Integer overflow in Qualcomm products - CVE-2020-11205
Published: July 7, 2025
Vulnerability identifier: #VU112425
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-11205
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Qualcomm
Affected software:
QSM8350
SA6145P
SA6150P
SA6155
SA8150P
SA8155P
SA8195P
SDX55M
SM8350
SM8350P
SXR2130P
SA6155P
SM8250
SXR2130
QSM8350
SA6145P
SA6150P
SA6155
SA8150P
SA8155P
SA8195P
SDX55M
SM8350
SM8350P
SXR2130P
SA6155P
SM8250
SXR2130
Detailed vulnerability description
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Bluetooth SOC. A local application can execute arbitrary code.
How to mitigate CVE-2020-11205
Install security update from vendor's website.