January 2021 Security Bulletin

Version 1.0

Published: 01/04/2021

This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security vulnerabilities that have been addressed in QTI’s proprietary code and (ii) links to related code that has been contributed to Code Aurora Forum (CAF), a Linux Foundation Collaborative Project, to address security vulnerabilities for customers who incorporate Linux-based software from CAF into their devices.

Please reach out to [email protected] for any questions related to this bulletin.

Table of Contents

Announcements:
Acknowledgements:
Proprietary Software Issues:
Open Source Software Issues:
Industry Coordination:
Version History:

Announcements

None.

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2020-11256, CVE-2020-11257, CVE-2020-11258, CVE-2020-11259 Niek Timmers ([email protected]) and Cristofaro Mune ([email protected]) of Raelize (https://raelize.com)
CVE-2020-11239, CVE-2020-11261, CVE-2020-11161 Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/ for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin.
CVE-2020-11250 Xiaodong Wang
CVE-2020-11160 Jun Yao (姚俊) (@_2freeman) and Guang Gong (@oldfresher) of 360 Alpha Lab working with 360 BugCloud(https://bugcloud.360.cn/)

Proprietary Software Issues

The tables below summarize security vulnerabilities that were addressed through proprietary software

This table lists high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2020-11134 Critical Critical WLAN Firmware Internal
CVE-2020-11182 Critical Critical Video Internal
CVE-2020-11256 Critical Critical WIN TZ FW 05/27/2020
CVE-2020-11257 Critical Critical WIN TZ FW 05/27/2020
CVE-2020-11258 Critical Critical WIN TZ FW 05/27/2020
CVE-2020-11259 Critical Critical WIN TZ FW 05/27/2020
CVE-2020-11126 High High WLAN Firmware Internal
CVE-2020-11159 High High WLAN Firmware Internal
CVE-2020-11165 High High Content Protection Internal
CVE-2020-11178 High High Core Internal
CVE-2020-11235 High High WLAN HAL Internal
CVE-2020-11238 High High WLAN Firmware Internal
CVE-2020-11241 High High WLAN Firmware Internal
CVE-2020-11260 High High Core Services Internal
CVE-2020-11265 High High WIN TZ FW Internal
CVE-2020-11266 High High WIN TZ FW Internal

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2020-11161 Medium Medium Graphics 03/13/2020

CVE-2020-11134

CVE ID CVE-2020-11134
Title Improper Validation of Array Index in WLAN
Description Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame are not Properly validated
Technology Area WLAN Firmware
Vulnerability Type CWE-129 Improper Validation of Array Index
Access Vector Remote
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.8
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PMC1000H, PMC7180, PMD9655, PMI632, PMK8002, PMK8003, PMK8350, PMM8155AU, PMM855AU, PMP8074, PMR525, PMR735A, PMR735B, PMX50, PMX55, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA4024, QCA6175A, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9888, QCA9889, QCA9984, QCM6125, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS405, QCS410, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN1021AQ, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4360, QPA4361, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC801S, QTM525, QTM527, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8C, SD 8CX, SD460, SD662, SD665, SD675, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD855, SD865 5G, SD888 5G, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR865, SDX50M, SDX55, SDX55M, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SMB1351, SMB1354, SMB1355, SMB1381, SMB1390, SMB1395, SMB1396, SMB1398, SMB2351, SMR525, SMR526, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3925

CVE-2020-11182

CVE ID CVE-2020-11182
Title Buffer Copy Without Checking Size of Input in Video
Description Possible heap overflow while parsing NAL header due to lack of check of length of data received from user
Technology Area Video
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Remote
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.8
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* AQT1000, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM845, PM855, PM855A, PM855B, PM855L, PM855P, PM8998, PMC1000H, PMC7180, PME605, PMI632, PMI8998, PMK8002, PMK8003, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMR525, PMR735A, PMR735B, PMX50, PMX55, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QBT1500, QBT2000, QCA6174A, QCA6175A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCM2290, QCM4290, QCM6125, QCS2290, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET6100, QET6110, QFS2530, QFS2580, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4360, QPA4361, QPA5460, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4650, QPM5620, QPM5621, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM6582, QPM6585, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 675, SD 8C, SD 8CX, SD460, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD845, SD850, SD855, SD865 5G, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SMB1351, SMB1354, SMB1355, SMB1380, SMB1381, SMB1390, SMB1395, SMB1396, SMB2351, SMR525, SMR526, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6750, WCN6850, WCN6851, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3925, WTR5975, WTR6955

CVE-2020-11256

CVE ID CVE-2020-11256
Title Use of Out-of-Range Pointer Offset in TrustZone
Description Memory corruption due to lack of check of validation of pointer to buffer passed to trustzone
Technology Area WIN TZ FW
Vulnerability Type CWE-823 Use of Out-of-range Pointer Offset
Access Vector Local
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.3
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Date Reported 05/27/2020
Customer Notified Date 10/05/2020
Affected Chipsets* AR7420, AR9580, CSR8811, IPQ4018, IPQ4019, IPQ4028, IPQ4029, QCA10901, QCA4024, QCA7500, QCA7520, QCA7550, QCA8075, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9984, QCA9992, QCA9994, QCN3018, QFE1922, QFE1952, WCD9340, WSA8810

CVE-2020-11257

CVE ID CVE-2020-11257
Title Use of Out-of-Range Pointer Offset in TrustZone
Description Memory corruption due to lack of validation of pointer arguments passed to TrustZone BSP
Technology Area WIN TZ FW
Vulnerability Type CWE-823 Use of Out-of-range Pointer Offset
Access Vector Local
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.3
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Date Reported 05/27/2020
Customer Notified Date 10/05/2020
Affected Chipsets* AR7420, AR9580, CSR8811, IPQ4018, IPQ4019, IPQ4028, IPQ4029, QCA10901, QCA4024, QCA7500, QCA7520, QCA7550, QCA8075, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9984, QCA9992, QCA9994, QCN3018, QFE1922, QFE1952, WCD9340, WSA8810

CVE-2020-11258

CVE ID CVE-2020-11258
Title Use of Out-of-Range Pointer Offset in TrustZone
Description Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP
Technology Area WIN TZ FW
Vulnerability Type CWE-823 Use of Out-of-range Pointer Offset
Access Vector Local
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.3
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Date Reported 05/27/2020
Customer Notified Date 10/05/2020
Affected Chipsets* AR7420, AR9580, CSR8811, IPQ4018, IPQ4019, IPQ4028, IPQ4029, QCA10901, QCA4024, QCA7500, QCA7520, QCA7550, QCA8075, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9984, QCA9992, QCA9994, QCN3018, QFE1922, QFE1952, WCD9340, WSA8810

CVE-2020-11259

CVE ID CVE-2020-11259
Title Use of Out-of-Range Pointer Offset in Trustzone
Description Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP
Technology Area WIN TZ FW
Vulnerability Type CWE-823 Use of Out-of-range Pointer Offset
Access Vector Local
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.3
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Date Reported 05/27/2020
Customer Notified Date 10/05/2020
Affected Chipsets* AR7420, AR9580, CSR8811, IPQ4018, IPQ4019, IPQ4028, IPQ4029, QCA10901, QCA4024, QCA7500, QCA7520, QCA7550, QCA8075, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9984, QCA9992, QCA9994, QCN3018, QFE1922, QFE1952, WCD9340, WSA8810

CVE-2020-11126

CVE ID CVE-2020-11126
Title Buffer Over Read Issue in WLAN
Description Possible out of bound read while WLAN frame parsing due to lack of check for body and header length
Technology Area WLAN Firmware
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9640, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8996, PM8998, PMC1000H, PMC7180, PMD9645, PMD9655, PME605, PMI632, PMI8996, PMI8998, PMK8002, PMK8003, PMK8350, PMM8155AU, PMM855AU, PMM8996AU, PMP8074, PMR525, PMR735A, PMR735B, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA4024, QCA6174A, QCA6175A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9379, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9990, QCA9992, QCA9994, QCM6125, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS405, QCS603, QCS605, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFE1035, QFE1040, QFE1045, QFE2340, QFE2550, QFE3100, QFE3320, QFE3335, QFE3345, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, QTM527, RSW8577, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD460, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD820, SD845, SD850, SD855, SD865 5G, SD888 5G, SDM630, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SMB1351, SMB1354, SMB1355, SMB1380, SMB1381, SMB1390, SMB1395, SMB1396, SMB1398, SMB2351, SMR525, SMR526, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3905, WTR3925, WTR4905, WTR5975, WTR6955

CVE-2020-11159

CVE ID CVE-2020-11159
Title Buffer Over-read Issue in WLAN
Description Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed
Technology Area WLAN Firmware
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 8.2
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8064AU, APQ8076, APQ8084, APQ8092, APQ8094, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, AR9380, CSR6030, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8215, MDM9206, MDM9215, MDM9225, MDM9225M, MDM9230, MDM9235M, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9625, MDM9625M, MDM9626, MDM9628, MDM9630, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8976, MSM8992, MSM8994, MSM8996AU, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8018, PM8019, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8952, PM8953, PM8956, PM8994, PM8996, PM8998, PMC1000H, PMC7180, PMD9607, PMD9635, PMD9645, PMD9655, PME605, PMI632, PMI8952, PMI8994, PMI8996, PMI8998, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8920AU, PMM8996AU, PMP8074, PMR525, PMR735A, PMR735B, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA0000, QCA1990, QCA4020, QCA4024, QCA4531, QCA6164, QCA6174, QCA6174A, QCA6175A, QCA6234, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9369, QCA9377, QCA9378, QCA9378A, QCA9379, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9990, QCA9992, QCA9994, QCM6125, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS405, QCS410, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFE1035, QFE1040, QFE1045, QFE1055, QFE1100, QFE2080FC, QFE2081FC, QFE2082FC, QFE2101, QFE2330, QFE2340, QFE2520, QFE2550, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, QFE3440FC, QFE4455FC, QFE4465FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1035BD, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, RGR7640AU, RSW8577, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD210, SD460, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD888 5G, SDM630, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SMB1350, SMB1351, SMB1354, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1395, SMB1396, SMB1398, SMB231, SMB2351, SMB358S, SMR525, SMR526, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR1605, WTR1625L, WTR2955, WTR2965, WTR3905, WTR3925, WTR3925L, WTR3950, WTR4605, WTR4905, WTR5975, WTR6955

CVE-2020-11165

CVE ID CVE-2020-11165
Title Buffer Copy Without Checking Size of Input in Content Protection
Description Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer
Technology Area Content Protection
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 07/06/2020
Affected Chipsets* AQT1000, AR8035, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855B, PM855L, PM855P, PM8998, PMD9655, PMI632, PMI8998, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMR525, PMR735A, PMR735B, PMX24, PMX50, PMX55, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS410, QCS4290, QCS610, QDM2301, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4360, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SD 675, SD 8C, SD 8CX, SD460, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD855, SD865 5G, SD888 5G, SDM830, SDR051, SDR052, SDR425, SDR660, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR865, SDX24, SDX50M, SDX55, SDX55M, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SMB1351, SMB1354, SMB1355, SMB1381, SMB1390, SMB1395, SMB1396, SMB1398, SMR525, SMR526, WCD9326, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3925, WTR5975

CVE-2020-11178

CVE ID CVE-2020-11178
Title Improper address validation in Core
Description Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory
Technology Area Core
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 07/06/2020
Affected Chipsets* AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9205, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM855, PM855B, PM855L, PM855P, PM8998, PMC1000H, PMD9655, PME605, PMI632, PMI8998, PMK8002, PMK8003, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMR525, PMR735A, PMR735B, PMX24, PMX50, PMX55, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QBT1500, QBT2000, QCA4004, QCA6174A, QCA6175A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCA9377, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFS2530, QFS2580, QLN1021AQ, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4360, QPA4361, QPA5460, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM6325, QPM6375, QPM6582, QPM6585, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, QTM527, SA415M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 675, SD 8C, SD 8CX, SD460, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD845, SD850, SD855, SD865 5G, SDM830, SDR051, SDR052, SDR105, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR865, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SMB1351, SMB1354, SMB1355, SMB1380, SMB1381, SMB1390, SMB1395, SMB1396, SMB231, SMB2351, SMR525, SMR526, WCD9306, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3925, WTR5975

CVE-2020-11235

CVE ID CVE-2020-11235
Title Integer Overflow to Buffer Overflow in WLAN
Description Buffer overflow might occur while parsing unified command due to lack of check of input data received
Technology Area WLAN HAL
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8009, APQ8017, APQ8053, APQ8064AU, APQ8076, APQ8084, APQ8092, APQ8094, APQ8096AU, AQT1000, AR7420, AR8031, AR8035, AR8151, AR9380, CSR6030, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8215, MDM9206, MDM9215, MDM9225, MDM9225M, MDM9230, MDM9235M, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9625, MDM9625M, MDM9626, MDM9628, MDM9630, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8976, MSM8992, MSM8994, MSM8996AU, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8018, PM8019, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8952, PM8953, PM8956, PM8994, PM8996, PM8998, PMC1000H, PMC7180, PMD9607, PMD9635, PMD9645, PMD9655, PME605, PMI632, PMI8952, PMI8994, PMI8996, PMI8998, PMK7350, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8920AU, PMM8996AU, PMP8074, PMR525, PMR735A, PMR735B, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA0000, QCA1023, QCA1990, QCA4020, QCA4024, QCA4531, QCA6164, QCA6174, QCA6174A, QCA6175A, QCA6234, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA7500, QCA7520, QCA7550, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9369, QCA9377, QCA9378, QCA9378A, QCA9379, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9890, QCA9896, QCA9898, QCA9980, QCA9982, QCA9984, QCA9985, QCA9986, QCA9987, QCA9988, QCA9990, QCA9992, QCA9994, QCM6125, QCN3018, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5500, QCN5501, QCN5502, QCN5550, QCN6023, QCN6024, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS405, QCS603, QCS605, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFE1035, QFE1040, QFE1045, QFE1055, QFE1100, QFE1922, QFE1952, QFE2080FC, QFE2081FC, QFE2082FC, QFE2101, QFE2330, QFE2340, QFE2520, QFE2550, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, QFE3440FC, QFE4455FC, QFE4465FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1035BD, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, RGR7640AU, RSW8577, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD210, SD460, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD888 5G, SDM630, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7350, SMB1350, SMB1351, SMB1354, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMB231, SMB2351, SMB358S, SMR525, SMR526, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR1605, WTR1625L, WTR2955, WTR2965, WTR3905, WTR3925, WTR3925L, WTR3950, WTR4605, WTR4905, WTR5975, WTR6955

CVE-2020-11238

CVE ID CVE-2020-11238
Title Buffer Over-read in WLAN
Description Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received
Technology Area WLAN Firmware
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* AQT1000, AR8031, AR8035, AR8151, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8998, PMC1000H, PMC7180, PMD9655, PME605, PMI632, PMI8998, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMP8074, PMR525, PMR735A, PMR735B, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA1062, QCA1064, QCA4024, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFE2080FC, QFE2081FC, QFE2082FC, QFE2101, QFE3100, QFE3440FC, QFE4455FC, QFE4465FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1035BD, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, RSW8577, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD460, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD888 5G, SDM630, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SMB1350, SMB1351, SMB1354, SMB1355, SMB1380, SMB1381, SMB1390, SMB1395, SMB1396, SMB1398, SMB2351, SMR525, SMR526, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6850, WCN6851, WCN6855, WCN6856, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3925, WTR5975, WTR6955

CVE-2020-11241

CVE ID CVE-2020-11241
Title Buffer Over-read in WLAN
Description Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute
Technology Area WLAN Firmware
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.5
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8009, APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9250, MDM9607, MDM9626, MDM9628, MDM9640, MDM9650, MDM9655, MSM8994, MSM8996AU, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8996, PM8998, PMC1000H, PMC7180, PMD9607, PMD9645, PMD9655, PME605, PMI632, PMI8994, PMI8996, PMI8998, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMM8996AU, PMP8074, PMR525, PMR735A, PMR735B, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA1023, QCA1062, QCA1064, QCA4020, QCA4024, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9369, QCA9377, QCA9379, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, QTM527, RGR7640AU, RSW8577, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 675, SD 8C, SD 8CX, SD460, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD820, SD845, SD850, SD855, SD865 5G, SD888 5G, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SMB1351, SMB1354, SMB1355, SMB1357, SMB1360, SMB1380, SMB1381, SMB1390, SMB1395, SMB1396, SMB1398, SMB2351, SMR525, SMR526, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6850, WCN6851, WCN6855, WCN6856, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3905, WTR3925, WTR3950, WTR4905, WTR5975, WTR6955

CVE-2020-11260

CVE ID CVE-2020-11260
Title Use of Uninitialized Variable in DIAG
Description An improper free of uninitialized memory can occur in DIAG services
Technology Area Core Services
Vulnerability Type CWE-457 Use of Uninitialized Variable
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8017, APQ8053, AQT1000, MSM8917, MSM8953, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM660, PM660A, PM660L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM855P, PM8937, PM8953, PMI632, PMI8937, PMI8952, PMK7350, PMK8002, PMK8003, PMK8350, PMR525, PMR735A, PMR735B, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA6390, QCA6391, QCA6420, QCA6430, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2550, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6585, QPM6621, QPM6670, QPM8820, QPM8870, QPM8895, QSM7250, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, Qualcomm215, RSW8577, SD 675, SD429, SD439, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD855, SD865 5G, SD888 5G, SDR051, SDR052, SDR425, SDR660, SDR675, SDR735, SDR735G, SDR8150, SDR865, SDX50M, SDX55, SDX55M, SM4125, SM4350, SM6250, SM7250P, SM7350, SMB1351, SMB1354, SMB1355, SMB1358, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMR525, SMR526, WCD9326, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3925

CVE-2020-11265

CVE ID CVE-2020-11265
Title Buffer Over-read in Trustzone
Description Information disclosure issue due to lack of validation of pointer arguments passed to TZ BSP
Technology Area WIN TZ FW
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.9
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* AR7420, AR9580, CSR8811, IPQ4018, IPQ4019, IPQ4028, IPQ4029, QCA10901, QCA4024, QCA7500, QCA7520, QCA7550, QCA8075, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9984, QCA9992, QCA9994, QCN3018, QFE1922, QFE1952, WCD9340, WSA8810

CVE-2020-11266

CVE ID CVE-2020-11266
Title Buffer Over-read in Trustzone
Description Image address is dereferenced before validating its range which can cause potential QSEE information leakage
Technology Area WIN TZ FW
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.9
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* AR7420, AR9580, CSR8811, IPQ4018, IPQ4019, IPQ4028, IPQ4029, QCA10901, QCA4024, QCA7500, QCA7520, QCA7550, QCA8075, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9984, QCA9992, QCA9994, QCN3018, QFE1922, QFE1952, WCD9340, WSA8810

CVE-2020-11161

CVE ID CVE-2020-11161
Title Buffer Over-read Issue in Graphics
Description Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components
Technology Area Graphics
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.8
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Date Reported 03/13/2020
Customer Notified Date 07/06/2020
Affected Chipsets* APQ8053, APQ8064AU, APQ8096AU, AR8031, AR8151, CSRA6620, CSRA6640, MDM9650, MSM8996AU, PM215, PM3003A, PM6125, PM6150, PM6150L, PM670, PM670A, PM670L, PM7350C, PM8005, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM8909, PM8953, PM8998, PMD9607, PMD9655, PME605, PMI632, PMI8952, PMK7350, PMK8002, PMK8350, PMM6155AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMX20, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3555, QAT5515, QAT5516, QAT5522, QAT5568, QBT2000, QCA6174A, QCA6390, QCA6391, QCA6426, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA9367, QCA9377, QCA9379, QCS405, QCS410, QCS603, QCS605, QCS610, QDM2301, QDM2302, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN1030, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4360, QPA4361, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5621, QPM5641, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6585, QPM6621, QPM6670, QPM8820, QPM8870, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC801S, QTM525, Qualcomm215, RGR7640AU, SA6145P, SA6155P, SD205, SD210, SD460, SD662, SD665, SD835, SD855, SD865 5G, SD888 5G, SDR425, SDR660, SDR735, SDR735G, SDR8250, SDR865, SDX20, SDX20M, SDX55, SDX55M, SDXR2 5G, SM7350, SMB1350, SMB1351, SMB1354, SMB1355, SMB1357, SMB1358, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMB231, SMR525, SMR526, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3990, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3925, WTR4905, WTR5975

* Data is generated only at the time of bulletin creation

 

Open Source Software Issues

The tables below summarize security vulnerabilities that were addressed through open source software

This table lists high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2020-11233 High High Automotive Telematics Internal
CVE-2020-11239 High High Graphics 07/26/2020
CVE-2020-11240 High High Camera Driver Internal
CVE-2020-11250 High High DSP Service 07/16/2020
CVE-2020-11261 High High Graphics 07/20/2020
CVE-2020-11262 High High Graphics Internal

This table lists moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.  

 

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2020-11160 Medium Medium Core Services 03/07/2020

CVE-2020-11233

CVE ID CVE-2020-11233
Title Time of Check Time of Use Race Condition in Boot
Description Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation
Technology Area Automotive Telematics
Vulnerability Type CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.1
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8053, APQ8076, APQ8096AU, CSR6030, MDM9206, MDM9230, MDM9250, MDM9330, MDM9607, MDM9626, MDM9628, MDM9630, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8937, MSM8996AU, PM215, PM439, PM660, PM8004, PM8909, PM8916, PM8937, PM8952, PM8953, PM8956, PM8996, PMD9607, PMD9635, PMD9645, PMD9655, PMI632, PMI8937, PMI8952, PMI8994, PMI8996, PMK8001, PMM8996AU, PMX20, QCA4020, QCA6174, QCA6174A, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584, QCA9367, QCA9377, QCA9379, QCC1110, QCC112, QET4100, QET4101, QET4200AQ, QFE1035, QFE1040, QFE1045, QFE2340, QFE2550, QFE3100, QFE3320, QFE3335, QFE3345, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QSW8573, QTC801S, Qualcomm215, RGR7640AU, SD205, SD210, SD439, SD820, SDW2500, SDW3100, SDX20, SDX20M, SMB1350, SMB1351, SMB1355, SMB1357, SMB1358, SMB1360, SMB231, SMB358S, WCD9306, WCD9326, WCD9330, WCD9335, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WGR7640, WSA8810, WSA8815, WTR2955, WTR2965, WTR3905, WTR3925, WTR4905, WTR5975
Patch*

CVE-2020-11239

CVE ID CVE-2020-11239
Title Use After Free in Graphics
Description Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly
Technology Area Graphics
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 07/26/2020
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9206, MDM9250, MDM9650, MDM9655, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8952, PM8953, PM8956, PM8996, PM8998, PMC1000H, PMD9607, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8994, PMI8996, PMI8998, PMK7350, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9367, QCA9377, QCA9379, QCC1110, QCM6125, QCS405, QCS410, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2520, QFE2550, QFE3340, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, Qualcomm215, RGR7640AU, RSW8577, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD820, SD821, SD835, SD845, SD855, SD865 5G, SD888 5G, SDA429W, SDM429W, SDM630, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDW2500, SDW3100, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SM7350, SMB1350, SMB1351, SMB1354, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMB231, SMB2351, SMR525, SMR526, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3905, WTR3925, WTR3950, WTR4905, WTR5975, WTR6955
Patch*

CVE-2020-11240 

CVE ID CVE-2020-11240
Title Incorrect Calculation of Buffer Size in Camera
Description Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy of the user argument
Technology Area Camera Driver
Vulnerability Type CWE-131 Incorrect Calculation of Buffer Size
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8009W, APQ8017, APQ8053, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MSM8909W, MSM8917, MSM8953, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8953, PM8998, PMC1000H, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8998, PMK7350, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMR525, PMR735A, PMR735B, PMW3100, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9377, QCA9379, QCC1110, QCS405, QCS410, QCS603, QCS605, QCS610, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2520, QFE2550, QFE3340, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5621, QPM5641, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, QTM527, Qualcomm215, RSW8577, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD845, SD855, SD865 5G, SD888 5G, SDA429W, SDM429W, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDW3100, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7350, SMB1351, SMB1354, SMB1355, SMB1358, SMB1380, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMB2351, SMR525, SMR526, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3925, WTR4905, WTR5975, WTR6955
Patch*

CVE-2020-11250

CVE ID CVE-2020-11250
Title Use After Free in DSP Services
Description Use after free due to race condition when reopening the device driver repeatedly
Technology Area DSP Service
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 07/16/2020
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8009W, APQ8017, APQ8053, AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, FSM10055, FSM10056, IPQ6010, IPQ6018, IPQ6028, IPQ8074A, IPQ8076A, IPQ8174, MSM8909W, MSM8917, MSM8953, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM855P, PM8909, PM8937, PM8953, PM8998, PMC1000H, PMD9655, PMI632, PMI8937, PMI8952, PMI8998, PMK7350, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMP8074, PMR525, PMR735A, PMR735B, PMW3100, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA4024, QCA6175A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCC1110, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5124, QCN5154, QCN9000, QCN9022, QCN9024, QCN9074, QCS405, QCS410, QCS610, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2520, QFE2550, QFE3340, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, QTM527, Qualcomm215, RSW8577, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD845, SD855, SD865 5G, SD888 5G, SDA429W, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR865, SDW3100, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SM7350, SMB1351, SMB1354, SMB1355, SMB1358, SMB1380, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMB2351, SMR525, SMR526, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3925, WTR4905, WTR5975, WTR6955
Patch*

CVE-2020-11261

CVE ID CVE-2020-11261
Title Improper Input Validation in Graphics
Description Memory corruption due to improper check to return error when user application requests memory allocation of a huge size
Technology Area Graphics
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 07/20/2020
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8953, PM8996, PM8998, PMC1000H, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8994, PMI8996, PMI8998, PMK7350, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9377, QCA9379, QCC1110, QCM2290, QCM4290, QCM6125, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2520, QFE2550, QFE3340, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, Qualcomm215, RGR7640AU, RSW8577, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD820, SD821, SD835, SD845, SD855, SD865 5G, SD888 5G, SDA429W, SDM429W, SDM630, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDW2500, SDW3100, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SM7350, SMB1350, SMB1351, SMB1354, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMB231, SMB2351, SMR525, SMR526, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3905, WTR3925, WTR3950, WTR4905, WTR5975, WTR6955
Patch*

CVE-2020-11262

CVE ID CVE-2020-11262
Title Use After Free in Graphics
Description A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue.
Technology Area Graphics
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 10/05/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9206, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8953, PM8998, PMC1000H, PMD9607, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8998, PMK7350, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9367, QCA9377, QCA9379, QCC1110, QCM2290, QCM4290, QCM6125, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2520, QFE2550, QFE3340, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, Qualcomm215, RGR7640AU, RSW8577, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD835, SD845, SD855, SD865 5G, SD888 5G, SDA429W, SDM429W, SDM630, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDW3100, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SM7350, SMB1350, SMB1351, SMB1354, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMB231, SMB2351, SMR525, SMR526, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3925, WTR4905, WTR5975, WTR6955
Patch*

CVE-2020-11160

CVE ID CVE-2020-11160
Title Integer Overflow or Wraparound issues in Diag Services
Description Resource leakage issue during dci client registration due to reference count is not decremented if dci client registration fails
Technology Area Core Services
Vulnerability Type CWE-190 Integer Overflow or Wraparound
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.7
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported 03/07/2020
Customer Notified Date 07/06/2020
Affected Chipsets* APQ8096AU, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, MDM9650, PM215, PM3003A, PM6125, PM6150, PM6150L, PM640A, PM640L, PM640P, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM855, PM855B, PM855L, PM855P, PM8916, PMC1000H, PMD9655, PMI632, PMK8002, PMM6155AU, PMM8155AU, PMM855AU, PMM8996AU, PMR525, PMX55, QAT3519, QAT3522, QAT3550, QAT3555, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6426, QCA6430, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9379, QCS405, QCS410, QCS610, QDM2301, QDM2302, QET4100, QET4101, QFS2530, QFS2580, QLN1030, QPA4360, QPA4361, QPA6560, QPA8673, QPM5541, QPM5577, QPM5579, QPM6325, QPM6375, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC801S, QTM525, QTM527, Qualcomm215, SA6145P, SA6155P, SA8155, SA8155P, SD 8C, SD 8CX, SD460, SD662, SD665, SD675, SD855, SD865 5G, SDA429W, SDM429W, SDR425, SDR660, SDR8150, SDR8250, SDR865, SDX55, SDX55M, SMB1351, SMB1354, SMB1355, SMB1381, SMB1390, SMB2351, SMR525, SMR526, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3950, WCN3980, WCN3988, WCN3998, WCN3999, WCN6850, WCN6851, WGR7640, WSA8810, WSA8815, WTR2965, WTR3925, WTR5975
Patch*

* Data is generated only at the time of bulletin creation

Industry Coordination

Security ratings of issues included in Android security bulletins and these bulletins match in the most common scenarios but may differ in some cases due to one of the following reasons:

  • Consideration of security protections such as SELinux not enforced on some platforms
  • Differences in assessment of some specific scenarios that involves local denial of service or privilege escalation vulnerabilities in the high level OS kernel

Version History

Version Date Comments
1.0 January 4, 2021 Bulletin Published

All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.

This technical data may be subject to U.S. and international export, re-export, or transfer (“export”) laws. Diversion contrary to U.S. and international law is strictly prohibited.

© 2020 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.

©2021 Qualcomm Technologies, Inc. and/or its affiliated companies.

References to "Qualcomm" may mean Qualcomm Incorporated, or subsidiaries or business units within the Qualcomm corporate structure, as applicable.

Qualcomm Incorporated includes Qualcomm's licensing business, QTL, and the vast majority of its patent portfolio. Qualcomm Technologies, Inc., a wholly-owned subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of Qualcomm's engineering, research and development functions, and substantially all of its products and services businesses. Qualcomm products referenced on this page are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Materials that are as of a specific date, including but not limited to press releases, presentations, blog posts and webcasts, may have been superseded by subsequent events or disclosures.

Nothing in these materials is an offer to sell any of the components or devices referenced herein.