#VU112395 Untrusted Pointer Dereference in Qualcomm products - CVE-2020-11181
Published: July 7, 2025
Vulnerability identifier: #VU112395
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-11181
CWE-ID: CWE-822
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
PM3003A
PM8009
PM8150A
PM8150B
PM8150C
PM8150L
PM8250
PMK8002
PMR525
PMX55
QBT2000
QCA6390
QCA6391
QCA6421
QCA6426
QCA6431
QCA6436
QFS2530
QFS2580
QSM8250
QTC800H
QTC801S
SD865 5G
SDR8250
SDR865
SDX55M
SDXR2 5G
SMB1355
SMB1390
SMR525
SMR526
WCD9380
WCD9385
WCN6750
WCN6850
WCN6851
WSA8810
WSA8815
SDX55
PM3003A
PM8009
PM8150A
PM8150B
PM8150C
PM8150L
PM8250
PMK8002
PMR525
PMX55
QBT2000
QCA6390
QCA6391
QCA6421
QCA6426
QCA6431
QCA6436
QFS2530
QFS2580
QSM8250
QTC800H
QTC801S
SD865 5G
SDR8250
SDR865
SDX55M
SDXR2 5G
SMB1355
SMB1390
SMR525
SMR526
WCD9380
WCD9385
WCN6750
WCN6850
WCN6851
WSA8810
WSA8815
SDX55
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in ComputerVision. A local application can execute arbitrary code.
Remediation
Install security update from vendor's website.