Developer Workspace

Loading...

Bring your ideas to life by saving your favorite products, comparing specifications and sharing with your team to work collaboratively.

0 Projects

Sort

You do not have any projects yet. Start building your Workspace.

Documentation

Security Bulletin

Navigator

Close
2026 Security Bulletins
July
June
May
April
March
February
January
2025 Security Bulletins
December
November
October
September
August
July
June
May
April
March
February
January
2024 Security Bulletins
December
November
October
September
August
July
June
May
April
March
February
January
2023 Security Bulletins
December
November
October
September
August
July
June
May
April
March
February
January
2022 Security Bulletins
December
November
October
September
August
July
June
May
April
March
February
January
2021 Security Bulletins
December
November
October
September
August
July
June
May
April
March
February
January
2020 Security Bulletins
December
November
October
September
August
July
June
May
April
March
February
January
2019 Security Bulletins
December
November
October
September
August
July
June
May
April
March
February
January
2018 Security Bulletins
December
November
October
September
August
July
June
May

Legal notice

November 2020 Security Bulletin

Version 1.0

Published: 11/02/2020

This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security vulnerabilities that have been addressed in QTI’s proprietary code and (ii) links to related code that has been contributed to Code Aurora Forum (CAF), a Linux Foundation Collaborative Project, to address security vulnerabilities for customers who incorporate Linux-based software from CAF into their devices.

Please reach out to securitybulletin@qti.qualcomm.com for any questions related to this bulletin.

Table of Contents

Announcements:
Acknowledgements:
Proprietary Software Issues:
Open Source Software Issues:
Industry Coordination:
Version History:

Announcements

We plan to publish CVSS scores, ratings and string values for all CVEs published in bulletins from November 2020 onwards.

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2020-11123 Anonymous: Researcher requested not to be named
CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207 Slava Makkaveev Of Checkpoint
CVE-2020-11121, CVE-2020-11130 Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/  for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin.
CVE-2020-11131 Yang Xiao @ VARAS_IIE
CVE-2020-11132 Qi Zhao and Guang Gong 360 Alpha Lab working with 360 BugCloud( https://bugcloud.360.cn/ )

Proprietary Software Issues

The tables below summarize security vulnerabilities that were addressed through proprietary software

This table list high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2020-3639 Critical Critical Data Modem Internal
CVE-2020-11123 High High HLOS 12/04/2019
CVE-2020-11127 High High QTEE Internal
CVE-2020-11168 High High Video Internal
CVE-2020-11175 High High Bluetooth HOST Internal
CVE-2020-11184 High High Video Internal
CVE-2020-11193 High High Video Internal
CVE-2020-11196 High High Video Internal
CVE-2020-11201 High High Video 02/21/2020
CVE-2020-11202 High High Video 02/12/2020
CVE-2020-11205 High High BT Controller Internal
CVE-2020-11206 High High ComputerVision 02/14/2020
CVE-2020-11207 High High ComputerVision 02/21/2020
CVE-2020-3632 High High HWEngines Internal
CVE-2020-11208 High High DSP Internal
CVE-2020-11209 High High DSP Internal

This table list moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2020-11132 Medium Medium Boot 01/20/2020

CVE-2020-3639

CVE ID CVE-2020-3639
Title Improper Validation of Array Index in Modem Data
Description When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow
Technology Area Data Modem
Vulnerability Type CWE-129 Improper Validation of Array Index
Access Vector Remote
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.8
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 05/04/2020
Affected Chipsets* APQ8009, APQ8017, APQ8037, APQ8053, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA415M, SA6145P, SA6150P, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8350, SM8350P, SXR1120, SXR1130

CVE-2020-11123

CVE ID CVE-2020-11123
Title Cryptographic Issue in HLOS
Description information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting user`s lock-screen password can be bypassed by performing the standard gatekeeper operations.
Technology Area HLOS
Vulnerability Type CWE-310 Cryptographic Issues
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.1
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Date Reported 12/04/2019
Customer Notified Date 05/04/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QM215, QSM8250, QSM8350, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDW2500, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330

CVE-2020-11127

CVE ID CVE-2020-11127
Title Integer Overflow to Buffer Overflow in QTEE
Description Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded
Technology Area QTEE
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 05/04/2020
Affected Chipsets* MDM9205, QCM4290, QCS405, QCS410, QCS4290, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA845, SDA855, SDM1000, SDM640, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P

CVE-2020-11168

CVE ID CVE-2020-11168
Title Untrusted Pointer Dereference Issue in Video
Description Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range
Technology Area Video
Vulnerability Type CWE-822 Untrusted Pointer Dereference
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.3
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Date Reported Internal
Customer Notified Date 08/03/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, APQ8098, MDM9206, MDM9650, MSM8909W, MSM8953, MSM8996AU, QCM4290, QCS405, QCS4290, QCS603, QCS605, QM215, QSM8350, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM450, SDM632, SDM640, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P, WCD9330

CVE-2020-11175

CVE ID CVE-2020-11175
Title Use After Free Issue in Bluetooth Host
Description Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.
Technology Area Bluetooth HOST
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score  8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 08/03/2020
Affected Chipsets* APQ8009W, MSM8909W, QCS605, QM215, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6350, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P

CVE-2020-11184

CVE ID CVE-2020-11184
Title Integer Overflow to Buffer Overflow in Video
Description Possible buffer overflow will occur in video while parsing mp4 clip with crafted esds atom size.
Technology Area Video
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score  7.3
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Date Reported Internal
Customer Notified Date 08/03/2020
Affected Chipsets* QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

CVE-2020-11193

CVE ID CVE-2020-11193
Title Integer Overflow to Buffer Overflow Issue in Video
Description Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize
Technology Area Video
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Remote
Security Rating High
CVSS Rating High 
CVSS Score 7.3
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Date Reported Internal
Customer Notified Date 08/03/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330

CVE-2020-11196

CVE ID CVE-2020-11196
Title Integer Overflow to Buffer Overflow in Video
Description Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries
Technology Area Video
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.3
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Date Reported Internal
Customer Notified Date 08/03/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330

CVE-2020-11201

CVE ID CVE-2020-11201
Title Untrusted Pointer Dereference in Video
Description Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side
Technology Area Video
Vulnerability Type CWE-822 Untrusted Pointer Dereference
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 02/21/2020
Customer Notified Date 07/24/2020
Affected Chipsets* QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P

CVE-2020-11202

CVE ID CVE-2020-11202
Title Improper Input Validation in Video
Description Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure
Technology Area Video
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
CVSS Rating  High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 02/12/2020
Customer Notified Date 07/24/2020
Affected Chipsets* QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA845, SDM640, SDM670, SDM710, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P

CVE-2020-11205

CVE ID CVE-2020-11205
Title Integer Overflow or Wraparound issues in Bluetooth SOC
Description Possible integer overflow to heap overflow while processing command due to lack of check of packet length received
Technology Area BT Controller
Vulnerability Type CWE-190 Integer Overflow or Wraparound
Access Vector Local
Security Rating High
CVSS Rating  High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 08/03/2020
Affected Chipsets* QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

CVE-2020-11206

CVE ID CVE-2020-11206
Title Untrusted Pointer Dereference in ComputerVision
Description Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters
Technology Area ComputerVision
Vulnerability Type CWE-822 Untrusted Pointer Dereference
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 02/14/2020
Customer Notified Date 07/24/2020
Affected Chipsets* APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

CVE-2020-11207

CVE ID CVE-2020-11207
Title Buffer Copy Without Checking Size of Input in Computer Vision
Description Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length
Technology Area ComputerVision
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 02/21/2020
Customer Notified Date 07/24/2020
Affected Chipsets* APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P

CVE-2020-3632

CVE ID CVE-2020-3632
Title Improper Validation of Array Index in MHI Ring Validation
Description Incorrect validation of ring context fetched from host memory can lead to memory overflow
Technology Area HWEngines
Vulnerability Type CWE-129 Improper Validation of Array Index
Access Vector Local
Security Rating High
CVSS Rating High  
CVSS Score 8.4  
CVSS String  CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 05/04/2020
Affected Chipsets* QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

CVE-2020-11132

CVE ID CVE-2020-11132
Title Buffer Over read Issue in Boot
Description Buffer over read in boot due to size check ignored before copying GUID attribute from request to response
Technology Area Boot
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating Medium
CVSS Rating  Medium
CVSS Score 5.1  
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L  
Date Reported 01/20/2020
Customer Notified Date 05/04/2020
Affected Chipsets* APQ8009, APQ8096AU, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA670, SDA845, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330

CVE-2020-11208

CVE ID CVE-2020-11208
Title Buffer Overflow in DSP Process
Description Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument
Technology Area DSP
Vulnerability Type CWE-191 Integer Underflow (Wrap or Wraparound)
Access Vector Local
Security Rating High
CVSS Rating  High
CVSS Score 8.4  
CVSS String  CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 07/24/2020
Affected Chipsets* SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

CVE-2020-11209

CVE ID CVE-2020-11209
Title Improper Authorization in DSP Process
Description Improper authorization in DSP process could allow unauthorized users to downgrade the library versions
Technology Area DSP
Vulnerability Type CWE-285 Improper Authorization
Access Vector Local
Security Rating High
CVSS Rating High  
CVSS Score  8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H  
Date Reported Internal
Customer Notified Date 07/24/2020
Affected Chipsets* SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

* Data is generated only at the time of bulletin creation

Open Source Software Issues

The tables below summarize security vulnerabilities that were addressed through open source software

This table list moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2020-11121 Medium Medium WLAN HOST 01/03/2020
CVE-2020-11130 Medium Medium WLAN HOST 01/03/2020
CVE-2020-11131 Medium Medium WLAN HOST 10/01/2019

CVE-2020-11121

CVE ID CVE-2020-11121
Title Buffer Copy Without Checking Size of Input in WLAN
Description Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer
Technology Area WLAN HOST
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.7
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported 01/03/2020
Customer Notified Date 05/04/2020
Affected Chipsets* QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P
Patch*
  • https://source.codeaurora.org/quic/la/platform/hardware/qcom/wlan/commit/?id=b56533c3978f6b078b796f8bbd1e1d3a58cd4421

CVE-2020-11130

CVE ID CVE-2020-11130
Title Buffer Copy Without Checking Size of Input in WLAN
Description Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length
Technology Area WLAN HOST
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.7
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported 01/03/2020
Customer Notified Date 05/04/2020
Affected Chipsets* QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P
Patch*
  • https://source.codeaurora.org/quic/la/platform/hardware/qcom/wlan/commit/?id=85f475808e09bdfff5480eb0e81c3c03707a32a1

CVE-2020-11131

CVE ID CVE-2020-11131
Title Integer Overflow to Buffer Overflow in WLAN
Description Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space
Technology Area WLAN HOST
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.7
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported 10/01/2019
Customer Notified Date 05/04/2020
Affected Chipsets* APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9250, MDM9628, MDM9640, MDM9650, MSM8996AU, QCS405, SDA845, SDX20, SDX20M, WCD9330
Patch*
  • https://source.codeaurora.org/quic/le/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=b5549a556a9ce60b514ea20dc62f9499a97857a2

* Data is generated only at the time of bulletin creation  

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

  • Consideration of security protections such as SELinux not enforced on some platforms
  • Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

Version History

Version Date Comments
1.0 November 2, 2020 Bulletin Published

All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.

This technical data may be subject to U.S. and international export, re-export, or transfer ("export") laws. Diversion contrary to U.S. and international law is strictly prohibited.

Qualcomm Technologies, Inc.
5775 Morehouse Drive
San Diego, CA 92121
U.S.A.

© 2020 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.

  • Table of Contents
  • Announcements
  • Acknowledgements
  • Proprietary Software Issues
  • CVE-2020-3639
  • CVE-2020-11123
  • CVE-2020-11127
  • CVE-2020-11168
  • CVE-2020-11175
  • CVE-2020-11184
  • CVE-2020-11193
  • CVE-2020-11196
  • CVE-2020-11201
  • CVE-2020-11202
  • CVE-2020-11205
  • CVE-2020-11206
  • CVE-2020-11207
  • CVE-2020-3632
  • CVE-2020-11132
  • CVE-2020-11208
  • CVE-2020-11209
  • Open Source Software Issues
  • CVE-2020-11121
  • CVE-2020-11130
  • CVE-2020-11131
  • Industry Coordination
  • Version History
Qualcomm relentlessly innovates to deliver intelligent computing everywhere, helping the world tackle some of its most important challenges. Our leading-edge AI, high performance, low-power computing, and unrivaled connectivity deliver proven solutions that transform major industries. At Qualcomm, we are engineering human progress.

Quick links

  • Products
  • Support
  • Partners
  • Contact us
  • Developer

Company info

  • About us
  • Careers
  • Investors
  • News & media
  • Our businesses
  • Email Subscriptions

Stay connected

Get the latest Qualcomm and industry information delivered to your inbox.

Subscribe
Manage your subscription
  • Terms of Use
  • Privacy
  • Cookie Policy
  • Accessibility Statement
  • Responsible AI Policy
  • Do Not Sell or Share My Personal Information

Languages

  • English ( United States )
  • 简体中文 ( China )

© Qualcomm Technologies, Inc. and/or its affiliated companies.

Snapdragon and Qualcomm branded products are products of Qualcomm Technologies, Inc. and/or its subsidiaries. Qualcomm patented technologies are licensed by Qualcomm Incorporated.

Note: Certain services and materials may require you to accept additional terms and conditions before accessing or using those items.

References to "Qualcomm" may mean Qualcomm Incorporated, or subsidiaries or business units within the Qualcomm corporate structure, as applicable.

Qualcomm Incorporated includes our licensing business, QTL, and the vast majority of our patent portfolio. Qualcomm Technologies, Inc., a subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of our engineering, research and development functions, and substantially all of our products and services businesses, including our QCT semiconductor business.

Materials that are as of a specific date, including but not limited to press releases, presentations, blog posts and webcasts, may have been superseded by subsequent events or disclosures.

Nothing in these materials is an offer to sell or license any of the services or materials referenced herein.

Scroll To Top
This website processes personal data through our and third parties’ online tracking technologies, including analytics and advertising cookies. To learn more about how we and our affiliates within the Qualcomm Group may use your personal data and cookies, please review the Privacy Policy published at the bottom of this website and Qualcomm’s Cookie Policy. If you don’t want to share your website activities, including browsing behavior, with our third-party partners via these tracking technologies, click on “Cookie Settings" below to update your preferences. You can also update your cookie preferences at any time by clicking the Do Not Sell or Share My Personal Information link at the bottom of this website.
Company Logo
Opt-Out Request Honored

Do Not Sell or Share My Personal Data

As described in greater detail in the Privacy Policy at the bottom of this website and Qualcomm’s Cookie Policy, we use certain third party advertising and other cookies on this website, which may be considered a “sale” of personal information or “sharing” of personal information for targeted advertising under applicable data privacy laws. To opt out of the sale or sharing of your personal information, please click the “Share or Sale of Personal Information” toggle button below. When you have opted out, the button color will change from blue to grey. We will also honor your opt-out of sale or sharing requests communicated via opt-out preference signals, such as the Global Privacy Control.

Manage Consent Preferences

Strictly Necessary Cookies

Always Active

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work.

Share Or Sale of Personal Information

As described above, you may exercise your right to opt out of the sale or sharing of personal information by using this toggle button

  • Analytics Cookies

    label

    These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

  • Personalization Cookies

    label

    These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

  • Targeting Cookies

    label

    These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. If you do not allow these cookies, you will experience less targeted advertising.

Cookie List

Search Icon
  • label
Consent Leg.Interest
label
label
label
Powered by Onetrust