PT-2020-12568 · Qualcomm · Snapdragon Industrial Iot+18

Published

2020-11-12

Updated

2020-11-19

CVE-2020-11131

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions (affected versions not specified)

Description The issue is related to a possible buffer overflow in WMA message processing due to an integer overflow. This occurs when processing a command received from user space in various Qualcomm Snapdragon products, including Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Voice & Music. The affected chipsets include APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9250, MDM9628, MDM9640, MDM9650, MSM8996AU, QCS405, SDA845, SDX20, SDX20M, and WCD9330.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2020-11131

Affected Products

Apq8009

Apq8053

Apq8096Au

Mdm9206

Mdm9250

Mdm9628

Mdm9640

Mdm9650

Msm8996Au

Qcs405

Sda845

Sdx20

Sdx20M

Snapdragon Auto

Snapdragon Consumer Iot

Snapdragon Industrial Iot

Snapdragon Mobile

Snapdragon Voice & Music

Wcd9330

PT-2020-12568 · Qualcomm · Snapdragon Industrial Iot+18

CVE-2020-11131

Weakness Enumeration

Related Identifiers

Affected Products

References · 2