Main Vulnerability Database Vulnerabilities #VU112417

Integer overflow in Qualcomm products - CVE-2020-11127

Published: July 7, 2025

Vulnerability identifier: #VU112417

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-11127

CWE-ID: CWE-190

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Qualcomm

Affected software:
MDM9205
QCM4290
QCS410
QCS4290
QCS610
QSM8250
SA415M
SA515M
SA6145P
SA6150P
SA6155
SA8150P
SA8155
SA8155P
SA8195P
SC7180
SC8180X+SDX55
SC8180XP
SDA640
SDA855
SDM1000
SDM640
SDM830
SDM850
SDX50M
SDX55M
SM4125
SM4250
SM4250P
SM6115
SM6115P
SM6150P
SM6250
SM6250P
SM6350
SM7125
SM7150P
SM7225
SM7250
SM7250P
SM8150P
SXR2130P
QCS405
SA6155P
SC8180X
SDA845
SDM845
SDX24
SDX55
SM6150
SM7150
SM8150
SM8250
SXR2130

Detailed vulnerability description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in QTEE. A local application can execute arbitrary code.

How to mitigate CVE-2020-11127

Install security update from vendor's website.

Sources

https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-security-bulletin.html

Integer overflow in Qualcomm products - CVE-2020-11127

Detailed vulnerability description

How to mitigate CVE-2020-11127

Sources

Please verify you're human