April 2021 Security Bulletin

Version 1.0

Published: 04/05/2021

This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security vulnerabilities that have been addressed in QTI’s proprietary code and (ii) links to related code that has been contributed to Code Aurora Forum (CAF), a Linux Foundation Collaborative Project, to address security vulnerabilities for customers who incorporate Linux-based software from CAF into their devices.

Please reach out to [email protected] for any questions related to this bulletin.

Table of Contents

Announcements:

Acknowledgements

Proprietary Software Issues:

Open Source Software Issues:

Industry Coordination:

Version History:

Announcements

None.

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2020-11234 d414d4 ([email protected]) and Guang Gong (https://twitter.com/oldfresher) of Alpha Lab
CVE-2020-11246 Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/ for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin.
CVE-2021-1892 Michael Bourque
CVE-2020-11231 Weiteng Chen ([email protected])

Proprietary Software Issues

The tables below summarize security vulnerabilities that were addressed through proprietary software

This table lists high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2020-11210 Critical Critical Core Internal
CVE-2020-11191 High High Data Modem Internal
CVE-2020-11236 High High UTILS Internal
CVE-2020-11237 High High UTILS Internal
CVE-2020-11242 High High Core Internal
CVE-2020-11243 High High LTE Internal
CVE-2020-11245 High High Core Internal
CVE-2020-11246 High High Content Protection 06/25/2020
CVE-2020-11247 High High Data Modem Internal
CVE-2020-11251 High High Data Modem Internal
CVE-2020-11252 High High Core Internal
CVE-2020-11255 High High Data Modem Internal
CVE-2021-1892 High High WLAN Windows Host 01/16/2019



 

CVE-2020-11210

CVE ID CVE-2020-11210
Title Improper Input Validation in Core
Description Possible memory corruption in RPM region due to improper XPU configuration
Technology Area Core
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.3
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* AR8035, PM4125, PM4250, PM6125, PM6150A, PM6150L, PM6350, PM7250B, PM8008, PMD9655, PMI632, PMK8003, QAT3519, QAT3522, QAT3555, QAT5515, QAT5516, QCA6390, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS4290, QDM2301, QDM2302, QET4101, QET6105, QPA4360, QPA4361, QPA6560, QPA8673, QSW6310, QSW8573, QSW8574, QTC410S, QTM525, SD460, SD480, SD662, SD665, SDR425, SDR660, SDR735, SDR735G, SM4125, SMB1351, SMB1354, SMB1355, SMB1396, SMR526, WCD9370, WCD9375, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3991, WCN3998, WCN3999, WCN6850, WGR7640, WSA8810, WSA8815, WTR2965, WTR3925

CVE-2020-11191

CVE ID CVE-2020-11191
Title Buffer Over-read in Data Modem
Description Out of bound read occurs while processing crafted SDP due to lack of check of null string
Technology Area Data Modem
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 8.2
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8084, APQ8096AU, AQT1000, AR6003, AR8035, AR8151, CSR6030, CSR8811, CSRB31024, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8070A, IPQ8071A, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9205, MDM9206, MDM9207, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9628, MDM9630, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8976SG, MSM8996AU, PM215, PM3003A, PM4125, PM4250, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8018, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8952, PM8953, PM8956, PM8998, PMC1000H, PMD9607, PMD9635, PMD9645, PMD9655, PMD9655AU, PME605, PMI632, PMI8937, PMI8940, PMI8952, PMI8998, PMK8002, PMK8350, PMM855AU, PMM8996AU, PMP8074, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA1990, QCA2066, QCA4004, QCA4020, QCA4024, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6694AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCA9889, QCC1110, QCM2290, QCM4290, QCM6125, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN9000, QCN9074, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFE1035, QFE1040, QFE1045, QFE2080FC, QFE2081FC, QFE2082FC, QFE2101, QFE2340, QFE2520, QFE2550, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, QFE3440FC, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFE4455FC, QFE4465FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1035BD, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5621, QPM5641, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8350, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, Qualcomm215, RGR7640AU, RSW8577, SA415M, SA515M, SA8155, SA8155P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD710, SD712, SD720G, SD730, SD765, SD765G, SD768G, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM429W, SDM630, SDR051, SDR052, SDR105, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDW2500, SDW3100, SDX20, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SMB1351, SMB1354, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1395, SMB1398, SMB231, SMB2351, SMB358, SMB358S, SMR525, SMR526, SMR545, SMR546, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR1605, WTR1605L, WTR2955, WTR2965, WTR3905, WTR3925, WTR4605, WTR4905, WTR5975, WTR6955

CVE-2020-11236

CVE ID CVE-2020-11236
Title Improper Input validation in Modem
Description Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service
Technology Area UTILS
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* CSRB31024, PM3003A, PM6150A, PM6150L, PM6350, PM7150A, PM7150L, PM7250, PM7250B, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855B, PM855L, PMK8002, PMK8003, PMK8350, PMR525, PMR735A, PMR735B, PMX24, PMX55, PMX60, QAT3516, QAT3518, QAT3519, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT2000, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6564AU, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QDM2301, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4101, QET5100, QET5100M, QET6100, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN1021AQ, QLN1031, QLN1036AQ, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QTC800H, QTC801S, QTM525, QTM527, SA415M, SD480, SD690 5G, SD750G, SD765, SD765G, SD768G, SD855, SD865 5G, SD870, SD888 5G, SDR735, SDR735G, SDR8150, SDR8250, SDR865, SDX55, SDX55M, SDXR2 5G, SM7250P, SMB1355, SMB1381, SMB1390, SMB1395, SMB1396, SMB1398, SMR525, SMR526, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3988, WCN3991, WCN3998, WCN6850, WCN6851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2020-11237

 

CVE ID CVE-2020-11237
Title Improper Input Validation in Modem
Description Memory crash when accessing histogram type KPI input received due to lack of check of histogram definition before accessing it
Technology Area UTILS
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* CSRB31024, PM3003A, PM456, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM7150A, PM7150L, PM7250, PM7250B, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM855, PM855B, PM855L, PMI632, PMK8002, PMK8003, PMR525, PMR735A, PMR735B, PMX24, PMX55, QAT3516, QAT3518, QAT3519, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QBT1500, QBT2000, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6564AU, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QDM2301, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET6100, QET6110, QFS2530, QFS2580, QLN1021AQ, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4650, QPM5620, QPM5621, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM6582, QPM6585, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QTC800H, QTC801S, QTM525, QTM527, SA415M, SD 675, SD480, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD855, SD865 5G, SD870, SDR660, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR865, SDX55, SDX55M, SDXR2 5G, SM6250, SM6250P, SM7250P, SMB1355, SMB1381, SMB1390, SMB1395, SMB1396, SMR525, SMR526, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6850, WCN6851, WSA8810, WSA8815, WSA8830, WSA8835

CVE-2020-11242

CVE ID CVE-2020-11242
Title Use of Out-of-Range Pointer Offset in Core
Description User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents
Technology Area Core
Vulnerability Type CWE-823 Use of Out-of-range Pointer Offset
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* PM660, PM660A, PM660L, PM855A, PMM855AU, QAT3514, QAT3522, QAT3550, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QET4100, QET4101, QET4200AQ, QLN1021AQ, QLN1031, QLN1036AQ, QPA4340, QPA4360, QPA5460, QTC800H, QTC800S, RSW8577, SD 455, SD 636, SD660, SDM630, SDR660, SMB1351, WCD9335, WCD9340, WCD9341, WCN3950, WCN3980, WCN3990

CVE-2020-11243

CVE ID CVE-2020-11243
Title Detection of Error Condition Without Action in LTE
Description RRC sends a connection establishment success to NAS even though connection setup validation returns failure and leads to denial of service
Technology Area LTE
Vulnerability Type CWE-390 Detection of Error Condition Without Action
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* AQT1000, AR8035, FSM10055, FSM10056, PM3003A, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM855, PM855B, PM855L, PM855P, PMC1000H, PMK8002, PMR525, PMX50, PMX55, QAT3516, QAT3518, QAT3519, QAT3555, QAT5515, QAT5522, QAT5533, QBT2000, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6595AU, QCA6696, QCA8337, QDM2301, QDM2305, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4101, QET5100, QET6110, QFS2530, QFS2580, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA5580, QPA6560, QPA8673, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM6325, QPM6375, QPM6582, QPM6585, QPM8820, QPM8830, QPM8895, QSM7250, QTC800H, QTC801S, QTM525, QTM527, SA515M, SD 8C, SD 8CX, SD765, SD765G, SD768G, SD855, SD865 5G, SD870, SDR051, SDR052, SDR8150, SDR8250, SDR865, SDX50M, SDX55, SDX55M, SDXR2 5G, SM7250P, SMB1355, SMB1381, SMB1390, SMB1395, SMB2351, SMR525, SMR526, WCD9340, WCD9341, WCD9380, WCD9385, WCN3991, WCN3998, WCN6750, WCN6850, WCN6851, WSA8810, WSA8815

CVE-2020-11245

CVE ID CVE-2020-11245
Title Possible Integer Overflow or Wraparound in Core
Description Unintended reads and writes by NS EL2 in access control driver due to lack of check of input validation
Technology Area Core
Vulnerability Type CWE-190 Integer Overflow or Wraparound
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* AQT1000, AR8035, PM3003A, PM4125, PM4250, PM6125, PM6150, PM6150A, PM6150L, PM6350, PM640A, PM640L, PM640P, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM855, PM855B, PM855L, PM855P, PM8998, PMD9655, PMI632, PMI8998, PMK8002, PMK8003, PMM8195AU, PMM855AU, PMR525, PMR735A, PMR735B, PMX24, PMX55, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QBT1500, QBT2000, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6574AU, QCA6595, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS4290, QDM2301, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4101, QET5100, QET6100, QET6105, QET6110, QFS2530, QFS2580, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4360, QPA5460, QPA5580, QPA5581, QPA6560, QPA8673, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4650, QPM5620, QPM5621, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM6582, QPM6585, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, SA6155P, SA8195P, SD 8C, SD 8CX, SD460, SD480, SD662, SD675, SD690 5G, SD750G, SD765, SD765G, SD768G, SD855, SD865 5G, SD870, SD888 5G, SDM830, SDR425, SDR660, SDR660G, SDR735, SDR735G, SDR8150, SDR8250, SDR865, SDX24, SDX55, SDX55M, SDXR2 5G, SM4125, SM7250P, SMB1351, SMB1354, SMB1355, SMB1390, SMB1395, SMB1396, SMR525, SMR526, SMR545, SMR546, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3925, WTR5975

CVE-2020-11246

CVE ID CVE-2020-11246
Title Double Free in Digital Rights Management
Description A double free condition can occur when the device moves to suspend mode during secure playback
Technology Area Content Protection
Vulnerability Type CWE-415 Double Free
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 06/25/2020
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8017, APQ8037, APQ8053, AQT1000, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM660, PM660A, PM660L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM855P, PM8909, PM8937, PM8940, PM8953, PM8998, PMI632, PMI8937, PMI8952, PMI8998, PMK7350, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMR525, PMR735A, PMR735B, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCM2290, QCM4290, QCM6125, QCS2290, QCS4290, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2520, QFE2550, QFE3340, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1030, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, Qualcomm215, RSW8577, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD205, SD210, SD429, SD439, SD450, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD835, SD845, SD855, SD865 5G, SD870, SD888 5G, SDM630, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR865, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7350, SMB1351, SMB1354, SMB1355, SMB1358, SMB1380, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMR525, SMR526, SMR545, SMR546, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3925, WTR4905, WTR5975, WTR6955

CVE-2020-11247

CVE ID CVE-2020-11247
Title Buffer Over-read in Data Modem
Description Out of bound memory read Missing while unpacking data due to lack of offset length check
Technology Area Data Modem
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 8.2
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8084, APQ8096AU, AQT1000, AR6003, AR8035, AR8151, CSR6030, CSRB31024, MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9206, MDM9207, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9615M, MDM9628, MDM9630, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8976SG, MSM8996AU, PM215, PM3003A, PM4125, PM4250, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8018, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8952, PM8953, PM8956, PM8996, PM8998, PMC1000H, PMD9607, PMD9635, PMD9645, PMD9655, PMD9655AU, PME605, PMI632, PMI8937, PMI8940, PMI8952, PMI8994, PMI8996, PMI8998, PMK8001, PMK8002, PMM855AU, PMM8996AU, PMR525, PMR735A, PMW3100, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QBT1000, QBT1500, QBT2000, QCA4020, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6694AU, QCA6696, QCA8337, QCA9367, QCA9377, QCA9379, QCC1110, QCC112, QCM2290, QCM4290, QCM6125, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6110, QFE1035, QFE1040, QFE1045, QFE2080FC, QFE2081FC, QFE2082FC, QFE2101, QFE2340, QFE2520, QFE2550, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, QFE3440FC, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFE4455FC, QFE4465FC, QFS2530, QFS2580, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1035BD, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5580, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4650, QPM5541, QPM5577, QPM5579, QPM5621, QPM5658, QPM5670, QPM5677, QPM5679, QPM6325, QPM6375, QPM6582, QPM6585, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, Qualcomm215, RGR7640AU, RSW8577, SA415M, SA515M, SA8155, SA8155P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD710, SD712, SD720G, SD730, SD765, SD765G, SD768G, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SDM630, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR8150, SDR8250, SDR845, SDR865, SDW2500, SDW3100, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SMB1350, SMB1351, SMB1354, SMB1355, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1395, SMB231, SMB2351, SMB358, SMB358S, SMR525, SMR526, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6750, WCN6850, WGR7640, WHS9410, WSA8810, WSA8815, WTR1605, WTR1605L, WTR2955, WTR2965, WTR3905, WTR3925, WTR3950, WTR4605, WTR4905, WTR5975, WTR6955

CVE-2020-11251

CVE ID CVE-2020-11251
Title Buffer Over-read in Data Modem
Description Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying
Technology Area Data Modem
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 8.2
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8096AU, AQT1000, AR6003, AR8151, CSR6030, CSRB31024, MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9205, MDM9206, MDM9207, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9628, MDM9630, MDM9640, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8976SG, MSM8996AU, PM215, PM3003A, PM4125, PM4250, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8018, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8952, PM8953, PM8956, PM8996, PM8998, PMC1000H, PMD9607, PMD9635, PMD9645, PMD9655, PMD9655AU, PME605, PMI632, PMI8937, PMI8940, PMI8952, PMI8994, PMI8996, PMI8998, PMK8001, PMK8002, PMM855AU, PMM8996AU, PMR525, PMR735A, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QBT1000, QBT1500, QBT2000, QCA4004, QCA4020, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6694AU, QCA6696, QCA8337, QCA9367, QCA9377, QCA9379, QCC1110, QCC112, QCM2290, QCM4290, QCM6125, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6110, QFE1035, QFE1040, QFE1045, QFE2080FC, QFE2081FC, QFE2082FC, QFE2101, QFE2340, QFE2520, QFE2550, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, QFE3440FC, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFE4455FC, QFE4465FC, QFS2530, QFS2580, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1035BD, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5580, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4650, QPM5621, QPM5658, QPM5670, QPM5677, QPM5679, QPM6582, QPM6585, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, Qualcomm215, RGR7640AU, RSW8577, SA415M, SA515M, SA8155, SA8155P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD710, SD712, SD720G, SD730, SD765, SD765G, SD768G, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SDA429W, SDM429W, SDM630, SDR051, SDR052, SDR105, SDR425, SDR660, SDR660G, SDR675, SDR8150, SDR8250, SDR845, SDR865, SDW2500, SDW3100, SDX20, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SMB1350, SMB1351, SMB1354, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB231, SMB2351, SMB358, SMB358S, SMR525, SMR526, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6850, WCN6851, WGR7640, WHS9410, WSA8810, WSA8815, WTR1605, WTR1605L, WTR2955, WTR2965, WTR3905, WTR3925, WTR3950, WTR4605, WTR4905, WTR5975, WTR6955

CVE-2020-11252

CVE ID CVE-2020-11252
Title Improper Access Control in Core
Description Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure
Technology Area Core
Vulnerability Type CWE-284 Improper Access Control
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.2
CVSS String CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, MDM9205, PM3003A, PM4125, PM4250, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM855, PM855B, PM855L, PM855P, PM8998, PMC1000H, PMD9655, PME605, PMI632, PMI8998, PMK8002, PMK8003, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMR525, PMR735A, PMR735B, PMX24, PMX50, PMX55, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QBT1500, QBT2000, QCA4004, QCA6174A, QCA6175A, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290, QCM6125, QCN5021, QCN5022, QCN5052, QCN5121, QCN5122, QCN5152, QCN9000, QCN9074, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6105, QET6110, QFS2530, QFS2580, QLN1021AQ, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4360, QPA4361, QPA5460, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM6325, QPM6375, QPM6582, QPM6585, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, QTM527, SA2150P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 675, SD 8C, SD 8CX, SD460, SD480, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD855, SD865 5G, SD870, SD888 5G, SDM830, SDR051, SDR052, SDR105, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR865, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SMB1351, SMB1354, SMB1355, SMB1381, SMB1390, SMB1395, SMB1396, SMB231, SMB2351, SMR525, SMR526, SMR545, SMR546, WCD9306, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3925, WTR5975

CVE-2020-11255

CVE ID CVE-2020-11255
Title Improper Release of Memory Before Removing Last Reference in Data Modem
Description Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and rest of the memory is leaked
Technology Area Data Modem
Vulnerability Type CWE-401 Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8009, APQ8017, APQ8037, APQ8053, AQT1000, CSRB31024, MDM8207, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8976SG, MSM8996AU, PM215, PM3003A, PM4125, PM4250, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8952, PM8953, PM8956, PM8998, PMC1000H, PMD9607, PMD9645, PMD9655, PMD9655AU, PME605, PMI632, PMI8937, PMI8940, PMI8952, PMI8998, PMK8002, PMM855AU, PMM8996AU, PMR525, PMR735A, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QBT1500, QBT2000, QCA4004, QCA6174A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCA9367, QCA9377, QCA9379, QCM2290, QCM4290, QCM6125, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6110, QFE2101, QFE2520, QFE2550, QFE3320, QFE3340, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5580, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4650, QPM5621, QPM5658, QPM5670, QPM5677, QPM5679, QPM6582, QPM6585, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, QTM527, Qualcomm215, RSW8577, SA415M, SA515M, SA8155, SA8155P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD710, SD712, SD720G, SD730, SD765, SD765G, SD768G, SD845, SD850, SD855, SD865 5G, SD870, SD888 5G, SDM630, SDR051, SDR052, SDR105, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR8150, SDR8250, SDR845, SDR865, SDX20, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SMB1351, SMB1354, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB231, SMB2351, SMB358, SMB358S, SMR525, SMR526, SMR545, SMR546, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6850, WGR7640, WHS9410, WSA8810, WSA8815, WTR2955, WTR2965, WTR3905, WTR3925, WTR4605, WTR4905, WTR5975, WTR6955

CVE-2021-1892

CVE ID CVE-2021-1892
Title Improper Input Validation in WLAN
Description Memory corruption due to improper input validation while processing IO control which is nonstandard
Technology Area WLAN Windows Host
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 01/16/2019
Customer Notified Date 10/07/2019
Affected Chipsets* AQT1000, PM8005, PM855, PM855P, PM8998, PMI8998, QAT3550, QCA1062, QCA1064, QCA2066, QCA6164, QCA6174, QCA6174A, QCA6310, QCA6335, QCA6391, QCA6420, QCA6430, QCA6595AU, QCA9377, QCN7605, QCN7606, QET4100, QFE2081FC, QFE2082FC, QFE3100, QFE3440FC, QFE4455FC, QLN1035BD, SD 8C, SD 8CX, SD835, SD845, SD850, SDR8150, SMB1350, SMB1351, SMB1380, SMB1381, SMB1390, SMB2351, WCD9335, WCD9340, WCD9341, WCN3990, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WGR7640, WSA8810, WSA8815, WTR5975

* Data is generated only at the time of bulletin creation

Open Source Software Issues

The tables below summarize security vulnerabilities that were addressed through open source software

This table lists high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2020-11234 High High Data Network Stack & Connectivity 07/20/2020

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

 

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2020-11231 Medium Medium GPS HLOS Driver 06/03/2020

CVE-2020-11234

CVE ID CVE-2020-11234
Title Use After Free in Data HLOS
Description When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread resulting in a Use After Free condition
Technology Area Data Network Stack & Connectivity
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 07/20/2020
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSR6030, CSRA6620, CSRA6640, MDM9206, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8953, MSM8996AU, PM215, PM3003A, PM439, PM6125, PM6150, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8953, PM8996, PM8998, PMC1000H, PMD9607, PMD9645, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8994, PMI8996, PMI8998, PMK8001, PMK8002, PMM855AU, PMM8996AU, PMR525, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QBT1000, QBT1500, QBT2000, QCA4020, QCA6174, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCA9367, QCA9377, QCA9379, QCC1110, QCN7605, QCN7606, QCS405, QCS603, QCS605, QDM2301, QDM2302, QDM2305, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6110, QFE2080FC, QFE2081FC, QFE2082FC, QFE2101, QFE2520, QFE2550, QFE3100, QFE3320, QFE3340, QFE3440FC, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFE4455FC, QFE4465FC, QFS2530, QFS2580, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1035BD, QLN1036AQ, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5580, QPA6560, QPA8673, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4650, QPM5541, QPM5577, QPM5579, QPM5621, QPM5658, QPM5670, QPM5677, QPM5679, QPM6325, QPM6375, QPM6582, QPM6585, QPM8830, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, Qualcomm215, RGR7640AU, RSW8577, SA2150P, SA515M, SA6155, SA6155P, SA8155, SA8155P, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD632, SD660, SD665, SD670, SD675, SD678, SD710, SD712, SD730, SD765, SD765G, SD768G, SD820, SD821, SD835, SD845, SD855, SD865 5G, SD870, SDM429W, SDM630, SDM830, SDR051, SDR052, SDR660, SDR660G, SDR8150, SDR8250, SDR845, SDR865, SDW2500, SDW3100, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM7250P, SMB1350, SMB1351, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1395, SMB231, SMB2351, SMB358S, SMR525, SMR526, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3950, WCN3980, WCN3990, WCN3991, WCN3998, WCN3999, WGR7640, WHS9410, WSA8810, WSA8815, WTR2955, WTR2965, WTR3905, WTR3925, WTR3950, WTR4605, WTR4905, WTR5975
Patch*

CVE-2020-11231

CVE ID CVE-2020-11231
Title Double free Issue in GPS
Description Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption
Technology Area GPS HLOS Driver
Vulnerability Type CWE-415 Double Free
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.7
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported 06/03/2020
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8017, APQ8053, AQT1000, MSM8917, MSM8953, PM215, PM3003A, PM439, PM6125, PM6150, PM6150L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM8937, PM8953, PMI632, PMI8937, PMI8952, PMK7350, PMK8002, PMK8350, PMR525, PMR735A, PMR735B, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCM4290, QCM6125, QCS4290, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4101, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2550, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4360, QPA4361, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5621, QPM5641, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC800H, QTC801S, QTM525, Qualcomm215, SD429, SD439, SD632, SD665, SD765, SD765G, SD768G, SD855, SD865 5G, SD870, SD888 5G, SDR660, SDR735, SDR735G, SDR8150, SDR8250, SDR865, SDX55, SDX55M, SDXR2 5G, SM7250P, SM7350, SMB1355, SMB1358, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMR525, SMR526, SMR545, SMR546, WCD9326, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3615, WCN3660B, WCN3680, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3925
Patch*

* Data is generated only at the time of bulletin creation

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

  • Consideration of security protections such as SELinux not enforced on some platforms

     

  • Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

Version History

Version Date Comments
1.0 April 5, 2021 Bulletin Published

All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.

This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.

©2021 Qualcomm Technologies, Inc. and/or its affiliated companies.

References to "Qualcomm" may mean Qualcomm Incorporated, or subsidiaries or business units within the Qualcomm corporate structure, as applicable.

Qualcomm Incorporated includes Qualcomm's licensing business, QTL, and the vast majority of its patent portfolio. Qualcomm Technologies, Inc., a wholly-owned subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of Qualcomm's engineering, research and development functions, and substantially all of its products and services businesses. Qualcomm products referenced on this page are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Materials that are as of a specific date, including but not limited to press releases, presentations, blog posts and webcasts, may have been superseded by subsequent events or disclosures.

Nothing in these materials is an offer to sell any of the components or devices referenced herein.