Input validation error in Hexagon SDK - #VU42590

 

Input validation error in Hexagon SDK - #VU42590

Published: August 10, 2020


Vulnerability identifier: #VU42590
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Qualcomm
Affected software:
Hexagon SDK

Detailed vulnerability description

Multiple vulnerabilities have been reported in Hexagon DSP SDK, used by multiple phones.

Disclosed vulnerabilities may allow an attacker to install backdoors on the affected devices and perform other unauthorized actions.

The following CVEs were assigned to these issues: CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and CVE-2020-11209.


Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources