#VU51890 Use of Out-of-range Pointer Offset in Qualcomm products - CVE-2020-11242
Published: April 5, 2021
Vulnerability identifier: #VU51890
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-11242
CWE-ID: CWE-823
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
PM660
PM660A
PM660L
PM855A
PMM855AU
QAT3514
QAT3522
QAT3550
QCA6564A
QCA6564AU
QCA6574A
QCA6595
QCA6595AU
QET4100
QET4101
QET4200AQ
QLN1021AQ
QLN1031
QLN1036AQ
QPA4340
QPA4360
QPA5460
QTC800H
QTC800S
RSW8577
SD455
SD660
SDR660
SMB1351
WCD9335
WCD9340
WCD9341
WCN3950
WCN3980
WCN3990
QCA6574AU
SD636
SDM630
PM660
PM660A
PM660L
PM855A
PMM855AU
QAT3514
QAT3522
QAT3550
QCA6564A
QCA6564AU
QCA6574A
QCA6595
QCA6595AU
QET4100
QET4101
QET4200AQ
QLN1021AQ
QLN1031
QLN1036AQ
QPA4340
QPA4360
QPA5460
QTC800H
QTC800S
RSW8577
SD455
SD660
SDR660
SMB1351
WCD9335
WCD9340
WCD9341
WCN3950
WCN3980
WCN3990
QCA6574AU
SD636
SDM630
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect argument into address range validation api used in SDI to capture requested contents. A local user can gain access to secure memory and elevate privileges on the system.
Remediation
Install updates from vendor's website.