Improper Authorization in Qualcomm products - CVE-2020-11209
Published: July 7, 2025 / Updated: July 7, 2025
Vulnerability identifier: #VU112431
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H /SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2020-11209
CWE-ID: CWE-285
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: Qualcomm
Affected software:
SD820
SD821
QCS603
SDA855
SA6145P
SA6155
SD 675
SD660
SD429
SD439
QCS605
SA6155P
SD855
SD820
SD821
QCS603
SDA855
SA6145P
SA6155
SD 675
SD660
SD429
SD439
QCS605
SA6155P
SD855
Detailed vulnerability description
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in DSP Process. A local application can execute arbitrary code.
How to mitigate CVE-2020-11209
Install security update from vendor's website.