#VU112417 Integer overflow in Qualcomm products - CVE-2020-11127

Vulnerability identifier: #VU112417

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-11127

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
MDM9205
QCM4290
QCS410
QCS4290
QCS610
QSM8250
SA415M
SA515M
SA6145P
SA6150P
SA6155
SA8150P
SA8155
SA8155P
SA8195P
SC7180
SC8180X+SDX55
SC8180XP
SDA640
SDA855
SDM1000
SDM640
SDM830
SDM850
SDX50M
SDX55M
SM4125
SM4250
SM4250P
SM6115
SM6115P
SM6150P
SM6250
SM6250P
SM6350
SM7125
SM7150P
SM7225
SM7250
SM7250P
SM8150P
SXR2130P
QCS405
SA6155P
SC8180X
SDA845
SDM845
SDX24
SDX55
SM6150
SM7150
SM8150
SM8250
SXR2130

Software vendor:
Qualcomm

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in QTEE. A local application can execute arbitrary code.

Install security update from vendor's website.

• https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-security-bulletin.html