#VU52805 Input validation error in Qualcomm products - CVE-2020-11268

Vulnerability identifier: #VU52805

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-11268

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
APQ8009
MDM9640
QCA6174A
SD210
APQ8016
APQ8074
APQ8084
APQ8094
AR6003
MDM8215
MDM8215M
MDM8615M
MDM9215
MDM9235M
MDM9310
MDM9609
MDM9615
MDM9615M
MDM9635M
MDM9645
MSM8108
MSM8208
MSM8209
MSM8216
MSM8274
MSM8608
MSM8674
MSM8916
MSM8929
MSM8939
MSM8974
MSM8974P
MSM8994
PM8018
PM8841
PM8909
PM8916
PM8941
PM8994
PMD9635
PMD9645
PMI8994
QCA1990
QCA6174
QCA6584
QFE1035
QFE1040
QFE1045
QFE1100
QFE1101
QFE1520
QFE1550
QFE2101
QFE2310
QFE2320
QFE2330
QFE2340
QFE2520
QFE2550
QFE2720
QFE3100
QFE3320
QFE3335
QFE3340
QFE3345
SMB1360
WCD9306
WCD9330
WCN3610
WCN3620
WCN3660
WCN3660A
WCN3660B
WCN3680
WCN3680B
WFR1620
WGR7640
WTR1605
WTR1605L
WTR1625
WTR1625L
WTR2605
WTR2955
WTR3925
WTR4605
WTR4905

Software vendor:
Qualcomm

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in LTE implementation. Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to a remote denial of service.

Install updates from vendor's website.

• https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin