Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-11206

Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

Published

2020-11-12T10:15:13.030

Last Modified

2024-11-21T04:57:15.567

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qualcomm	apq8098_firmware	-	Yes
Hardware	qualcomm	apq8098	-	No
Operating System	qualcomm	msm8998_firmware	-	Yes
Hardware	qualcomm	msm8998	-	No
Operating System	qualcomm	qcm4290_firmware	-	Yes
Hardware	qualcomm	qcm4290	-	No
Operating System	qualcomm	qcm6125_firmware	-	Yes
Hardware	qualcomm	qcm6125	-	No
Operating System	qualcomm	qcs410_firmware	-	Yes
Hardware	qualcomm	qcs410	-	No
Operating System	qualcomm	qcs4290_firmware	-	Yes
Hardware	qualcomm	qcs4290	-	No
Operating System	qualcomm	qcs610_firmware	-	Yes
Hardware	qualcomm	qcs610	-	No
Operating System	qualcomm	qcs6125_firmware	-	Yes
Hardware	qualcomm	qcs6125	-	No
Operating System	qualcomm	qsm8250_firmware	-	Yes
Hardware	qualcomm	qsm8250	-	No
Operating System	qualcomm	qsm8350_firmware	-	Yes
Hardware	qualcomm	qsm8350	-	No
Operating System	qualcomm	sa6145p_firmware	-	Yes
Hardware	qualcomm	sa6145p	-	No
Operating System	qualcomm	sa6150p_firmware	-	Yes
Hardware	qualcomm	sa6150p	-	No
Operating System	qualcomm	sa6155_firmware	-	Yes
Hardware	qualcomm	sa6155	-	No
Operating System	qualcomm	sa6155p_firmware	-	Yes
Hardware	qualcomm	sa6155p	-	No
Operating System	qualcomm	sa8150p_firmware	-	Yes
Hardware	qualcomm	sa8150p	-	No
Operating System	qualcomm	sa8155_firmware	-	Yes
Hardware	qualcomm	sa8155	-	No
Operating System	qualcomm	sa8155p_firmware	-	Yes
Hardware	qualcomm	sa8155p	-	No
Operating System	qualcomm	sa8195p_firmware	-	Yes
Hardware	qualcomm	sa8195p	-	No
Operating System	qualcomm	sc7180_firmware	-	Yes
Hardware	qualcomm	sc7180	-	No
Operating System	qualcomm	sda640_firmware	-	Yes
Hardware	qualcomm	sda640	-	No
Operating System	qualcomm	sda660_firmware	-	Yes
Hardware	qualcomm	sda660	-	No
Operating System	qualcomm	sda845_firmware	-	Yes
Hardware	qualcomm	sda845	-	No
Operating System	qualcomm	sda855_firmware	-	Yes
Hardware	qualcomm	sda855	-	No
Operating System	qualcomm	sdm640_firmware	-	Yes
Hardware	qualcomm	sdm640	-	No
Operating System	qualcomm	sdm660_firmware	-	Yes
Hardware	qualcomm	sdm660	-	No
Operating System	qualcomm	sdm830_firmware	-	Yes
Hardware	qualcomm	sdm830	-	No
Operating System	qualcomm	sdm845_firmware	-	Yes
Hardware	qualcomm	sdm845	-	No
Operating System	qualcomm	sdm850_firmware	-	Yes
Hardware	qualcomm	sdm850	-	No
Operating System	qualcomm	sdx50m_firmware	-	Yes
Hardware	qualcomm	sdx50m	-	No
Operating System	qualcomm	sdx55_firmware	-	Yes
Hardware	qualcomm	sdx55	-	No
Operating System	qualcomm	sdx55m_firmware	-	Yes
Hardware	qualcomm	sdx55m	-	No
Operating System	qualcomm	sm4250_firmware	-	Yes
Hardware	qualcomm	sm4250	-	No
Operating System	qualcomm	sm4250p_firmware	-	Yes
Hardware	qualcomm	sm4250p	-	No
Operating System	qualcomm	sm6115_firmware	-	Yes
Hardware	qualcomm	sm6115	-	No
Operating System	qualcomm	sm6115p_firmware	-	Yes
Hardware	qualcomm	sm6115p	-	No
Operating System	qualcomm	sm6125_firmware	-	Yes
Hardware	qualcomm	sm6125	-	No
Operating System	qualcomm	sm6150_firmware	-	Yes
Hardware	qualcomm	sm6150	-	No
Operating System	qualcomm	sm6150p_firmware	-	Yes
Hardware	qualcomm	sm6150p	-	No
Operating System	qualcomm	sm6250_firmware	-	Yes
Hardware	qualcomm	sm6250	-	No
Operating System	qualcomm	sm6250p_firmware	-	Yes
Hardware	qualcomm	sm6250p	-	No
Operating System	qualcomm	sm6350_firmware	-	Yes
Hardware	qualcomm	sm6350	-	No
Operating System	qualcomm	sm7125_firmware	-	Yes
Hardware	qualcomm	sm7125	-	No
Operating System	qualcomm	sm7150_firmware	-	Yes
Hardware	qualcomm	sm7150	-	No
Operating System	qualcomm	sm7150p_firmware	-	Yes
Hardware	qualcomm	sm7150p	-	No
Operating System	qualcomm	sm7225_firmware	-	Yes
Hardware	qualcomm	sm7225	-	No
Operating System	qualcomm	sm7250_firmware	-	Yes
Hardware	qualcomm	sm7250	-	No
Operating System	qualcomm	sm7250p_firmware	-	Yes
Hardware	qualcomm	sm7250p	-	No
Operating System	qualcomm	sm8150_firmware	-	Yes
Hardware	qualcomm	sm8150	-	No
Operating System	qualcomm	sm8150p_firmware	-	Yes
Hardware	qualcomm	sm8150p	-	No
Operating System	qualcomm	sm8250_firmware	-	Yes
Hardware	qualcomm	sm8250	-	No
Operating System	qualcomm	sm8350_firmware	-	Yes
Hardware	qualcomm	sm8350	-	No
Operating System	qualcomm	sm8350p_firmware	-	Yes
Hardware	qualcomm	sm8350p	-	No
Operating System	qualcomm	sxr2130_firmware	-	Yes
Hardware	qualcomm	sxr2130	-	No
Operating System	qualcomm	sxr2130p_firmware	-	Yes
Hardware	qualcomm	sxr2130p	-	No

References

https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/ Third Party Advisory ([email protected])
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ Exploit, Third Party Advisory ([email protected])
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin Vendor Advisory ([email protected])
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)