Integer underflow in Qualcomm products - CVE-2020-11208
Published: July 7, 2025 / Updated: July 7, 2025
Vulnerability identifier: #VU112430
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2020-11208
CWE-ID: CWE-191
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Qualcomm
Affected software:
SD820
SD821
QCS603
SDA855
SA6145P
SA6155
SD 675
SD660
SD429
SD439
QCS605
SA6155P
SD855
SD820
SD821
QCS603
SDA855
SA6145P
SA6155
SD 675
SD660
SD429
SD439
QCS605
SA6155P
SD855
Detailed vulnerability description
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in DSP Process. A local application can execute arbitrary code.
How to mitigate CVE-2020-11208
Install security update from vendor's website.