Multiple vulnerabilities in Qualcomm chipsets



| Updated: 2025-07-07
Risk High
Patch available YES
Number of vulnerabilities 20
CVE-ID CVE-2020-11168
CVE-2020-11209
CVE-2020-11208
CVE-2020-3632
CVE-2020-11205
CVE-2020-11196
CVE-2020-11193
CVE-2020-11184
CVE-2020-11175
CVE-2020-11127
CVE-2020-11123
CVE-2020-3639
CVE-2020-11132
CVE-2020-11131
CVE-2020-11130
CVE-2020-11121
CVE-2020-11207
CVE-2020-11206
CVE-2020-11202
CVE-2020-11201
CWE-ID CWE-822
CWE-285
CWE-191
CWE-129
CWE-190
CWE-416
CWE-310
CWE-126
CWE-120
CWE-20
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #17 is available.
Public exploit code for vulnerability #18 is available.
Public exploit code for vulnerability #19 is available.
Public exploit code for vulnerability #20 is available.
Vulnerable software
 APQ8009
Hardware solutions / Firmware

APQ8017
Hardware solutions / Firmware

APQ8053
Hardware solutions / Firmware

APQ8096AU
Hardware solutions / Firmware

APQ8098
Hardware solutions / Firmware

MDM9206
Hardware solutions / Firmware

MDM9650
Hardware solutions / Firmware

MSM8909W
Hardware solutions / Firmware

MSM8953
Hardware solutions / Firmware

MSM8996AU
Hardware solutions / Firmware

QCS405
Hardware solutions / Firmware

QCS605
Hardware solutions / Firmware

QM215
Hardware solutions / Firmware

SA6155P
Hardware solutions / Firmware

SDA660
Hardware solutions / Firmware

SDA845
Hardware solutions / Firmware

SDM429
Hardware solutions / Firmware

SDM429W
Hardware solutions / Firmware

SDM450
Hardware solutions / Firmware

SDM632
Hardware solutions / Firmware

SDM845
Hardware solutions / Firmware

SDX20
Hardware solutions / Firmware

SDX55
Hardware solutions / Firmware

SM8150
Hardware solutions / Firmware

SM8250
Hardware solutions / Firmware

SXR2130
Hardware solutions / Firmware

SD855
Hardware solutions / Firmware

SM6150
Hardware solutions / Firmware

SM7150
Hardware solutions / Firmware

MSM8905
Hardware solutions / Firmware

MSM8917
Hardware solutions / Firmware

MSM8920
Hardware solutions / Firmware

MSM8937
Hardware solutions / Firmware

MSM8940
Hardware solutions / Firmware

MSM8996
Hardware solutions / Firmware

MSM8998
Hardware solutions / Firmware

SDM439
Hardware solutions / Firmware

SDM630
Hardware solutions / Firmware

SDM636
Hardware solutions / Firmware

SDM660
Hardware solutions / Firmware

SDM670
Hardware solutions / Firmware

SDM710
Hardware solutions / Firmware

SXR1130
Hardware solutions / Firmware

SC8180X
Hardware solutions / Firmware

SDX24
Hardware solutions / Firmware

MDM9150
Hardware solutions / Firmware

MDM9607
Hardware solutions / Firmware

MDM9640
Hardware solutions / Firmware

APQ8009W
Mobile applications / Mobile firmware & hardware

APQ8064AU
Mobile applications / Mobile firmware & hardware

QCM4290
Mobile applications / Mobile firmware & hardware

QCS4290
Mobile applications / Mobile firmware & hardware

QCS603
Mobile applications / Mobile firmware & hardware

QSM8350
Mobile applications / Mobile firmware & hardware

SA6155
Mobile applications / Mobile firmware & hardware

SA8155
Mobile applications / Mobile firmware & hardware

SA8155P
Mobile applications / Mobile firmware & hardware

SDA429W
Mobile applications / Mobile firmware & hardware

SDA640
Mobile applications / Mobile firmware & hardware

SDA855
Mobile applications / Mobile firmware & hardware

SDM1000
Mobile applications / Mobile firmware & hardware

SDM640
Mobile applications / Mobile firmware & hardware

SDM830
Mobile applications / Mobile firmware & hardware

SDW2500
Mobile applications / Mobile firmware & hardware

SDX20M
Mobile applications / Mobile firmware & hardware

SDX50M
Mobile applications / Mobile firmware & hardware

SDX55M
Mobile applications / Mobile firmware & hardware

SM4250
Mobile applications / Mobile firmware & hardware

SM4250P
Mobile applications / Mobile firmware & hardware

SM6115
Mobile applications / Mobile firmware & hardware

SM6115P
Mobile applications / Mobile firmware & hardware

SM6125
Mobile applications / Mobile firmware & hardware

SM6250
Mobile applications / Mobile firmware & hardware

SM6350
Mobile applications / Mobile firmware & hardware

SM7125
Mobile applications / Mobile firmware & hardware

SM7225
Mobile applications / Mobile firmware & hardware

SM7250
Mobile applications / Mobile firmware & hardware

SM7250P
Mobile applications / Mobile firmware & hardware

SM8150P
Mobile applications / Mobile firmware & hardware

SM8350
Mobile applications / Mobile firmware & hardware

SM8350P
Mobile applications / Mobile firmware & hardware

SXR2130P
Mobile applications / Mobile firmware & hardware

WCD9330
Mobile applications / Mobile firmware & hardware

SD820
Mobile applications / Mobile firmware & hardware

SD821
Mobile applications / Mobile firmware & hardware

SA6145P
Mobile applications / Mobile firmware & hardware

SD 675
Mobile applications / Mobile firmware & hardware

SD660
Mobile applications / Mobile firmware & hardware

SD429
Mobile applications / Mobile firmware & hardware

SD439
Mobile applications / Mobile firmware & hardware

SC7180
Mobile applications / Mobile firmware & hardware

SM6250P
Mobile applications / Mobile firmware & hardware

SM7150P
Mobile applications / Mobile firmware & hardware

SA6150P
Mobile applications / Mobile firmware & hardware

SA8150P
Mobile applications / Mobile firmware & hardware

SA8195P
Mobile applications / Mobile firmware & hardware

APQ8037
Mobile applications / Mobile firmware & hardware

APQ8096
Mobile applications / Mobile firmware & hardware

APQ8096SG
Mobile applications / Mobile firmware & hardware

MSM8909
Mobile applications / Mobile firmware & hardware

MSM8996SG
Mobile applications / Mobile firmware & hardware

QCM6125
Mobile applications / Mobile firmware & hardware

QCS410
Mobile applications / Mobile firmware & hardware

QCS610
Mobile applications / Mobile firmware & hardware

QCS6125
Mobile applications / Mobile firmware & hardware

SDA670
Mobile applications / Mobile firmware & hardware

SDM455
Mobile applications / Mobile firmware & hardware

SM4125
Mobile applications / Mobile firmware & hardware

SM6150P
Mobile applications / Mobile firmware & hardware

SXR1120
Mobile applications / Mobile firmware & hardware

MDM9205
Mobile applications / Mobile firmware & hardware

QSM8250
Mobile applications / Mobile firmware & hardware

SA415M
Mobile applications / Mobile firmware & hardware

SA515M
Mobile applications / Mobile firmware & hardware

SC8180X+SDX55
Mobile applications / Mobile firmware & hardware

SC8180XP
Mobile applications / Mobile firmware & hardware

SDM850
Mobile applications / Mobile firmware & hardware

MDM8207
Mobile applications / Mobile firmware & hardware

MDM9207
Mobile applications / Mobile firmware & hardware

MDM9250
Mobile applications / Mobile firmware & hardware

MDM9628
Mobile applications / Mobile firmware & hardware

MDM9655
Mobile applications / Mobile firmware & hardware

MSM8108
Mobile applications / Mobile firmware & hardware

MSM8208
Mobile applications / Mobile firmware & hardware

MSM8209
Mobile applications / Mobile firmware & hardware

MSM8608
Mobile applications / Mobile firmware & hardware

SDM712
Mobile applications / Mobile firmware & hardware

APQ8052
Mobile applications / Mobile firmware & hardware

APQ8056
Mobile applications / Mobile firmware & hardware

APQ8076
Mobile applications / Mobile firmware & hardware

MSM8952
Mobile applications / Mobile firmware & hardware

MSM8956
Mobile applications / Mobile firmware & hardware

MSM8976
Mobile applications / Mobile firmware & hardware

MSM8976SG
Mobile applications / Mobile firmware & hardware

Vendor Qualcomm

Security Bulletin

This security bulletin contains information about 20 vulnerabilities.

1) Untrusted Pointer Dereference

EUVDB-ID: #VU112418

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-11168

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Video. A remote attacker can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8009W: All versions

APQ8017: All versions

APQ8053: All versions

APQ8064AU: All versions

APQ8096AU: All versions

APQ8098: All versions

MDM9206: All versions

MDM9650: All versions

MSM8909W: All versions

MSM8953: All versions

MSM8996AU: All versions

QCM4290: All versions

QCS405: All versions

QCS4290: All versions

QCS603: All versions

QCS605: All versions

QM215: All versions

QSM8350: All versions

SA6155: All versions

SA6155P: All versions

SA8155: All versions

SA8155P: All versions

SDA429W: All versions

SDA640: All versions

SDA660: All versions

SDA845: All versions

SDA855: All versions

SDM1000: All versions

SDM429: All versions

SDM429W: All versions

SDM450: All versions

SDM632: All versions

SDM640: All versions

SDM830: All versions

SDM845: All versions

SDW2500: All versions

SDX20: All versions

SDX20M: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SM4250: All versions

SM4250P: All versions

SM6115: All versions

SM6115P: All versions

SM6125: All versions

SM6250: All versions

SM6350: All versions

SM7125: All versions

SM7225: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SM8350: All versions

SM8350P: All versions

SXR2130: All versions

SXR2130P: All versions

WCD9330: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper Authorization

EUVDB-ID: #VU112431

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H  /SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2020-11209

CWE-ID: CWE-285 - Improper Authorization

Exploit availability: Yes

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Process. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SD820: All versions

SD821: All versions

QCS603: All versions

QCS605: All versions

SDA855: All versions

SA6155P: All versions

SA6145P: All versions

SA6155: All versions

SD855: All versions

SD 675: All versions

SD660: All versions

SD429: All versions

SD439: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Integer underflow

EUVDB-ID: #VU112430

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2020-11208

CWE-ID: CWE-191 - Integer underflow

Exploit availability: Yes

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in DSP Process. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

SD820: All versions

SD821: All versions

QCS603: All versions

QCS605: All versions

SDA855: All versions

SA6155P: All versions

SA6145P: All versions

SA6155: All versions

SD855: All versions

SD 675: All versions

SD660: All versions

SD429: All versions

SD439: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Improper Validation of Array Index

EUVDB-ID: #VU112428

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-3632

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in MHI Ring Validation. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

QSM8350: All versions

SC7180: All versions

SDX55: All versions

SDX55M: All versions

SM6150: All versions

SM6250: All versions

SM6250P: All versions

SM7125: All versions

SM7150: All versions

SM7150P: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SM8350: All versions

SM8350P: All versions

SXR2130: All versions

SXR2130P: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Integer overflow

EUVDB-ID: #VU112425

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-11205

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Bluetooth SOC. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

QSM8350: All versions

SA6145P: All versions

SA6150P: All versions

SA6155: All versions

SA6155P: All versions

SA8150P: All versions

SA8155P: All versions

SA8195P: All versions

SDX55M: All versions

SM8250: All versions

SM8350: All versions

SM8350P: All versions

SXR2130: All versions

SXR2130P: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Integer overflow

EUVDB-ID: #VU112422

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-11196

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Video. A remote attacker can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8009W: All versions

APQ8017: All versions

APQ8037: All versions

APQ8053: All versions

APQ8064AU: All versions

APQ8096: All versions

APQ8096AU: All versions

APQ8096SG: All versions

APQ8098: All versions

MDM9206: All versions

MDM9650: All versions

MSM8905: All versions

MSM8909: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8996SG: All versions

MSM8998: All versions

QCM4290: All versions

QCM6125: All versions

QCS405: All versions

QCS410: All versions

QCS4290: All versions

QCS603: All versions

QCS605: All versions

QCS610: All versions

QCS6125: All versions

QM215: All versions

SA6145P: All versions

SA6150P: All versions

SA6155: All versions

SA6155P: All versions

SA8150P: All versions

SA8155: All versions

SA8155P: All versions

SA8195P: All versions

SDA429W: All versions

SDA640: All versions

SDA660: All versions

SDA670: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM455: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM640: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM830: All versions

SDM845: All versions

SDW2500: All versions

SDX20: All versions

SDX20M: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SM4125: All versions

SM4250: All versions

SM4250P: All versions

SM6115: All versions

SM6115P: All versions

SM6125: All versions

SM6150: All versions

SM6150P: All versions

SM6250: All versions

SM6250P: All versions

SM6350: All versions

SM7125: All versions

SM7150: All versions

SM7150P: All versions

SM7225: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SXR1120: All versions

SXR1130: All versions

SXR2130: All versions

SXR2130P: All versions

WCD9330: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Integer overflow

EUVDB-ID: #VU112421

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-11193

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Video. A remote attacker can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8009W: All versions

APQ8017: All versions

APQ8037: All versions

APQ8053: All versions

APQ8064AU: All versions

APQ8096: All versions

APQ8096AU: All versions

APQ8096SG: All versions

APQ8098: All versions

MDM9206: All versions

MDM9650: All versions

MSM8905: All versions

MSM8909: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8996SG: All versions

MSM8998: All versions

QCM4290: All versions

QCM6125: All versions

QCS405: All versions

QCS410: All versions

QCS4290: All versions

QCS603: All versions

QCS605: All versions

QCS610: All versions

QCS6125: All versions

QM215: All versions

QSM8350: All versions

SA6145P: All versions

SA6155: All versions

SA6155P: All versions

SA8155: All versions

SA8155P: All versions

SDA429W: All versions

SDA640: All versions

SDA660: All versions

SDA670: All versions

SDA845: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM455: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM640: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM830: All versions

SDM845: All versions

SDW2500: All versions

SDX20: All versions

SDX20M: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SM4125: All versions

SM4250: All versions

SM4250P: All versions

SM6115: All versions

SM6115P: All versions

SM6125: All versions

SM6150: All versions

SM6150P: All versions

SM6250: All versions

SM6250P: All versions

SM6350: All versions

SM7125: All versions

SM7150: All versions

SM7150P: All versions

SM7225: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SM8350: All versions

SM8350P: All versions

SXR1120: All versions

SXR1130: All versions

SXR2130: All versions

SXR2130P: All versions

WCD9330: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Integer overflow

EUVDB-ID: #VU112420

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-11184

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to read and manipulate data.

The vulnerability exists due to improper input validation in Video. A remote attacker can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

QCM4290: All versions

QCS4290: All versions

QM215: All versions

QSM8350: All versions

SA6145P: All versions

SA6155: All versions

SA6155P: All versions

SA8155: All versions

SA8155P: All versions

SDX55: All versions

SDX55M: All versions

SM4250: All versions

SM4250P: All versions

SM6115: All versions

SM6115P: All versions

SM6125: All versions

SM6250: All versions

SM6350: All versions

SM7125: All versions

SM7225: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SM8350: All versions

SM8350P: All versions

SXR2130: All versions

SXR2130P: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Use After Free

EUVDB-ID: #VU112419

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-11175

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Bluetooth Host. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009W: All versions

MSM8909W: All versions

QCS605: All versions

QM215: All versions

SA6155: All versions

SA6155P: All versions

SA8155: All versions

SA8155P: All versions

SDA640: All versions

SDA670: All versions

SDA855: All versions

SDM1000: All versions

SDM640: All versions

SDM670: All versions

SDM710: All versions

SDM845: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SM6125: All versions

SM6350: All versions

SM7225: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SXR1120: All versions

SXR1130: All versions

SXR2130: All versions

SXR2130P: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Integer overflow

EUVDB-ID: #VU112417

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-11127

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in QTEE. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

MDM9205: All versions

QCM4290: All versions

QCS405: All versions

QCS410: All versions

QCS4290: All versions

QCS610: All versions

QSM8250: All versions

SA415M: All versions

SA515M: All versions

SA6145P: All versions

SA6150P: All versions

SA6155: All versions

SA6155P: All versions

SA8150P: All versions

SA8155: All versions

SA8155P: All versions

SA8195P: All versions

SC7180: All versions

SC8180X: All versions

SC8180X+SDX55: All versions

SC8180XP: All versions

SDA640: All versions

SDA845: All versions

SDA855: All versions

SDM1000: All versions

SDM640: All versions

SDM830: All versions

SDM845: All versions

SDM850: All versions

SDX24: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SM4125: All versions

SM4250: All versions

SM4250P: All versions

SM6115: All versions

SM6115P: All versions

SM6150: All versions

SM6150P: All versions

SM6250: All versions

SM6250P: All versions

SM6350: All versions

SM7125: All versions

SM7150: All versions

SM7150P: All versions

SM7225: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SXR2130: All versions

SXR2130P: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Cryptographic Issues

EUVDB-ID: #VU112416

Risk: Low

CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-11123

CWE-ID: CWE-310 - Cryptographic Issues

Exploit availability: No

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in HLOS. A local application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8009W: All versions

APQ8017: All versions

APQ8037: All versions

APQ8053: All versions

APQ8064AU: All versions

APQ8096: All versions

APQ8096AU: All versions

APQ8096SG: All versions

APQ8098: All versions

MDM8207: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9207: All versions

MDM9250: All versions

MDM9607: All versions

MDM9628: All versions

MDM9640: All versions

MDM9650: All versions

MDM9655: All versions

MSM8108: All versions

MSM8208: All versions

MSM8209: All versions

MSM8608: All versions

MSM8905: All versions

MSM8909: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8996SG: All versions

MSM8998: All versions

QCM4290: All versions

QCS405: All versions

QCS410: All versions

QCS4290: All versions

QCS603: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

QSM8250: All versions

QSM8350: All versions

SA415M: All versions

SA515M: All versions

SA6145P: All versions

SA6150P: All versions

SA6155: All versions

SA6155P: All versions

SA8150P: All versions

SA8155: All versions

SA8155P: All versions

SA8195P: All versions

SC7180: All versions

SC8180X: All versions

SC8180XP: All versions

SDA429W: All versions

SDA640: All versions

SDA660: All versions

SDA670: All versions

SDA845: All versions

SDA855: All versions

SDM1000: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM455: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM640: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM712: All versions

SDM830: All versions

SDM845: All versions

SDM850: All versions

SDW2500: All versions

SDX24: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SM4125: All versions

SM4250: All versions

SM4250P: All versions

SM6115: All versions

SM6115P: All versions

SM6125: All versions

SM6150: All versions

SM6150P: All versions

SM6250: All versions

SM6250P: All versions

SM6350: All versions

SM7125: All versions

SM7150: All versions

SM7150P: All versions

SM7225: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SM8350: All versions

SM8350P: All versions

SXR1120: All versions

SXR1130: All versions

SXR2130: All versions

SXR2130P: All versions

WCD9330: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper Validation of Array Index

EUVDB-ID: #VU112415

Risk: High

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-3639

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation in Modem Data. A remote attacker can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8017: All versions

APQ8037: All versions

APQ8053: All versions

MDM9250: All versions

MDM9607: All versions

MDM9628: All versions

MDM9640: All versions

MDM9650: All versions

MSM8108: All versions

MSM8208: All versions

MSM8209: All versions

MSM8608: All versions

MSM8905: All versions

MSM8909: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996AU: All versions

QCM4290: All versions

QCM6125: All versions

QCS410: All versions

QCS4290: All versions

QCS603: All versions

QCS605: All versions

QCS610: All versions

QCS6125: All versions

QM215: All versions

QSM8350: All versions

SA415M: All versions

SA6145P: All versions

SA6150P: All versions

SA6155P: All versions

SA8150P: All versions

SA8155: All versions

SA8155P: All versions

SA8195P: All versions

SC7180: All versions

SC8180X: All versions

SC8180X+SDX55: All versions

SC8180XP: All versions

SDA429W: All versions

SDA640: All versions

SDA660: All versions

SDA670: All versions

SDA845: All versions

SDA855: All versions

SDM1000: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM455: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM640: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM712: All versions

SDM845: All versions

SDM850: All versions

SDX24: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SM4125: All versions

SM4250: All versions

SM4250P: All versions

SM6115: All versions

SM6115P: All versions

SM6125: All versions

SM6150: All versions

SM6150P: All versions

SM6250: All versions

SM6250P: All versions

SM7125: All versions

SM7150: All versions

SM7150P: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8350: All versions

SM8350P: All versions

SXR1120: All versions

SXR1130: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer over-read

EUVDB-ID: #VU112429

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:L  /SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-11132

CWE-ID: CWE-126 - Buffer over-read

Exploit availability: No

Description

The vulnerability allows a local privileged application to read and manipulate data.

The vulnerability exists due to improper input validation in Boot. A local privileged application can read and manipulate data.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8096AU: All versions

APQ8098: All versions

MDM8207: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9207: All versions

MDM9250: All versions

MDM9607: All versions

MDM9628: All versions

MDM9650: All versions

MSM8108: All versions

MSM8208: All versions

MSM8209: All versions

MSM8608: All versions

MSM8905: All versions

MSM8909: All versions

MSM8998: All versions

QCM4290: All versions

QCS405: All versions

QCS410: All versions

QCS4290: All versions

QCS603: All versions

QCS605: All versions

QCS610: All versions

QSM8250: All versions

SA415M: All versions

SA515M: All versions

SA6145P: All versions

SA6150P: All versions

SA6155: All versions

SA6155P: All versions

SA8150P: All versions

SA8155: All versions

SA8155P: All versions

SA8195P: All versions

SC7180: All versions

SC8180X: All versions

SC8180X+SDX55: All versions

SC8180XP: All versions

SDA640: All versions

SDA670: All versions

SDA845: All versions

SDA855: All versions

SDM1000: All versions

SDM640: All versions

SDM670: All versions

SDM710: All versions

SDM712: All versions

SDM830: All versions

SDM845: All versions

SDM850: All versions

SDX24: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SM4125: All versions

SM4250: All versions

SM4250P: All versions

SM6115: All versions

SM6115P: All versions

SM6125: All versions

SM6150: All versions

SM6150P: All versions

SM6250: All versions

SM6250P: All versions

SM6350: All versions

SM7125: All versions

SM7150: All versions

SM7150P: All versions

SM7225: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SXR1120: All versions

SXR1130: All versions

SXR2130: All versions

SXR2130P: All versions

WCD9330: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Integer overflow

EUVDB-ID: #VU112434

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-11131

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8053: All versions

APQ8096AU: All versions

MDM9206: All versions

MDM9250: All versions

MDM9628: All versions

MDM9640: All versions

MDM9650: All versions

MSM8996AU: All versions

QCS405: All versions

SDA845: All versions

SDX20: All versions

SDX20M: All versions

WCD9330: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Buffer overflow

EUVDB-ID: #VU112433

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-11130

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

QCM4290: All versions

QCS4290: All versions

QM215: All versions

QSM8350: All versions

SA6145P: All versions

SA6155: All versions

SA6155P: All versions

SA8155: All versions

SA8155P: All versions

SC8180X: All versions

SC8180XP: All versions

SDX55: All versions

SDX55M: All versions

SM4250: All versions

SM4250P: All versions

SM6115: All versions

SM6115P: All versions

SM6125: All versions

SM6250: All versions

SM6350: All versions

SM7125: All versions

SM7225: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SM8350: All versions

SM8350P: All versions

SXR2130: All versions

SXR2130P: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

EUVDB-ID: #VU112432

Risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-11121

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in WLAN. A local privileged application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

QCM4290: All versions

QCS4290: All versions

QM215: All versions

QSM8350: All versions

SA6145P: All versions

SA6155: All versions

SA6155P: All versions

SA8155: All versions

SA8155P: All versions

SC8180X: All versions

SC8180XP: All versions

SDX55: All versions

SDX55M: All versions

SM4250: All versions

SM4250P: All versions

SM6115: All versions

SM6115P: All versions

SM6125: All versions

SM6250: All versions

SM6350: All versions

SM7125: All versions

SM7225: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SM8350: All versions

SM8350P: All versions

SXR2130: All versions

SXR2130P: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Buffer overflow

EUVDB-ID: #VU112427

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2020-11207

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: Yes

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Computer Vision. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8052: All versions

APQ8056: All versions

APQ8076: All versions

APQ8096: All versions

APQ8096SG: All versions

APQ8098: All versions

MDM9655: All versions

MSM8952: All versions

MSM8956: All versions

MSM8976: All versions

MSM8976SG: All versions

MSM8996: All versions

MSM8996SG: All versions

MSM8998: All versions

QCM4290: All versions

QCM6125: All versions

QCS410: All versions

QCS4290: All versions

QCS610: All versions

QCS6125: All versions

QSM8250: All versions

SA6145P: All versions

SA6150P: All versions

SA6155: All versions

SA6155P: All versions

SA8150P: All versions

SA8155: All versions

SA8155P: All versions

SA8195P: All versions

SC7180: All versions

SDA640: All versions

SDA660: All versions

SDA845: All versions

SDA855: All versions

SDM640: All versions

SDM660: All versions

SDM830: All versions

SDM845: All versions

SDM850: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SM4250: All versions

SM4250P: All versions

SM6115: All versions

SM6115P: All versions

SM6125: All versions

SM6150: All versions

SM6150P: All versions

SM6250: All versions

SM6250P: All versions

SM6350: All versions

SM7125: All versions

SM7150: All versions

SM7150P: All versions

SM7225: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SXR2130: All versions

SXR2130P: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

18) Untrusted Pointer Dereference

EUVDB-ID: #VU112426

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2020-11206

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: Yes

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in ComputerVision. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

APQ8098: All versions

MSM8998: All versions

QCM4290: All versions

QCM6125: All versions

QCS410: All versions

QCS4290: All versions

QCS610: All versions

QCS6125: All versions

QSM8250: All versions

QSM8350: All versions

SA6145P: All versions

SA6150P: All versions

SA6155: All versions

SA6155P: All versions

SA8150P: All versions

SA8155: All versions

SA8155P: All versions

SA8195P: All versions

SC7180: All versions

SDA640: All versions

SDA660: All versions

SDA845: All versions

SDA855: All versions

SDM640: All versions

SDM660: All versions

SDM830: All versions

SDM845: All versions

SDM850: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SM4250: All versions

SM4250P: All versions

SM6115: All versions

SM6115P: All versions

SM6125: All versions

SM6150: All versions

SM6150P: All versions

SM6250: All versions

SM6250P: All versions

SM6350: All versions

SM7125: All versions

SM7150: All versions

SM7150P: All versions

SM7225: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SM8350: All versions

SM8350P: All versions

SXR2130: All versions

SXR2130P: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

19) Improper input validation

EUVDB-ID: #VU112424

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2020-11202

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Video. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

QCM6125: All versions

QCS410: All versions

QCS603: All versions

QCS605: All versions

QCS610: All versions

QCS6125: All versions

SA6145P: All versions

SA6155: All versions

SA6155P: All versions

SA8155: All versions

SA8155P: All versions

SDA640: All versions

SDA670: All versions

SDA845: All versions

SDM640: All versions

SDM670: All versions

SDM710: All versions

SDM830: All versions

SDM845: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SM6125: All versions

SM6150: All versions

SM6150P: All versions

SM6250: All versions

SM6250P: All versions

SM7125: All versions

SM7150: All versions

SM7150P: All versions

SM8150: All versions

SM8150P: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

20) Untrusted Pointer Dereference

EUVDB-ID: #VU112423

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2020-11201

CWE-ID: CWE-822 - Untrusted Pointer Dereference

Exploit availability: Yes

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Video. A local application can execute arbitrary code.

Mitigation

Install security update from vendor's website.

Vulnerable software versions

QCM6125: All versions

QCS410: All versions

QCS603: All versions

QCS605: All versions

QCS610: All versions

QCS6125: All versions

SA6145P: All versions

SA6155: All versions

SA6155P: All versions

SA8155: All versions

SA8155P: All versions

SDA640: All versions

SDA845: All versions

SDM640: All versions

SDM830: All versions

SDM845: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SM6125: All versions

SM6150: All versions

SM6250: All versions

SM6250P: All versions

SM7125: All versions

SM7150: All versions

SM7150P: All versions

SM8150: All versions

SM8150P: All versions

CPE2.3 External links

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-bulletin.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###