Main Vulnerability Database SB2020080530

SB2020080530 - Multiple vulnerabilities in Qualcomm chipsets

Published: August 5, 2020 Updated: May 17, 2025

Security Bulletin ID SB2020080530

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 50

Exploitation vector Adjecent network

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 50 vulnerabilities.

1) Integer overflow (CVE-ID: CVE-2020-3624)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Storage. #AV# #AU# can #EXT_IMPACT#.

2) Integer overflow (CVE-ID: CVE-2019-14056)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in TrustZone. #AV# #AU# can #EXT_IMPACT#.

3) Double Free (CVE-ID: CVE-2019-14065)

CWE-ID: CWE-415 - Double Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in TrustZone. #AV# #AU# can #EXT_IMPACT#.

4) Key Management Errors (CVE-ID: CVE-2019-14089)

CWE-ID: CWE-320 - Key Management Errors

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in HLOS. #AV# #AU# can #EXT_IMPACT#.

5) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2019-14115)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

6) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2019-14119)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in QTEE. #AV# #AU# can #EXT_IMPACT#.

7) Untrusted Pointer Dereference (CVE-ID: CVE-2020-11122)

CWE-ID: CWE-822 - Untrusted Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Video. #AV# #AU# can #EXT_IMPACT#.

8) Stack-based buffer overflow (CVE-ID: CVE-2020-11133)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

9) Improper Access Control (CVE-ID: CVE-2020-3611)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Core. #AV# #AU# can #EXT_IMPACT#.

10) Integer overflow (CVE-ID: CVE-2020-3620)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

11) Improper input validation (CVE-ID: CVE-2020-3622)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

12) Buffer overflow (CVE-ID: CVE-2020-3629)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in DSP Services. #AV# #AU# can #EXT_IMPACT#.

13) Untrusted Pointer Dereference (CVE-ID: CVE-2019-14025)

CWE-ID: CWE-822 - Untrusted Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

14) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-3636)

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

15) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2020-3640)

CWE-ID: CWE-131 - Incorrect Calculation of Buffer Size

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

16) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2020-3643)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

17) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2020-3644)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

18) Stack-based buffer overflow (CVE-ID: CVE-2020-3666)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

19) Buffer overflow (CVE-ID: CVE-2020-3668)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

20) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-3669)

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

21) Buffer over-read (CVE-ID: CVE-2020-3675)

CWE-ID: CWE-126 - Buffer over-read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

22) Use After Free (CVE-ID: CVE-2019-14117)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

23) Use After Free (CVE-ID: CVE-2020-11120)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

24) Use of Uninitialized Variable (CVE-ID: CVE-2019-14052)

CWE-ID: CWE-457 - Use of Uninitialized Variable

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in MODEM. #AV# #AU# can #EXT_IMPACT#.

25) Integer overflow (CVE-ID: CVE-2019-13999)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

26) Buffer overflow (CVE-ID: CVE-2020-11116)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

27) Improper Authentication (CVE-ID: CVE-2019-10562)

CWE-ID: CWE-287 - Improper Authentication

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in QTEE. #AV# #AU# can #EXT_IMPACT#.

28) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2020-11115)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

29) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2020-11118)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

30) Improper input validation (CVE-ID: CVE-2020-11117)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in lbd service. #AV# #AU# can #EXT_IMPACT#.

31) Cryptographic Issues (CVE-ID: CVE-2020-3702)

CWE-ID: CWE-310 - Cryptographic Issues

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to gain access top sensitive information.

The vulnerability exists due to improper input validation in WIFI driver(Krook). A remote attacker can temporary disable WPA2 or the WPA/WPA2 mixed-mode encryption and intercept traffic in clear text.

32) Integer overflow (CVE-ID: CVE-2019-14074)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Diag Services. #AV# #AU# can #EXT_IMPACT#.

33) Improper Validation of Array Index (CVE-ID: CVE-2020-11128)

CWE-ID: CWE-129 - Improper Validation of Array Index

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Diag Services. #AV# #AU# can #EXT_IMPACT#.

34) Buffer overflow (CVE-ID: CVE-2020-3646)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Video. #AV# #AU# can #EXT_IMPACT#.

35) Stack-based buffer overflow (CVE-ID: CVE-2020-3647)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Neural Processing Unit. #AV# #AU# can #EXT_IMPACT#.

36) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-3648)

CWE-ID: CWE-823 - Use of Out-of-range Pointer Offset

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in DSP Services. #AV# #AU# can #EXT_IMPACT#.

37) NULL Pointer Dereference (CVE-ID: CVE-2020-11158)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in PDF-Compatible Interpreter. #AV# #AU# can #EXT_IMPACT#.

38) Improper Validation of Array Index (CVE-ID: CVE-2019-10628)

CWE-ID: CWE-129 - Improper Validation of Array Index

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Kernel. #AV# #AU# can #EXT_IMPACT#.

39) Integer overflow (CVE-ID: CVE-2019-13995)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Trustzone. #AV# #AU# can #EXT_IMPACT#.

40) Improper Validation of Array Index (CVE-ID: CVE-2019-10629)

CWE-ID: CWE-129 - Improper Validation of Array Index

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in kernel. #AV# #AU# can #EXT_IMPACT#.

41) Integer overflow (CVE-ID: CVE-2019-13994)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Trustzone. #AV# #AU# can #EXT_IMPACT#.

42) Integer overflow (CVE-ID: CVE-2019-13998)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

43) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2020-3619)

CWE-ID: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Graphics. #AV# #AU# can #EXT_IMPACT#.

44) Improper Validation of Array Index (CVE-ID: CVE-2020-3621)

CWE-ID: CWE-129 - Improper Validation of Array Index

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

45) Buffer overflow (CVE-ID: CVE-2020-3667)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

46) NULL Pointer Dereference (CVE-ID: CVE-2018-13903)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Modem. #AV# #AU# can #EXT_IMPACT#.

47) Improper Validation of Array Index (CVE-ID: CVE-2019-10527)

CWE-ID: CWE-129 - Improper Validation of Array Index

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Mproc. #AV# #AU# can #EXT_IMPACT#.

48) Improper Access Control (CVE-ID: CVE-2019-10596)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in KERNEL. #AV# #AU# can #EXT_IMPACT#.

49) Integer overflow (CVE-ID: CVE-2019-10615)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Trusted Application. #AV# #AU# can #EXT_IMPACT#.

50) Buffer overflow (CVE-ID: CVE-2019-13992)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in kernel. #AV# #AU# can #EXT_IMPACT#.

Remediation

Install update from vendor's website.

References

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

Vulnerable Software

APQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9207C: All versions
MDM9607: All versions
MDM9615: All versions
MDM9625: All versions
MDM9635M: All versions
MDM9640: All versions
MDM9645: All versions
MDM9650: All versions
MDM9655: All versions
MSM8905: All versions
MSM8909: All versions
MSM8909W: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCM2150: All versions
QCN7605: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SA515M: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SXR1130: All versions
QCS404: All versions
QCS405: All versions
SA6155P: All versions
SXR2130: All versions
SM8250: All versions
APQ8076: All versions
MSM8996: All versions
IPQ6018: All versions
Bitra: All versions
IPQ8074: All versions
QCA8081: All versions
IPQ4019: All versions
IPQ8064: All versions
QCA6174A: All versions
QCA6574: All versions
QCA6574AU: All versions
QCA6584AU: All versions
QCA9377: All versions
QCA9379: All versions
QCA9531: All versions
QCA9558: All versions
QCA9563: All versions
QCA9880: All versions
QCA9886: All versions
QCA9980: All versions
QCN5500: All versions
QCN5502: All versions
QCA6390: All versions
IPQ5018: All versions
QCA4531: All versions
QCN550x: All versions
QCA955x: All versions
QCA956x: All versions
AR938x: All versions
AR958x: All versions
AR934x: All versions
AR9331: All versions
AR9287: All versions
QCA9565: All versions
QCA9462: All versions
QCA9485: All versions
IPS PDF releases prior to IPS System 2020.: All versions
QCN7606: All versions

SB2020080530 - Multiple vulnerabilities in Qualcomm chipsets

Breakdown by Severity

Description

Remediation

References

Please verify you're human