#VU112419 Use After Free in Qualcomm products - CVE-2020-11175

Vulnerability identifier: #VU112419

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-11175

CWE-ID: CWE-416

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
APQ8009W
SA6155
SA8155
SA8155P
SDA640
SDA670
SDA855
SDM1000
SDM640
SDX50M
SDX55M
SM6125
SM6350
SM7225
SM7250
SM7250P
SM8150P
SXR1120
SXR2130P
MSM8909W
QCS605
QM215
SA6155P
SDM670
SDM710
SDM845
SDX55
SM8150
SM8250
SXR1130
SXR2130

Software vendor:
Qualcomm

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in Bluetooth Host. A local application can execute arbitrary code.

Install security update from vendor's website.

• https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-security-bulletin.html