#VU109333 Improper Validation of Array Index in Qualcomm products - CVE-2020-11128

Vulnerability identifier: #VU109333

Vulnerability risk:

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

CVE-ID: CVE-2020-11128

CWE-ID: CWE-129

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
APQ8009
APQ8096AU
APQ8098
Kamorta
MDM9150
MDM9607
MDM9650
MSM8917
MSM8920
MSM8937
MSM8940
MSM8953
MSM8998
QCM2150
QCS405
QCS605
QM215
Rennell
SA6155P
Saipan
SC8180X
SDM429
SDM429W
SDM439
SDM450
SDM632
SDM660
SDM670
SDM710
SDM845
SDX24
SDX55
SM6150
SM7150
SM8150
SM8250
SXR1130
SXR2130
Bitra
QCS610
SA515M

Software vendor:
Qualcomm

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Diag Services. #AV# #AU# can #EXT_IMPACT#.

Install security update from vendor's website.

• https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin