#VU112414 Buffer overflow in Qualcomm products - CVE-2020-11183


Vulnerability identifier: #VU112414

Vulnerability risk: Low

CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-11183

CWE-ID: CWE-120

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
APQ8009
Hardware solutions / Firmware
APQ8017
Hardware solutions / Firmware
APQ8053
Hardware solutions / Firmware
APQ8096AU
Hardware solutions / Firmware
MDM9206
Hardware solutions / Firmware
MDM9650
Hardware solutions / Firmware
MSM8909W
Hardware solutions / Firmware
MSM8917
Hardware solutions / Firmware
MSM8920
Hardware solutions / Firmware
MSM8937
Hardware solutions / Firmware
MSM8940
Hardware solutions / Firmware
MSM8953
Hardware solutions / Firmware
MSM8996AU
Hardware solutions / Firmware
QCA6174A
Hardware solutions / Firmware
QCA6574AU
Hardware solutions / Firmware
QCA9377
Hardware solutions / Firmware
QCA9379
Hardware solutions / Firmware
SD450
Hardware solutions / Firmware
SD710
Hardware solutions / Firmware
SD712
Hardware solutions / Firmware
SD835
Hardware solutions / Firmware
SDM630
Hardware solutions / Firmware
SDX20
Hardware solutions / Firmware
APQ8009W
Mobile applications / Mobile firmware & hardware
APQ8037
Mobile applications / Mobile firmware & hardware
AR8151
Mobile applications / Mobile firmware & hardware
MDM9250
Mobile applications / Mobile firmware & hardware
MDM9655
Mobile applications / Mobile firmware & hardware
PM215
Mobile applications / Mobile firmware & hardware
PM439
Mobile applications / Mobile firmware & hardware
PM660
Mobile applications / Mobile firmware & hardware
PM660A
Mobile applications / Mobile firmware & hardware
PM660L
Mobile applications / Mobile firmware & hardware
PM8004
Mobile applications / Mobile firmware & hardware
PM8005
Mobile applications / Mobile firmware & hardware
PM855A
Mobile applications / Mobile firmware & hardware
PM8909
Mobile applications / Mobile firmware & hardware
PM8916
Mobile applications / Mobile firmware & hardware
PM8937
Mobile applications / Mobile firmware & hardware
PM8940
Mobile applications / Mobile firmware & hardware
PM8953
Mobile applications / Mobile firmware & hardware
PM8996
Mobile applications / Mobile firmware & hardware
PM8998
Mobile applications / Mobile firmware & hardware
PMD9607
Mobile applications / Mobile firmware & hardware
PMD9655
Mobile applications / Mobile firmware & hardware
PMI632
Mobile applications / Mobile firmware & hardware
PMI8937
Mobile applications / Mobile firmware & hardware
PMI8940
Mobile applications / Mobile firmware & hardware
PMI8952
Mobile applications / Mobile firmware & hardware
PMI8994
Mobile applications / Mobile firmware & hardware
PMI8996
Mobile applications / Mobile firmware & hardware
PMI8998
Mobile applications / Mobile firmware & hardware
PMK8001
Mobile applications / Mobile firmware & hardware
PMM855AU
Mobile applications / Mobile firmware & hardware
PMM8996AU
Mobile applications / Mobile firmware & hardware
PMX20
Mobile applications / Mobile firmware & hardware
QAT3514
Mobile applications / Mobile firmware & hardware
QAT3522
Mobile applications / Mobile firmware & hardware
QAT3550
Mobile applications / Mobile firmware & hardware
QBT1000
Mobile applications / Mobile firmware & hardware
QBT1500
Mobile applications / Mobile firmware & hardware
QCA6310
Mobile applications / Mobile firmware & hardware
QCA6320
Mobile applications / Mobile firmware & hardware
QCA6564A
Mobile applications / Mobile firmware & hardware
QCA6564AU
Mobile applications / Mobile firmware & hardware
QCA6574A
Mobile applications / Mobile firmware & hardware
QCA6595
Mobile applications / Mobile firmware & hardware
QCA6595AU
Mobile applications / Mobile firmware & hardware
QCA9367
Mobile applications / Mobile firmware & hardware
QCC1110
Mobile applications / Mobile firmware & hardware
QET4100
Mobile applications / Mobile firmware & hardware
QET4101
Mobile applications / Mobile firmware & hardware
QET4200AQ
Mobile applications / Mobile firmware & hardware
QET5100
Mobile applications / Mobile firmware & hardware
QFE2080FC
Mobile applications / Mobile firmware & hardware
QFE2081FC
Mobile applications / Mobile firmware & hardware
QFE2082FC
Mobile applications / Mobile firmware & hardware
QFE2101
Mobile applications / Mobile firmware & hardware
QFE2550
Mobile applications / Mobile firmware & hardware
QFE3100
Mobile applications / Mobile firmware & hardware
QFE3440FC
Mobile applications / Mobile firmware & hardware
QFE4301
Mobile applications / Mobile firmware & hardware
QFE4302
Mobile applications / Mobile firmware & hardware
QFE4303
Mobile applications / Mobile firmware & hardware
QFE4305
Mobile applications / Mobile firmware & hardware
QFE4308
Mobile applications / Mobile firmware & hardware
QFE4309
Mobile applications / Mobile firmware & hardware
QFE4320
Mobile applications / Mobile firmware & hardware
QFE4373FC
Mobile applications / Mobile firmware & hardware
QFE4455FC
Mobile applications / Mobile firmware & hardware
QFE4465FC
Mobile applications / Mobile firmware & hardware
QLN1021AQ
Mobile applications / Mobile firmware & hardware
QLN1030
Mobile applications / Mobile firmware & hardware
QLN1031
Mobile applications / Mobile firmware & hardware
QLN1035BD
Mobile applications / Mobile firmware & hardware
QLN1036AQ
Mobile applications / Mobile firmware & hardware
QPA4340
Mobile applications / Mobile firmware & hardware
QPA4360
Mobile applications / Mobile firmware & hardware
QPA5373
Mobile applications / Mobile firmware & hardware
QPA5460
Mobile applications / Mobile firmware & hardware
QSW8573
Mobile applications / Mobile firmware & hardware
QTC800H
Mobile applications / Mobile firmware & hardware
QTC800S
Mobile applications / Mobile firmware & hardware
QTC800T
Mobile applications / Mobile firmware & hardware
QTC801S
Mobile applications / Mobile firmware & hardware
Qualcomm215
Mobile applications / Mobile firmware & hardware
RGR7640AU
Mobile applications / Mobile firmware & hardware
RSW8577
Mobile applications / Mobile firmware & hardware
SD 636
Mobile applications / Mobile firmware & hardware
SD439
Mobile applications / Mobile firmware & hardware
SD660
Mobile applications / Mobile firmware & hardware
SD820
Mobile applications / Mobile firmware & hardware
SD821
Mobile applications / Mobile firmware & hardware
SDM830
Mobile applications / Mobile firmware & hardware
SDR051
Mobile applications / Mobile firmware & hardware
SDR052
Mobile applications / Mobile firmware & hardware
SDR660
Mobile applications / Mobile firmware & hardware
SDW2500
Mobile applications / Mobile firmware & hardware
SDW3100
Mobile applications / Mobile firmware & hardware
SDX20M
Mobile applications / Mobile firmware & hardware
SDX50M
Mobile applications / Mobile firmware & hardware
SMB1350
Mobile applications / Mobile firmware & hardware
SMB1351
Mobile applications / Mobile firmware & hardware
SMB1355
Mobile applications / Mobile firmware & hardware
SMB1357
Mobile applications / Mobile firmware & hardware
SMB1358
Mobile applications / Mobile firmware & hardware
SMB1360
Mobile applications / Mobile firmware & hardware
SMB1380
Mobile applications / Mobile firmware & hardware
SMB231
Mobile applications / Mobile firmware & hardware
WCD9326
Mobile applications / Mobile firmware & hardware
WCD9330
Mobile applications / Mobile firmware & hardware
WCD9335
Mobile applications / Mobile firmware & hardware
WCD9340
Mobile applications / Mobile firmware & hardware
WCD9341
Mobile applications / Mobile firmware & hardware
WCN3615
Mobile applications / Mobile firmware & hardware
WCN3620
Mobile applications / Mobile firmware & hardware
WCN3660B
Mobile applications / Mobile firmware & hardware
WCN3680
Mobile applications / Mobile firmware & hardware
WCN3680B
Mobile applications / Mobile firmware & hardware
WCN3980
Mobile applications / Mobile firmware & hardware
WCN3990
Mobile applications / Mobile firmware & hardware
WGR7640
Mobile applications / Mobile firmware & hardware
WSA8810
Mobile applications / Mobile firmware & hardware
WSA8815
Mobile applications / Mobile firmware & hardware
WTR2955
Mobile applications / Mobile firmware & hardware
WTR2965
Mobile applications / Mobile firmware & hardware
WTR3905
Mobile applications / Mobile firmware & hardware
WTR3925
Mobile applications / Mobile firmware & hardware
WTR3950
Mobile applications / Mobile firmware & hardware
WTR4905
Mobile applications / Mobile firmware & hardware
WTR5975
Mobile applications / Mobile firmware & hardware

Vendor: Qualcomm

Description

The vulnerability allows a local privileged application to execute arbitrary code.

The vulnerability exists due to improper input validation in Display. A local privileged application can execute arbitrary code.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8009W: All versions

APQ8017: All versions

APQ8037: All versions

APQ8053: All versions

APQ8096AU: All versions

AR8151: All versions

MDM9206: All versions

MDM9250: All versions

MDM9650: All versions

MDM9655: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996AU: All versions

PM215: All versions

PM439: All versions

PM660: All versions

PM660A: All versions

PM660L: All versions

PM8004: All versions

PM8005: All versions

PM855A: All versions

PM8909: All versions

PM8916: All versions

PM8937: All versions

PM8940: All versions

PM8953: All versions

PM8996: All versions

PM8998: All versions

PMD9607: All versions

PMD9655: All versions

PMI632: All versions

PMI8937: All versions

PMI8940: All versions

PMI8952: All versions

PMI8994: All versions

PMI8996: All versions

PMI8998: All versions

PMK8001: All versions

PMM855AU: All versions

PMM8996AU: All versions

PMX20: All versions

QAT3514: All versions

QAT3522: All versions

QAT3550: All versions

QBT1000: All versions

QBT1500: All versions

QCA6174A: All versions

QCA6310: All versions

QCA6320: All versions

QCA6564A: All versions

QCA6564AU: All versions

QCA6574A: All versions

QCA6574AU: All versions

QCA6595: All versions

QCA6595AU: All versions

QCA9367: All versions

QCA9377: All versions

QCA9379: All versions

QCC1110: All versions

QET4100: All versions

QET4101: All versions

QET4200AQ: All versions

QET5100: All versions

QFE2080FC: All versions

QFE2081FC: All versions

QFE2082FC: All versions

QFE2101: All versions

QFE2550: All versions

QFE3100: All versions

QFE3440FC: All versions

QFE4301: All versions

QFE4302: All versions

QFE4303: All versions

QFE4305: All versions

QFE4308: All versions

QFE4309: All versions

QFE4320: All versions

QFE4373FC: All versions

QFE4455FC: All versions

QFE4465FC: All versions

QLN1021AQ: All versions

QLN1030: All versions

QLN1031: All versions

QLN1035BD: All versions

QLN1036AQ: All versions

QPA4340: All versions

QPA4360: All versions

QPA5373: All versions

QPA5460: All versions

QSW8573: All versions

QTC800H: All versions

QTC800S: All versions

QTC800T: All versions

QTC801S: All versions

Qualcomm215: All versions

RGR7640AU: All versions

RSW8577: All versions

SD 636: All versions

SD439: All versions

SD450: All versions

SD660: All versions

SD710: All versions

SD712: All versions

SD820: All versions

SD821: All versions

SD835: All versions

SDM630: All versions

SDM830: All versions

SDR051: All versions

SDR052: All versions

SDR660: All versions

SDW2500: All versions

SDW3100: All versions

SDX20: All versions

SDX20M: All versions

SDX50M: All versions

SMB1350: All versions

SMB1351: All versions

SMB1355: All versions

SMB1357: All versions

SMB1358: All versions

SMB1360: All versions

SMB1380: All versions

SMB231: All versions

WCD9326: All versions

WCD9330: All versions

WCD9335: All versions

WCD9340: All versions

WCD9341: All versions

WCN3615: All versions

WCN3620: All versions

WCN3660B: All versions

WCN3680: All versions

WCN3680B: All versions

WCN3980: All versions

WCN3990: All versions

WGR7640: All versions

WSA8810: All versions

WSA8815: All versions

WTR2955: All versions

WTR2965: All versions

WTR3905: All versions

WTR3925: All versions

WTR3950: All versions

WTR4905: All versions

WTR5975: All versions

External links
https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2020-security-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Qualcomm chipsets