#VU112426 Untrusted Pointer Dereference in Qualcomm products - CVE-2020-11206


| Updated: 2025-07-07

Vulnerability identifier: #VU112426

Vulnerability risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2020-11206

CWE-ID: CWE-822

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
APQ8098
Hardware solutions / Firmware
MSM8998
Hardware solutions / Firmware
SA6155P
Hardware solutions / Firmware
SDA660
Hardware solutions / Firmware
SDA845
Hardware solutions / Firmware
SDM660
Hardware solutions / Firmware
SDM845
Hardware solutions / Firmware
SDX55
Hardware solutions / Firmware
SM6150
Hardware solutions / Firmware
SM7150
Hardware solutions / Firmware
SM8150
Hardware solutions / Firmware
SM8250
Hardware solutions / Firmware
SXR2130
Hardware solutions / Firmware
QCM4290
Mobile applications / Mobile firmware & hardware
QCM6125
Mobile applications / Mobile firmware & hardware
QCS410
Mobile applications / Mobile firmware & hardware
QCS4290
Mobile applications / Mobile firmware & hardware
QCS610
Mobile applications / Mobile firmware & hardware
QCS6125
Mobile applications / Mobile firmware & hardware
QSM8250
Mobile applications / Mobile firmware & hardware
QSM8350
Mobile applications / Mobile firmware & hardware
SA6145P
Mobile applications / Mobile firmware & hardware
SA6150P
Mobile applications / Mobile firmware & hardware
SA6155
Mobile applications / Mobile firmware & hardware
SA8150P
Mobile applications / Mobile firmware & hardware
SA8155
Mobile applications / Mobile firmware & hardware
SA8155P
Mobile applications / Mobile firmware & hardware
SA8195P
Mobile applications / Mobile firmware & hardware
SC7180
Mobile applications / Mobile firmware & hardware
SDA640
Mobile applications / Mobile firmware & hardware
SDA855
Mobile applications / Mobile firmware & hardware
SDM640
Mobile applications / Mobile firmware & hardware
SDM830
Mobile applications / Mobile firmware & hardware
SDM850
Mobile applications / Mobile firmware & hardware
SDX50M
Mobile applications / Mobile firmware & hardware
SDX55M
Mobile applications / Mobile firmware & hardware
SM4250
Mobile applications / Mobile firmware & hardware
SM4250P
Mobile applications / Mobile firmware & hardware
SM6115
Mobile applications / Mobile firmware & hardware
SM6115P
Mobile applications / Mobile firmware & hardware
SM6125
Mobile applications / Mobile firmware & hardware
SM6150P
Mobile applications / Mobile firmware & hardware
SM6250
Mobile applications / Mobile firmware & hardware
SM6250P
Mobile applications / Mobile firmware & hardware
SM6350
Mobile applications / Mobile firmware & hardware
SM7125
Mobile applications / Mobile firmware & hardware
SM7150P
Mobile applications / Mobile firmware & hardware
SM7225
Mobile applications / Mobile firmware & hardware
SM7250
Mobile applications / Mobile firmware & hardware
SM7250P
Mobile applications / Mobile firmware & hardware
SM8150P
Mobile applications / Mobile firmware & hardware
SM8350
Mobile applications / Mobile firmware & hardware
SM8350P
Mobile applications / Mobile firmware & hardware
SXR2130P
Mobile applications / Mobile firmware & hardware

Vendor: Qualcomm

Description

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to improper input validation in ComputerVision. A local application can execute arbitrary code.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

APQ8098: All versions

MSM8998: All versions

QCM4290: All versions

QCM6125: All versions

QCS410: All versions

QCS4290: All versions

QCS610: All versions

QCS6125: All versions

QSM8250: All versions

QSM8350: All versions

SA6145P: All versions

SA6150P: All versions

SA6155: All versions

SA6155P: All versions

SA8150P: All versions

SA8155: All versions

SA8155P: All versions

SA8195P: All versions

SC7180: All versions

SDA640: All versions

SDA660: All versions

SDA845: All versions

SDA855: All versions

SDM640: All versions

SDM660: All versions

SDM830: All versions

SDM845: All versions

SDM850: All versions

SDX50M: All versions

SDX55: All versions

SDX55M: All versions

SM4250: All versions

SM4250P: All versions

SM6115: All versions

SM6115P: All versions

SM6125: All versions

SM6150: All versions

SM6150P: All versions

SM6250: All versions

SM6250P: All versions

SM6350: All versions

SM7125: All versions

SM7150: All versions

SM7150P: All versions

SM7225: All versions

SM7250: All versions

SM7250P: All versions

SM8150: All versions

SM8150P: All versions

SM8250: All versions

SM8350: All versions

SM8350P: All versions

SXR2130: All versions

SXR2130P: All versions

External links
https://docs.qualcomm.com/product/publicresources/securitybulletin/november-2020-security-bulletin.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Qualcomm chipsets