#VU112416 Cryptographic Issues in Qualcomm products - CVE-2020-11123


Vulnerability identifier: #VU112416

Vulnerability risk: Low

CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-11123

CWE-ID: CWE-310

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
APQ8009
Hardware solutions / Firmware
APQ8017
Hardware solutions / Firmware
APQ8053
Hardware solutions / Firmware
APQ8096AU
Hardware solutions / Firmware
APQ8098
Hardware solutions / Firmware
MDM9150
Hardware solutions / Firmware
MDM9206
Hardware solutions / Firmware
MDM9607
Hardware solutions / Firmware
MDM9640
Hardware solutions / Firmware
MDM9650
Hardware solutions / Firmware
MSM8905
Hardware solutions / Firmware
MSM8909W
Hardware solutions / Firmware
MSM8917
Hardware solutions / Firmware
MSM8920
Hardware solutions / Firmware
MSM8937
Hardware solutions / Firmware
MSM8940
Hardware solutions / Firmware
MSM8953
Hardware solutions / Firmware
MSM8996
Hardware solutions / Firmware
MSM8996AU
Hardware solutions / Firmware
MSM8998
Hardware solutions / Firmware
QCS405
Hardware solutions / Firmware
QCS605
Hardware solutions / Firmware
QM215
Hardware solutions / Firmware
SA6155P
Hardware solutions / Firmware
SC8180X
Hardware solutions / Firmware
SDA660
Hardware solutions / Firmware
SDA845
Hardware solutions / Firmware
SDM429
Hardware solutions / Firmware
SDM429W
Hardware solutions / Firmware
SDM439
Hardware solutions / Firmware
SDM450
Hardware solutions / Firmware
SDM630
Hardware solutions / Firmware
SDM632
Hardware solutions / Firmware
SDM636
Hardware solutions / Firmware
SDM660
Hardware solutions / Firmware
SDM670
Hardware solutions / Firmware
SDM710
Hardware solutions / Firmware
SDM845
Hardware solutions / Firmware
SDX24
Hardware solutions / Firmware
SDX55
Hardware solutions / Firmware
SM6150
Hardware solutions / Firmware
SM7150
Hardware solutions / Firmware
SM8150
Hardware solutions / Firmware
SM8250
Hardware solutions / Firmware
SXR1130
Hardware solutions / Firmware
SXR2130
Hardware solutions / Firmware
APQ8009W
Mobile applications / Mobile firmware & hardware
APQ8037
Mobile applications / Mobile firmware & hardware
APQ8064AU
Mobile applications / Mobile firmware & hardware
APQ8096
Mobile applications / Mobile firmware & hardware
APQ8096SG
Mobile applications / Mobile firmware & hardware
MDM8207
Mobile applications / Mobile firmware & hardware
MDM9205
Mobile applications / Mobile firmware & hardware
MDM9207
Mobile applications / Mobile firmware & hardware
MDM9250
Mobile applications / Mobile firmware & hardware
MDM9628
Mobile applications / Mobile firmware & hardware
MDM9655
Mobile applications / Mobile firmware & hardware
MSM8108
Mobile applications / Mobile firmware & hardware
MSM8208
Mobile applications / Mobile firmware & hardware
MSM8209
Mobile applications / Mobile firmware & hardware
MSM8608
Mobile applications / Mobile firmware & hardware
MSM8909
Mobile applications / Mobile firmware & hardware
MSM8996SG
Mobile applications / Mobile firmware & hardware
QCM4290
Mobile applications / Mobile firmware & hardware
QCS410
Mobile applications / Mobile firmware & hardware
QCS4290
Mobile applications / Mobile firmware & hardware
QCS603
Mobile applications / Mobile firmware & hardware
QCS610
Mobile applications / Mobile firmware & hardware
QSM8250
Mobile applications / Mobile firmware & hardware
QSM8350
Mobile applications / Mobile firmware & hardware
SA415M
Mobile applications / Mobile firmware & hardware
SA515M
Mobile applications / Mobile firmware & hardware
SA6145P
Mobile applications / Mobile firmware & hardware
SA6150P
Mobile applications / Mobile firmware & hardware
SA6155
Mobile applications / Mobile firmware & hardware
SA8150P
Mobile applications / Mobile firmware & hardware
SA8155
Mobile applications / Mobile firmware & hardware
SA8155P
Mobile applications / Mobile firmware & hardware
SA8195P
Mobile applications / Mobile firmware & hardware
SC7180
Mobile applications / Mobile firmware & hardware
SC8180XP
Mobile applications / Mobile firmware & hardware
SDA429W
Mobile applications / Mobile firmware & hardware
SDA640
Mobile applications / Mobile firmware & hardware
SDA670
Mobile applications / Mobile firmware & hardware
SDA855
Mobile applications / Mobile firmware & hardware
SDM1000
Mobile applications / Mobile firmware & hardware
SDM455
Mobile applications / Mobile firmware & hardware
SDM640
Mobile applications / Mobile firmware & hardware
SDM712
Mobile applications / Mobile firmware & hardware
SDM830
Mobile applications / Mobile firmware & hardware
SDM850
Mobile applications / Mobile firmware & hardware
SDW2500
Mobile applications / Mobile firmware & hardware
SDX50M
Mobile applications / Mobile firmware & hardware
SDX55M
Mobile applications / Mobile firmware & hardware
SM4125
Mobile applications / Mobile firmware & hardware
SM4250
Mobile applications / Mobile firmware & hardware
SM4250P
Mobile applications / Mobile firmware & hardware
SM6115
Mobile applications / Mobile firmware & hardware
SM6115P
Mobile applications / Mobile firmware & hardware
SM6125
Mobile applications / Mobile firmware & hardware
SM6150P
Mobile applications / Mobile firmware & hardware
SM6250
Mobile applications / Mobile firmware & hardware
SM6250P
Mobile applications / Mobile firmware & hardware
SM6350
Mobile applications / Mobile firmware & hardware
SM7125
Mobile applications / Mobile firmware & hardware
SM7150P
Mobile applications / Mobile firmware & hardware
SM7225
Mobile applications / Mobile firmware & hardware
SM7250
Mobile applications / Mobile firmware & hardware
SM7250P
Mobile applications / Mobile firmware & hardware
SM8150P
Mobile applications / Mobile firmware & hardware
SM8350
Mobile applications / Mobile firmware & hardware
SM8350P
Mobile applications / Mobile firmware & hardware
SXR1120
Mobile applications / Mobile firmware & hardware
SXR2130P
Mobile applications / Mobile firmware & hardware
WCD9330
Mobile applications / Mobile firmware & hardware

Vendor: Qualcomm

Description

The vulnerability allows a local application to read and manipulate data.

The vulnerability exists due to improper input validation in HLOS. A local application can read and manipulate data.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8009W: All versions

APQ8017: All versions

APQ8037: All versions

APQ8053: All versions

APQ8064AU: All versions

APQ8096: All versions

APQ8096AU: All versions

APQ8096SG: All versions

APQ8098: All versions

MDM8207: All versions

MDM9150: All versions

MDM9205: All versions

MDM9206: All versions

MDM9207: All versions

MDM9250: All versions

MDM9607: All versions

MDM9628: All versions

MDM9640: All versions

MDM9650: All versions

MDM9655: All versions

MSM8108: All versions

MSM8208: All versions

MSM8209: All versions

MSM8608: All versions

MSM8905: All versions

MSM8909: All versions

MSM8909W: All versions

MSM8917: All versions

MSM8920: All versions

MSM8937: All versions

MSM8940: All versions

MSM8953: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8996SG: All versions

MSM8998: All versions

QCM4290: All versions

QCS405: All versions

QCS410: All versions

QCS4290: All versions

QCS603: All versions

QCS605: All versions

QCS610: All versions

QM215: All versions

QSM8250: All versions

QSM8350: All versions

SA415M: All versions

SA515M: All versions

SA6145P: All versions

SA6150P: All versions

SA6155: All versions

SA6155P: All versions

SA8150P: All versions

SA8155: All versions

SA8155P: All versions

SA8195P: All versions

SC7180: All versions

SC8180X: All versions

SC8180XP: All versions

SDA429W: All versions

SDA640: All versions

SDA660: All versions

SDA670: All versions

SDA845: All versions

SDA855: All versions

SDM1000: All versions

SDM429: All versions

SDM429W: All versions

SDM439: All versions

SDM450: All versions

SDM455: All versions

SDM630: All versions

SDM632: All versions

SDM636: All versions

SDM640: All versions

SDM660: All versions

SDM670: All versions

SDM710: All versions

SDM712: All versions

SDM830: All versions

SDM845: All versions

SDM850: All versions

SDW2500: All versions

SDX24: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SM4125: All versions

SM4250: All versions

SM4250P: All versions

SM6115: All versions

SM6115P: All versions

SM6125: All versions

SM6150: All versions

SM6150P: All versions

SM6250: All versions

SM6250P: All versions

SM6350: All versions

SM7125: All versions

SM7150: All versions

SM7150P: All versions

SM7225: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SM8350: All versions

SM8350P: All versions

SXR1120: All versions

SXR1130: All versions

SXR2130: All versions

SXR2130P: All versions

WCD9330: All versions

External links
https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-security-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Qualcomm chipsets