#VU112413 Use After Free in Qualcomm products - CVE-2020-11152
Published: July 7, 2025
Vulnerability identifier: #VU112413
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-11152
CWE-ID: CWE-416
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8009W
APQ8037
APQ8052
APQ8056
APQ8076
AQT1000
AR8031
CSRA6620
CSRA6640
MSM8916
MSM8952
MSM8956
MSM8976
MSM8976SG
PM439
PM660
PM660A
PM660L
PM670
PM670A
PM670L
PM8004
PM8005
PM855
PM855A
PM855B
PM855L
PM855P
PM8916
PM8937
PM8940
PM8952
PM8953
PM8956
PM8998
PMD9655
PMI632
PMI8937
PMI8952
PMI8998
PMM8996AU
PMX24
PMX50
QAT3514
QAT3522
QAT3550
QBT1000
QBT1500
QBT2000
QCA6310
QCA6320
QCA6420
QCA6430
QCA6564A
QCA6564AU
QCA6574A
QCA6584AU
QCA8337
QCC1110
QCS603
QET4100
QET4101
QET5100
QET5100M
QFE2080FC
QFE2081FC
QFE2082FC
QFE2101
QFE2550
QFE3100
QFE3440FC
QFE4301
QFE4302
QFE4303
QFE4305
QFE4308
QFE4309
QFE4320
QFE4373FC
QFE4455FC
QFE4465FC
QLN1035BD
QPA4340
QPA4360
QPA5460
QSW8573
QTC800H
QTC800S
QTC800T
QTC801S
RGR7640AU
RSW8577
SD 636
SD 8CX
SD439
SD660
SDM830
SDR051
SDR052
SDR660
SDR8150
SDW2500
SDW3100
SDX50M
SMB1351
SMB1355
SMB1358
SMB1360
SMB1380
SMB1381
SMB1390
SMB231
WCD9306
WCD9326
WCD9330
WCD9335
WCD9340
WCD9341
WCD9360
WCN3610
WCN3615
WCN3620
WCN3660B
WCN3680B
WCN3950
WCN3980
WCN3990
WCN3998
WCN3999
WGR7640
WHS9410
WSA8810
WSA8815
WTR2955
WTR2965
WTR3925
WTR4905
WTR5975
APQ8017
APQ8053
APQ8096AU
MSM8909W
MSM8917
MSM8920
MSM8937
MSM8940
MSM8953
MSM8996AU
QCA6174A
QCA6574AU
QCA9377
QCS405
QCS605
SD450
SD710
SD712
SD835
SD855
SDM630
SDX24
APQ8009W
APQ8037
APQ8052
APQ8056
APQ8076
AQT1000
AR8031
CSRA6620
CSRA6640
MSM8916
MSM8952
MSM8956
MSM8976
MSM8976SG
PM439
PM660
PM660A
PM660L
PM670
PM670A
PM670L
PM8004
PM8005
PM855
PM855A
PM855B
PM855L
PM855P
PM8916
PM8937
PM8940
PM8952
PM8953
PM8956
PM8998
PMD9655
PMI632
PMI8937
PMI8952
PMI8998
PMM8996AU
PMX24
PMX50
QAT3514
QAT3522
QAT3550
QBT1000
QBT1500
QBT2000
QCA6310
QCA6320
QCA6420
QCA6430
QCA6564A
QCA6564AU
QCA6574A
QCA6584AU
QCA8337
QCC1110
QCS603
QET4100
QET4101
QET5100
QET5100M
QFE2080FC
QFE2081FC
QFE2082FC
QFE2101
QFE2550
QFE3100
QFE3440FC
QFE4301
QFE4302
QFE4303
QFE4305
QFE4308
QFE4309
QFE4320
QFE4373FC
QFE4455FC
QFE4465FC
QLN1035BD
QPA4340
QPA4360
QPA5460
QSW8573
QTC800H
QTC800S
QTC800T
QTC801S
RGR7640AU
RSW8577
SD 636
SD 8CX
SD439
SD660
SDM830
SDR051
SDR052
SDR660
SDR8150
SDW2500
SDW3100
SDX50M
SMB1351
SMB1355
SMB1358
SMB1360
SMB1380
SMB1381
SMB1390
SMB231
WCD9306
WCD9326
WCD9330
WCD9335
WCD9340
WCD9341
WCD9360
WCN3610
WCN3615
WCN3620
WCN3660B
WCN3680B
WCN3950
WCN3980
WCN3990
WCN3998
WCN3999
WGR7640
WHS9410
WSA8810
WSA8815
WTR2955
WTR2965
WTR3925
WTR4905
WTR5975
APQ8017
APQ8053
APQ8096AU
MSM8909W
MSM8917
MSM8920
MSM8937
MSM8940
MSM8953
MSM8996AU
QCA6174A
QCA6574AU
QCA9377
QCS405
QCS605
SD450
SD710
SD712
SD835
SD855
SDM630
SDX24
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in GPS. A local privileged application can execute arbitrary code.
Remediation
Install security update from vendor's website.