#VU71904 Integer overflow in Qualcomm products - CVE-2020-11160
Published: February 6, 2023
Vulnerability identifier: #VU71904
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-11160
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8096AU
MDM9650
QCA6174A
QCA6574AU
QCA9379
QCS405
SA6155P
SD665
SD675
SD855
SDM429W
SDX55
AQT1000
AR8031
AR8035
CSRA6620
CSRA6640
PM215
PM3003A
PM6125
PM6150
PM6150L
PM640A
PM640L
PM640P
PM8008
PM8009
PM8150
PM8150A
PM8150B
PM8150C
PM8150L
PM8250
PM855
PM855B
PM855L
PM855P
PM8916
PMC1000H
PMD9655
PMI632
PMK8002
PMM6155AU
PMM8155AU
PMM855AU
PMM8996AU
PMR525
PMX55
QAT3519
QAT3522
QAT3550
QAT3555
QBT1500
QBT2000
QCA4020
QCA6390
QCA6391
QCA6420
QCA6426
QCA6430
QCA6564A
QCA6564AU
QCA6574
QCA6574A
QCA6584AU
QCA6595AU
QCA6696
QCA8337
QCS410
QCS610
QDM2301
QDM2302
QET4100
QET4101
QFS2530
QFS2580
QLN1030
QPA4360
QPA4361
QPA6560
QPA8673
QPM5541
QPM5577
QPM5579
QPM6325
QPM6375
QSW6310
QSW8573
QSW8574
QTC410S
QTC800H
QTC801S
QTM525
QTM527
Qualcomm215
SA6145P
SA8155
SA8155P
SD 8C
SD 8CX
SD460
SD662
SD865 5G
SDA429W
SDR425
SDR660
SDR8150
SDR8250
SDR865
SDX55M
SMB1351
SMB1354
SMB1355
SMB1381
SMB1390
SMB2351
SMR525
SMR526
WCD9326
WCD9335
WCD9340
WCD9341
WCD9370
WCD9375
WCD9380
WCD9385
WCN3610
WCN3615
WCN3620
WCN3660B
WCN3680
WCN3680B
WCN3950
WCN3980
WCN3988
WCN3998
WCN3999
WCN6850
WCN6851
WGR7640
WSA8810
WSA8815
WTR2965
WTR3925
WTR5975
APQ8096AU
MDM9650
QCA6174A
QCA6574AU
QCA9379
QCS405
SA6155P
SD665
SD675
SD855
SDM429W
SDX55
AQT1000
AR8031
AR8035
CSRA6620
CSRA6640
PM215
PM3003A
PM6125
PM6150
PM6150L
PM640A
PM640L
PM640P
PM8008
PM8009
PM8150
PM8150A
PM8150B
PM8150C
PM8150L
PM8250
PM855
PM855B
PM855L
PM855P
PM8916
PMC1000H
PMD9655
PMI632
PMK8002
PMM6155AU
PMM8155AU
PMM855AU
PMM8996AU
PMR525
PMX55
QAT3519
QAT3522
QAT3550
QAT3555
QBT1500
QBT2000
QCA4020
QCA6390
QCA6391
QCA6420
QCA6426
QCA6430
QCA6564A
QCA6564AU
QCA6574
QCA6574A
QCA6584AU
QCA6595AU
QCA6696
QCA8337
QCS410
QCS610
QDM2301
QDM2302
QET4100
QET4101
QFS2530
QFS2580
QLN1030
QPA4360
QPA4361
QPA6560
QPA8673
QPM5541
QPM5577
QPM5579
QPM6325
QPM6375
QSW6310
QSW8573
QSW8574
QTC410S
QTC800H
QTC801S
QTM525
QTM527
Qualcomm215
SA6145P
SA8155
SA8155P
SD 8C
SD 8CX
SD460
SD662
SD865 5G
SDA429W
SDR425
SDR660
SDR8150
SDR8250
SDR865
SDX55M
SMB1351
SMB1354
SMB1355
SMB1381
SMB1390
SMB2351
SMR525
SMR526
WCD9326
WCD9335
WCD9340
WCD9341
WCD9370
WCD9375
WCD9380
WCD9385
WCN3610
WCN3615
WCN3620
WCN3660B
WCN3680
WCN3680B
WCN3950
WCN3980
WCN3988
WCN3998
WCN3999
WCN6850
WCN6851
WGR7640
WSA8810
WSA8815
WTR2965
WTR3925
WTR5975
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Diag Services. A local privileged application can execute arbitrary code.
Remediation
Install security update from vendor's website.