Use After Free in Qualcomm products - CVE-2020-11120
Published: May 17, 2025
Vulnerability identifier: #VU109353
CSH Severity:
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:
CVE-ID: CVE-2020-11120
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Qualcomm
Affected software:
APQ8096AU
APQ8098
Kamorta
MSM8917
MSM8953
MSM8998
QCM2150
QCS405
QCS605
QM215
Rennell
Saipan
SDM429
SDM439
SDM450
SDM632
SM6150
SM7150
SM8150
SM8250
SXR2130
Bitra
APQ8096AU
APQ8098
Kamorta
MSM8917
MSM8953
MSM8998
QCM2150
QCS405
QCS605
QM215
Rennell
Saipan
SDM429
SDM439
SDM450
SDM632
SM6150
SM7150
SM8150
SM8250
SXR2130
Bitra
Detailed vulnerability description
The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
How to mitigate CVE-2020-11120
Install security update from vendor's website.