDM9650: All versions

MSM8905: All versions

MSM8909: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCM2150: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SA515M: All versions

SA6155P: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU109331

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-14119

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in QTEE. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

IPQ6018: All versions

Kamorta: All versions

MDM9205: All versions

MDM9607: All versions

Nicobar: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

Rennell: All versions

SA415M: All versions

SA515M: All versions

SA6155P: All versions

SC7180: All versions

SC8180X: All versions

SDM670: All versions

SDM710: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Untrusted Pointer Dereference

EUVDB-ID: #VU109332

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-11122

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Video. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8098: All versions

Bitra: All versions

Kamorta: All versions

SA6155P: All versions

Saipan: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Stack-based buffer overflow

EUVDB-ID: #VU109334

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-11133

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MSM8998: All versions

QCS605: All versions

SDA845: All versions

SDM630: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SXR1130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper Access Control

EUVDB-ID: #VU109335

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3611

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Core. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8098: All versions

Kamorta: All versions

MSM8998: All versions

QCS404: All versions

QCS605: All versions

SDA660: All versions

SDA845: All versions

SDM630: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SXR1130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Integer overflow

EUVDB-ID: #VU109336

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3620

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

Bitra: All versions

IPQ6018: All versions

IPQ8074: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9607: All versions

MDM9640: All versions

MDM9645: All versions

MDM9650: All versions

MDM9655: All versions

MSM8905: All versions

MSM8909: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCA8081: All versions

QCM2150: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SA6155P: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU109337

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3622

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

Bitra: All versions

IPQ6018: All versions

IPQ8074: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9607: All versions

MDM9640: All versions

MDM9645: All versions

MDM9650: All versions

MDM9655: All versions

MSM8905: All versions

MSM8909: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCA8081: All versions

QCM2150: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SA6155P: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Buffer overflow

EUVDB-ID: #VU109339

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3629

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in DSP Services. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Bitra: All versions

Kamorta: All versions

Rennell: All versions

SC7180: All versions

SDM845: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Untrusted Pointer Dereference

EUVDB-ID: #VU109324

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-14025

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Kamorta: All versions

QCS404: All versions

QCS610: All versions

Rennell: All versions

SC7180: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8250: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use of Out-of-range Pointer Offset

EUVDB-ID: #VU109340

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3636

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Kamorta: All versions

QCS404: All versions

QCS610: All versions

Rennell: All versions

SC7180: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8250: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Incorrect Calculation of Buffer Size

EUVDB-ID: #VU109341

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3640

CWE-ID: CWE-131 - Incorrect Calculation of Buffer Size

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Bitra: All versions

Kamorta: All versions

QCS404: All versions

QCS610: All versions

Rennell: All versions

Saipan: All versions

SC7180: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8250: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Exposure of sensitive information to an unauthorized actor

EUVDB-ID: #VU109342

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3643

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8076: All versions

APQ8096AU: All versions

APQ8098: All versions

IPQ6018: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9607: All versions

MDM9650: All versions

MSM8905: All versions

MSM8909: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCM2150: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SA515M: All versions

SA6155P: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Exposure of sensitive information to an unauthorized actor

EUVDB-ID: #VU109343

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3644

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8096AU: All versions

APQ8098: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9607: All versions

MDM9650: All versions

MSM8905: All versions

MSM8909: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

Rennell: All versions

SA415M: All versions

SA515M: All versions

SA6155P: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM630: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Stack-based buffer overflow

EUVDB-ID: #VU109344

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3666

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

IPQ4019: All versions

IPQ6018: All versions

IPQ8064: All versions

IPQ8074: All versions

MDM9206: All versions

MDM9207C: All versions

MDM9607: All versions

MDM9640: All versions

MDM9650: All versions

MSM8996AU: All versions

MSM8998: All versions

QCA6174A: All versions

QCA6574: All versions

QCA6574AU: All versions

QCA6584AU: All versions

QCA8081: All versions

QCA9377: All versions

QCA9379: All versions

QCA9531: All versions

QCA9558: All versions

QCA9563: All versions

QCA9880: All versions

QCA9886: All versions

QCA9980: All versions

QCN5500: All versions

QCN5502: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

SA6155P: All versions

SDA845: All versions

SDM630: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SXR1130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Buffer overflow

EUVDB-ID: #VU109345

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3668

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

IPQ6018: All versions

IPQ8074: All versions

Kamorta: All versions

Nicobar: All versions

QCA6390: All versions

QCA8081: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

Rennell: All versions

SA415M: All versions

SC7180: All versions

SC8180X: All versions

SDA845: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SXR1130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Use of Out-of-range Pointer Offset

EUVDB-ID: #VU109346

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3669

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8098: All versions

IPQ5018: All versions

IPQ6018: All versions

IPQ8074: All versions

Kamorta: All versions

MSM8998: All versions

Nicobar: All versions

QCA6390: All versions

QCA8081: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

Rennell: All versions

SA415M: All versions

SC7180: All versions

SC8180X: All versions

SDA845: All versions

SDM630: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Buffer over-read

EUVDB-ID: #VU109347

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3675

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

IPQ5018: All versions

IPQ6018: All versions

IPQ8074: All versions

Kamorta: All versions

Nicobar: All versions

QCA6390: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

Rennell: All versions

SA415M: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use After Free

EUVDB-ID: #VU109350

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-14117

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Bitra: All versions

MDM9607: All versions

QCS405: All versions

Saipan: All versions

SC8180X: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use After Free

EUVDB-ID: #VU109353

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-11120

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8096AU: All versions

APQ8098: All versions

Bitra: All versions

Kamorta: All versions

MSM8917: All versions

MSM8953: All versions

MSM8998: All versions

QCM2150: All versions

QCS405: All versions

QCS605: All versions

QM215: All versions

Rennell: All versions

Saipan: All versions

SDM429: All versions

SDM439: All versions

SDM450: All versions

SDM632: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use of Uninitialized Variable

EUVDB-ID: #VU109325

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-14052

CWE-ID: CWE-457 - Use of Uninitialized Variable

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in MODEM. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

MDM9150: All versions

MDM9206: All versions

MDM9607: All versions

MDM9615: All versions

MDM9625: All versions

MDM9635M: All versions

MDM9640: All versions

MDM9645: All versions

MDM9650: All versions

MDM9655: All versions

MSM8905: All versions

MSM8909: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCM2150: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

SA415M: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SXR1130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Integer overflow

EUVDB-ID: #VU109323

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-13999

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

IPQ6018: All versions

IPQ8074: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9607: All versions

MDM9640: All versions

MDM9645: All versions

MDM9650: All versions

MDM9655: All versions

MSM8905: All versions

MSM8909: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCA8081: All versions

QCM2150: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SA515M: All versions

SA6155P: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Buffer overflow

EUVDB-ID: #VU109349

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-11116

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

Bitra: All versions

Kamorta: All versions

MDM9206: All versions

MDM9207C: All versions

MDM9607: All versions

MDM9640: All versions

MDM9650: All versions

MSM8905: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996AU: All versions

QCA6174A: All versions

QCA6574AU: All versions

QCA9377: All versions

QCA9379: All versions

QCM2150: All versions

QCN7605: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

SA6155P: All versions

Saipan: All versions

SC8180X: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM845: All versions

SDX20: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper Authentication

EUVDB-ID: #VU109307

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-10562

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in QTEE. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

IPQ6018: All versions

Kamorta: All versions

MSM8998: All versions

Nicobar: All versions

QCS404: All versions

QCS605: All versions

QCS610: All versions

Rennell: All versions

SA415M: All versions

SA6155P: All versions

SC7180: All versions

SDA660: All versions

SDA845: All versions

SDM630: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Exposure of sensitive information to an unauthorized actor

EUVDB-ID: #VU109351

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-11115

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

Bitra: All versions

Kamorta: All versions

MDM9206: All versions

MDM9207C: All versions

MDM9607: All versions

MDM9640: All versions

MDM9650: All versions

MSM8905: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996AU: All versions

MSM8998: All versions

QCA6174A: All versions

QCA6574AU: All versions

QCA9377: All versions

QCA9379: All versions

QCM2150: All versions

QCN7605: All versions

QCS405: All versions

QCS605: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

Saipan: All versions

SC8180X: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM632: All versions

SDM660: All versions

SDM845: All versions

SDX20: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Exposure of sensitive information to an unauthorized actor

EUVDB-ID: #VU109352

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-11118

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

Bitra: All versions

Kamorta: All versions

MDM9150: All versions

MDM9206: All versions

MDM9207C: All versions

MDM9607: All versions

MDM9640: All versions

MDM9650: All versions

MSM8905: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8998: All versions

Nicobar: All versions

QCA6174A: All versions

QCA6574AU: All versions

QCA9377: All versions

QCA9379: All versions

QCM2150: All versions

QCN7605: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

Saipan: All versions

SC8180X: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDX20: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper input validation

EUVDB-ID: #VU109312

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-11117

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in lbd service. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

IPQ4019: All versions

IPQ6018: All versions

IPQ8064: All versions

IPQ8074: All versions

QCA4531: All versions

QCA9531: All versions

QCA9980: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Cryptographic Issues

EUVDB-ID: #VU109316

Risk: Medium

CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-3702

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access top sensitive information.

The vulnerability exists due to improper input validation in WIFI driver(Krook). A remote attacker can temporary disable WPA2 or the WPA/WPA2 mixed-mode encryption and intercept traffic in clear text.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

QCN550x: All versions

QCA9531: All versions

QCA955x: All versions

QCA956x: All versions

AR938x: All versions

AR958x: All versions

AR934x: All versions

AR9331: All versions

AR9287: All versions

QCA4531: All versions

QCA9565: All versions

QCA9462: All versions

QCA9485: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Integer overflow

EUVDB-ID: #VU109328

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-14074

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Diag Services. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8076: All versions

APQ8096AU: All versions

APQ8098: All versions

Bitra: All versions

IPQ6018: All versions

IPQ8074: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9207C: All versions

MDM9607: All versions

MDM9625: All versions

MDM9635M: All versions

MDM9640: All versions

MDM9645: All versions

MDM9650: All versions

MDM9655: All versions

MSM8905: All versions

MSM8909: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCA8081: All versions

QCM2150: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SA6155P: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper Validation of Array Index

EUVDB-ID: #VU109333

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-11128

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Diag Services. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8096AU: All versions

APQ8098: All versions

Bitra: All versions

Kamorta: All versions

MDM9150: All versions

MDM9607: All versions

MDM9650: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8998: All versions

QCM2150: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA515M: All versions

SA6155P: All versions

Saipan: All versions

SC8180X: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM632: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Buffer overflow

EUVDB-ID: #VU109354

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3646

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Video. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Bitra: All versions

MSM8909W: All versions

QCM2150: All versions

QCS405: All versions

QCS605: All versions

Saipan: All versions

SC8180X: All versions

SDA845: All versions

SDM429W: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Stack-based buffer overflow

EUVDB-ID: #VU109355

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3647

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Neural Processing Unit. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MDM9607: All versions

QCS405: All versions

SC8180X: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Use of Out-of-range Pointer Offset

EUVDB-ID: #VU109356

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3648

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in DSP Services. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MSM8909W: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) NULL Pointer Dereference

EUVDB-ID: #VU109348

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-11158

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in PDF-Compatible Interpreter. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

IPS PDF releases prior to IPS System 2020.: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper Validation of Array Index

EUVDB-ID: #VU109308

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-10628

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Kernel. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8098: All versions

Bitra: All versions

MDM9205: All versions

MDM9650: All versions

MSM8998: All versions

Nicobar: All versions

QCA6390: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

Rennell: All versions

SA415M: All versions

SA6155P: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM630: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Integer overflow

EUVDB-ID: #VU109322

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-13995

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Trustzone. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

Bitra: All versions

IPQ6018: All versions

IPQ8074: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9607: All versions

MDM9640: All versions

MDM9645: All versions

MDM9650: All versions

MDM9655: All versions

MSM8905: All versions

MSM8909: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCA8081: All versions

QCM2150: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SA6155P: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper Validation of Array Index

EUVDB-ID: #VU109309

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-10629

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in kernel. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Bitra: All versions

IPQ6018: All versions

IPQ8074: All versions

MDM9205: All versions

Nicobar: All versions

QCA8081: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

Rennell: All versions

SA415M: All versions

SA6155P: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDA845: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Integer overflow

EUVDB-ID: #VU109310

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-13994

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Trustzone. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

Bitra: All versions

IPQ6018: All versions

IPQ8074: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9607: All versions

MDM9640: All versions

MDM9645: All versions

MDM9650: All versions

MDM9655: All versions

MSM8905: All versions

MSM8909: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCA8081: All versions

QCM2150: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SA6155P: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Integer overflow

EUVDB-ID: #VU109311

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-13998

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

Bitra: All versions

IPQ6018: All versions

IPQ8074: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9607: All versions

MDM9640: All versions

MDM9645: All versions

MDM9650: All versions

MDM9655: All versions

MSM8905: All versions

MSM8909: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCA8081: All versions

QCM2150: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SA515M: All versions

SA6155P: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Time-of-check Time-of-use (TOCTOU) Race Condition

EUVDB-ID: #VU109313

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3619

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Graphics. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8098: All versions

IPQ8074: All versions

Kamorta: All versions

MDM9150: All versions

MDM9206: All versions

MDM9607: All versions

MDM9650: All versions

MSM8905: All versions

MSM8909: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8998: All versions

QCA8081: All versions

QCS404: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SC7180: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX24: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SXR1130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper Validation of Array Index

EUVDB-ID: #VU109314

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3621

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

Bitra: All versions

IPQ6018: All versions

IPQ8074: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9607: All versions

MDM9640: All versions

MDM9645: All versions

MDM9650: All versions

MDM9655: All versions

MSM8905: All versions

MSM8909: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCA8081: All versions

QCM2150: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SA6155P: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Buffer overflow

EUVDB-ID: #VU109315

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2020-3667

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8098: All versions

IPQ5018: All versions

IPQ6018: All versions

IPQ8074: All versions

Kamorta: All versions

MSM8998: All versions

Nicobar: All versions

QCA6390: All versions

QCA8081: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

Rennell: All versions

SA415M: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDA845: All versions

SDM630: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) NULL Pointer Dereference

EUVDB-ID: #VU109317

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2018-13903

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Modem. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8053: All versions

MDM9205: All versions

MDM9206: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

SDM450: All versions

SM8150: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper Validation of Array Index

EUVDB-ID: #VU109318

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-10527

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Mproc. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

Bitra: All versions

IPQ6018: All versions

IPQ8074: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9207C: All versions

MDM9607: All versions

MDM9640: All versions

MDM9650: All versions

MSM8905: All versions

MSM8909: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCA4531: All versions

QCA6574AU: All versions

QCA8081: All versions

QCM2150: All versions

QCN7605: All versions

QCN7606: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SA515M: All versions

SA6155P: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper Access Control

EUVDB-ID: #VU109319

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-10596

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in KERNEL. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Bitra: All versions

Nicobar: All versions

QCS605: All versions

QCS610: All versions

Rennell: All versions

SA6155P: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Integer overflow

EUVDB-ID: #VU109320

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-10615

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Trusted Application. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8053: All versions

APQ8096AU: All versions

APQ8098: All versions

Kamorta: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9607: All versions

MDM9650: All versions

MSM8905: All versions

MSM8909: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

Nicobar: All versions

QCM2150: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

Rennell: All versions

SA415M: All versions

SA515M: All versions

SA6155P: All versions

SC7180: All versions

SC8180X: All versions

SDA660: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Buffer overflow

EUVDB-ID: #VU109321

Risk:

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]

CVE-ID: CVE-2019-13992

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in kernel. #AV# #AU# can #EXT_IMPACT#.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

Bitra: All versions

IPQ6018: All versions

IPQ8074: All versions

MDM9205: All versions

Nicobar: All versions

QCA8081: All versions

QCN7605: All versions

QCS404: All versions

QCS405: All versions

QCS605: All versions

QCS610: All versions

Rennell: All versions

SA415M: All versions

SA6155P: All versions

Saipan: All versions

SC7180: All versions

SC8180X: All versions

SDA845: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDM850: All versions

SDX20: All versions

SDX24: All versions

SDX55: All versions

SM6150: All versions

SM7150: All versions

SM8150: All versions

SM8250: All versions

SXR1130: All versions

SXR2130: All versions

CPE2.3 External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###