SB2020120734 - Multiple vulnerabilities in Qualcomm chipsets
Published: December 7, 2020 Updated: October 8, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 33 secuirty vulnerabilities.
1) Buffer over-read (CVE-ID: CVE-2020-11215)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can read and manipulate data.
2) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-11180)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in ComputerVision. A local application can execute arbitrary code.
3) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2020-11197)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Video. A remote attacker can read and manipulate data.
4) Buffer over-read (CVE-ID: CVE-2020-11200)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Video. A remote attacker can perform a denial of service (DoS) attack.
5) Buffer over-read (CVE-ID: CVE-2020-11212)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can read and manipulate data.
6) Buffer over-read (CVE-ID: CVE-2020-11213)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can read and manipulate data.
7) Buffer over-read (CVE-ID: CVE-2020-11214)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.
8) Integer overflow (CVE-ID: CVE-2020-11216)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Video. A remote attacker can read and manipulate data.
9) Buffer over-read (CVE-ID: CVE-2020-11144)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Data Modem. A remote attacker can read and manipulate data.
10) Use After Free (CVE-ID: CVE-2020-11148)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Bluetooth Host. A local privileged application can execute arbitrary code.
11) Integer overflow (CVE-ID: CVE-2020-11167)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in Bluetooth Host. A remote attacker can read and manipulate data.
12) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-11185)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in WLAN. A local application can execute arbitrary code.
13) Double Free (CVE-ID: CVE-2020-11217)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A local application can execute arbitrary code.
14) Buffer overflow (CVE-ID: CVE-2020-11183)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Display. A local privileged application can execute arbitrary code.
15) Divide By Zero (CVE-ID: CVE-2020-11145)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Data Modem. A remote attacker can perform a denial of service (DoS) attack.
16) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-11139)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in Audio. A remote attacker can perform a denial of service (DoS) attack.
17) Buffer overflow (CVE-ID: CVE-2020-11225)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can execute arbitrary code.
18) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2020-3687)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation in Bluetooth Host. A local application can gain access to sensitive information.
19) Improper Validation of Array Index (CVE-ID: CVE-2020-11146)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in HLOS. A local application can execute arbitrary code.
20) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-11149)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Multimedia. A local privileged application can execute arbitrary code.
21) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-11150)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Camera driver. A local privileged application can execute arbitrary code.
22) Use After Free (CVE-ID: CVE-2020-11151)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Video. A local privileged application can execute arbitrary code.
23) Configuration (CVE-ID: CVE-2020-11179)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Kernel. A local application can execute arbitrary code.
24) Use After Free (CVE-ID: CVE-2020-11152)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in GPS. A local privileged application can execute arbitrary code.
25) Buffer over-read (CVE-ID: CVE-2020-11136)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A remote attacker can execute arbitrary code.
26) Buffer over-read (CVE-ID: CVE-2020-11119)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.
27) Integer overflow (CVE-ID: CVE-2020-11137)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A remote attacker can execute arbitrary code.
28) Access of Uninitialized Pointer (CVE-ID: CVE-2020-11138)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A remote attacker can execute arbitrary code.
29) Buffer overflow (CVE-ID: CVE-2020-11140)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A remote attacker can execute arbitrary code.
30) Buffer overflow (CVE-ID: CVE-2020-11143)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A remote attacker can execute arbitrary code.
31) Double Free (CVE-ID: CVE-2020-3685)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A remote attacker can execute arbitrary code.
32) Buffer overflow (CVE-ID: CVE-2020-3686)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A remote attacker can execute arbitrary code.
33) Integer underflow (CVE-ID: CVE-2020-3691)
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation in Audio. A remote attacker can execute arbitrary code.
Remediation
Install update from vendor's website.