#VU52805 Input validation error in Qualcomm Mobile applications


Published: 2021-05-03

Vulnerability identifier: #VU52805

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11268

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
APQ8009
Hardware solutions / Firmware
MDM9640
Hardware solutions / Firmware
QCA6174A
Hardware solutions / Firmware
SD210
Hardware solutions / Firmware
APQ8016
Mobile applications / Mobile firmware & hardware
APQ8074
Mobile applications / Mobile firmware & hardware
APQ8084
Mobile applications / Mobile firmware & hardware
APQ8094
Mobile applications / Mobile firmware & hardware
AR6003
Mobile applications / Mobile firmware & hardware
MDM8215
Mobile applications / Mobile firmware & hardware
MDM8215M
Mobile applications / Mobile firmware & hardware
MDM8615M
Mobile applications / Mobile firmware & hardware
MDM9215
Mobile applications / Mobile firmware & hardware
MDM9235M
Mobile applications / Mobile firmware & hardware
MDM9310
Mobile applications / Mobile firmware & hardware
MDM9609
Mobile applications / Mobile firmware & hardware
MDM9615
Mobile applications / Mobile firmware & hardware
MDM9615M
Mobile applications / Mobile firmware & hardware
MDM9635M
Mobile applications / Mobile firmware & hardware
MDM9645
Mobile applications / Mobile firmware & hardware
MSM8108
Mobile applications / Mobile firmware & hardware
MSM8208
Mobile applications / Mobile firmware & hardware
MSM8209
Mobile applications / Mobile firmware & hardware
MSM8216
Mobile applications / Mobile firmware & hardware
MSM8274
Mobile applications / Mobile firmware & hardware
MSM8608
Mobile applications / Mobile firmware & hardware
MSM8674
Mobile applications / Mobile firmware & hardware
MSM8916
Mobile applications / Mobile firmware & hardware
MSM8929
Mobile applications / Mobile firmware & hardware
MSM8939
Mobile applications / Mobile firmware & hardware
MSM8974
Mobile applications / Mobile firmware & hardware
MSM8974P
Mobile applications / Mobile firmware & hardware
MSM8994
Mobile applications / Mobile firmware & hardware
PM8018
Mobile applications / Mobile firmware & hardware
PM8841
Mobile applications / Mobile firmware & hardware
PM8909
Mobile applications / Mobile firmware & hardware
PM8916
Mobile applications / Mobile firmware & hardware
PM8941
Mobile applications / Mobile firmware & hardware
PM8994
Mobile applications / Mobile firmware & hardware
PMD9635
Mobile applications / Mobile firmware & hardware
PMD9645
Mobile applications / Mobile firmware & hardware
PMI8994
Mobile applications / Mobile firmware & hardware
QCA1990
Mobile applications / Mobile firmware & hardware
QCA6174
Mobile applications / Mobile firmware & hardware
QCA6584
Mobile applications / Mobile firmware & hardware
QFE1035
Mobile applications / Mobile firmware & hardware
QFE1040
Mobile applications / Mobile firmware & hardware
QFE1045
Mobile applications / Mobile firmware & hardware
QFE1100
Mobile applications / Mobile firmware & hardware
QFE1101
Mobile applications / Mobile firmware & hardware
QFE1520
Mobile applications / Mobile firmware & hardware
QFE1550
Mobile applications / Mobile firmware & hardware
QFE2101
Mobile applications / Mobile firmware & hardware
QFE2310
Mobile applications / Mobile firmware & hardware
QFE2320
Mobile applications / Mobile firmware & hardware
QFE2330
Mobile applications / Mobile firmware & hardware
QFE2340
Mobile applications / Mobile firmware & hardware
QFE2520
Mobile applications / Mobile firmware & hardware
QFE2550
Mobile applications / Mobile firmware & hardware
QFE2720
Mobile applications / Mobile firmware & hardware
QFE3100
Mobile applications / Mobile firmware & hardware
QFE3320
Mobile applications / Mobile firmware & hardware
QFE3335
Mobile applications / Mobile firmware & hardware
QFE3340
Mobile applications / Mobile firmware & hardware
QFE3345
Mobile applications / Mobile firmware & hardware
SMB1360
Mobile applications / Mobile firmware & hardware
WCD9306
Mobile applications / Mobile firmware & hardware
WCD9330
Mobile applications / Mobile firmware & hardware
WCN3610
Mobile applications / Mobile firmware & hardware
WCN3620
Mobile applications / Mobile firmware & hardware
WCN3660
Mobile applications / Mobile firmware & hardware
WCN3660A
Mobile applications / Mobile firmware & hardware
WCN3660B
Mobile applications / Mobile firmware & hardware
WCN3680
Mobile applications / Mobile firmware & hardware
WCN3680B
Mobile applications / Mobile firmware & hardware
WFR1620
Mobile applications / Mobile firmware & hardware
WGR7640
Mobile applications / Mobile firmware & hardware
WTR1605
Mobile applications / Mobile firmware & hardware
WTR1605L
Mobile applications / Mobile firmware & hardware
WTR1625
Mobile applications / Mobile firmware & hardware
WTR1625L
Mobile applications / Mobile firmware & hardware
WTR2605
Mobile applications / Mobile firmware & hardware
WTR2955
Mobile applications / Mobile firmware & hardware
WTR3925
Mobile applications / Mobile firmware & hardware
WTR4605
Mobile applications / Mobile firmware & hardware
WTR4905
Mobile applications / Mobile firmware & hardware

Vendor: Qualcomm

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in LTE implementation. Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to a remote denial of service.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8016: All versions

APQ8074: All versions

APQ8084: All versions

APQ8094: All versions

AR6003: All versions

MDM8215: All versions

MDM8215M: All versions

MDM8615M: All versions

MDM9215: All versions

MDM9235M: All versions

MDM9310: All versions

MDM9609: All versions

MDM9615: All versions

MDM9615M: All versions

MDM9635M: All versions

MDM9640: All versions

MDM9645: All versions

MSM8108: All versions

MSM8208: All versions

MSM8209: All versions

MSM8216: All versions

MSM8274: All versions

MSM8608: All versions

MSM8674: All versions

MSM8916: All versions

MSM8929: All versions

MSM8939: All versions

MSM8974: All versions

MSM8974P: All versions

MSM8994: All versions

PM8018: All versions

PM8841: All versions

PM8909: All versions

PM8916: All versions

PM8941: All versions

PM8994: All versions

PMD9635: All versions

PMD9645: All versions

PMI8994: All versions

QCA1990: All versions

QCA6174: All versions

QCA6174A: All versions

QCA6584: All versions

QFE1035: All versions

QFE1040: All versions

QFE1045: All versions

QFE1100: All versions

QFE1101: All versions

QFE1520: All versions

QFE1550: All versions

QFE2101: All versions

QFE2310: All versions

QFE2320: All versions

QFE2330: All versions

QFE2340: All versions

QFE2520: All versions

QFE2550: All versions

QFE2720: All versions

QFE3100: All versions

QFE3320: All versions

QFE3335: All versions

QFE3340: All versions

QFE3345: All versions

SD210: All versions

SMB1360: All versions

WCD9306: All versions

WCD9330: All versions

WCN3610: All versions

WCN3620: All versions

WCN3660: All versions

WCN3660A: All versions

WCN3660B: All versions

WCN3680: All versions

WCN3680B: All versions

WFR1620: All versions

WGR7640: All versions

WTR1605: All versions

WTR1605L: All versions

WTR1625: All versions

WTR1625L: All versions

WTR2605: All versions

WTR2955: All versions

WTR3925: All versions

WTR4605: All versions

WTR4905: All versions

External links
http://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Qualcomm chipsets