November 2020 Security Bulletin

Version 1.0

Published: 11/02/2020

This security bulletin is intended to help Qualcomm Technologies, Inc. (QTI) customers incorporate security updates in launched or upcoming devices. This document includes (i) a description of security vulnerabilities that have been addressed in QTI’s proprietary code and (ii) links to related code that has been contributed to Code Aurora Forum (CAF), a Linux Foundation Collaborative Project, to address security vulnerabilities for customers who incorporate Linux-based software from CAF into their devices.

Please reach out to [email protected] for any questions related to this bulletin.

Table of Contents

Announcements:
Acknowledgements:
Proprietary Software Issues:
Open Source Software Issues:
Industry Coordination:
Version History:

Announcements

We plan to publish CVSS scores, ratings and string values for all CVEs published in bulletins from November 2020 onwards.

Acknowledgements

We would like to thank these researchers for their contributions in reporting these issues to us.

CVE-2020-11123 Anonymous: Researcher requested not to be named
CVE-2020-11201, CVE-2020-11202, CVE-2020-11206, CVE-2020-11207 Slava Makkaveev Of Checkpoint
CVE-2020-11121, CVE-2020-11130 Reported to us through Google Android Security team; please see bulletins at https://source.android.com/security/overview/acknowledgements/ for individual credit information. For issues rated medium or lower, the individual credit information may appear in a future Android major release bulletin.
CVE-2020-11131 Yang Xiao @ VARAS_IIE
CVE-2020-11132 Qi Zhao and Guang Gong 360 Alpha Lab working with 360 BugCloud(https://bugcloud.360.cn/)

Proprietary Software Issues

The tables below summarize security vulnerabilities that were addressed through proprietary software

This table list high impact security vulnerabilities. Patches have been released for affected products. OEMs have been notified and strongly recommended to release patches on end devices.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2020-3639 Critical Critical Data Modem Internal
CVE-2020-11123 High High HLOS 12/04/2019
CVE-2020-11127 High High QTEE Internal
CVE-2020-11168 High High Video Internal
CVE-2020-11175 High High Bluetooth HOST Internal
CVE-2020-11184 High High Video Internal
CVE-2020-11193 High High Video Internal
CVE-2020-11196 High High Video Internal
CVE-2020-11201 High High Video 02/21/2020
CVE-2020-11202 High High Video 02/12/2020
CVE-2020-11205 High High BT Controller Internal
CVE-2020-11206 High High ComputerVision 02/14/2020
CVE-2020-11207 High High ComputerVision 02/21/2020
CVE-2020-3632 High High HWEngines Internal
CVE-2020-11208 High High DSP Internal
CVE-2020-11209 High High DSP Internal

This table list moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2020-11132 Medium Medium Boot 01/20/2020

CVE-2020-3639

CVE ID CVE-2020-3639
Title Improper Validation of Array Index in Modem Data
Description When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overflow
Technology Area Data Modem
Vulnerability Type CWE-129 Improper Validation of Array Index
Access Vector Remote
Security Rating Critical
CVSS Rating Critical
CVSS Score 9.8
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 05/04/2020
Affected Chipsets* APQ8009, APQ8017, APQ8037, APQ8053, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA415M, SA6145P, SA6150P, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8350, SM8350P, SXR1120, SXR1130

CVE-2020-11123

CVE ID CVE-2020-11123
Title Cryptographic Issue in HLOS
Description information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting user`s lock-screen password can be bypassed by performing the standard gatekeeper operations.
Technology Area HLOS
Vulnerability Type CWE-310 Cryptographic Issues
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 7.1
CVSS String CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Date Reported 12/04/2019
Customer Notified Date 05/04/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QM215, QSM8250, QSM8350, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180XP, SDA429W, SDA640, SDA660, SDA670, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDW2500, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330

CVE-2020-11127

CVE ID CVE-2020-11127
Title Integer Overflow to Buffer Overflow in QTEE
Description Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded
Technology Area QTEE
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 05/04/2020
Affected Chipsets* MDM9205, QCM4290, QCS405, QCS410, QCS4290, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA845, SDA855, SDM1000, SDM640, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P

CVE-2020-11168

CVE ID CVE-2020-11168
Title Untrusted Pointer Dereference Issue in Video
Description Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range
Technology Area Video
Vulnerability Type CWE-822 Untrusted Pointer Dereference
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.3
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Date Reported Internal
Customer Notified Date 08/03/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, APQ8098, MDM9206, MDM9650, MSM8909W, MSM8953, MSM8996AU, QCM4290, QCS405, QCS4290, QCS603, QCS605, QM215, QSM8350, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM450, SDM632, SDM640, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P, WCD9330

CVE-2020-11175

CVE ID CVE-2020-11175
Title Use After Free Issue in Bluetooth Host
Description Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.
Technology Area Bluetooth HOST
Vulnerability Type CWE-416 Use After Free
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score  8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 08/03/2020
Affected Chipsets* APQ8009W, MSM8909W, QCS605, QM215, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6350, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P

CVE-2020-11184

CVE ID CVE-2020-11184
Title Integer Overflow to Buffer Overflow in Video
Description Possible buffer overflow will occur in video while parsing mp4 clip with crafted esds atom size.
Technology Area Video
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score  7.3
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Date Reported Internal
Customer Notified Date 08/03/2020
Affected Chipsets* QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

CVE-2020-11193

CVE ID CVE-2020-11193
Title Integer Overflow to Buffer Overflow Issue in Video
Description Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize
Technology Area Video
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Remote
Security Rating High
CVSS Rating High 
CVSS Score 7.3
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Date Reported Internal
Customer Notified Date 08/03/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330

CVE-2020-11196

CVE ID CVE-2020-11196
Title Integer Overflow to Buffer Overflow in Video
Description Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries
Technology Area Video
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Remote
Security Rating High
CVSS Rating High
CVSS Score 7.3
CVSS String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Date Reported Internal
Customer Notified Date 08/03/2020
Affected Chipsets* APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330

CVE-2020-11201

CVE ID CVE-2020-11201
Title Untrusted Pointer Dereference in Video
Description Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side
Technology Area Video
Vulnerability Type CWE-822 Untrusted Pointer Dereference
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 02/21/2020
Customer Notified Date 07/24/2020
Affected Chipsets* QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P

CVE-2020-11202

CVE ID CVE-2020-11202
Title Improper Input Validation in Video
Description Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure
Technology Area Video
Vulnerability Type CWE-20 Improper Input Validation
Access Vector Local
Security Rating High
CVSS Rating  High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 02/12/2020
Customer Notified Date 07/24/2020
Affected Chipsets* QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA845, SDM640, SDM670, SDM710, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P

CVE-2020-11205

CVE ID CVE-2020-11205
Title Integer Overflow or Wraparound issues in Bluetooth SOC
Description Possible integer overflow to heap overflow while processing command due to lack of check of packet length received
Technology Area BT Controller
Vulnerability Type CWE-190 Integer Overflow or Wraparound
Access Vector Local
Security Rating High
CVSS Rating  High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 08/03/2020
Affected Chipsets* QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

CVE-2020-11206

CVE ID CVE-2020-11206
Title Untrusted Pointer Dereference in ComputerVision
Description Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters
Technology Area ComputerVision
Vulnerability Type CWE-822 Untrusted Pointer Dereference
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 02/14/2020
Customer Notified Date 07/24/2020
Affected Chipsets* APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

CVE-2020-11207

CVE ID CVE-2020-11207
Title Buffer Copy Without Checking Size of Input in Computer Vision
Description Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length
Technology Area ComputerVision
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating High
CVSS Rating High
CVSS Score 8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported 02/21/2020
Customer Notified Date 07/24/2020
Affected Chipsets* APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P

CVE-2020-3632

CVE ID CVE-2020-3632
Title Improper Validation of Array Index in MHI Ring Validation
Description Incorrect validation of ring context fetched from host memory can lead to memory overflow
Technology Area HWEngines
Vulnerability Type CWE-129 Improper Validation of Array Index
Access Vector Local
Security Rating High
CVSS Rating High  
CVSS Score 8.4  
CVSS String  CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 05/04/2020
Affected Chipsets* QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

CVE-2020-11132

CVE ID CVE-2020-11132
Title Buffer Over read Issue in Boot
Description Buffer over read in boot due to size check ignored before copying GUID attribute from request to response
Technology Area Boot
Vulnerability Type CWE-126 Buffer Over-read
Access Vector Local
Security Rating Medium
CVSS Rating  Medium
CVSS Score 5.1  
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L  
Date Reported 01/20/2020
Customer Notified Date 05/04/2020
Affected Chipsets* APQ8009, APQ8096AU, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA670, SDA845, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330

CVE-2020-11208

CVE ID CVE-2020-11208
Title Buffer Overflow in DSP Process
Description Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument
Technology Area DSP
Vulnerability Type CWE-191 Integer Underflow (Wrap or Wraparound)
Access Vector Local
Security Rating High
CVSS Rating  High
CVSS Score 8.4  
CVSS String  CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Date Reported Internal
Customer Notified Date 07/24/2020
Affected Chipsets* SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

CVE-2020-11209

CVE ID CVE-2020-11209
Title Improper Authorization in DSP Process
Description Improper authorization in DSP process could allow unauthorized users to downgrade the library versions
Technology Area DSP
Vulnerability Type CWE-285 Improper Authorization
Access Vector Local
Security Rating High
CVSS Rating High  
CVSS Score  8.4
CVSS String CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H  
Date Reported Internal
Customer Notified Date 07/24/2020
Affected Chipsets* SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439

* Data is generated only at the time of bulletin creation

Open Source Software Issues

The tables below summarize security vulnerabilities that were addressed through open source software

 

This table list moderate security vulnerabilities. OEMs have been notified and encouraged to patch these issues.

Public ID Security Rating CVSS Rating Technology Area Date Reported
CVE-2020-11121 Medium Medium WLAN HOST 01/03/2020
CVE-2020-11130 Medium Medium WLAN HOST 01/03/2020
CVE-2020-11131 Medium Medium WLAN HOST 10/01/2019

CVE-2020-11121

CVE ID CVE-2020-11121
Title Buffer Copy Without Checking Size of Input in WLAN
Description Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer
Technology Area WLAN HOST
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.7
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported 01/03/2020
Customer Notified Date 05/04/2020
Affected Chipsets* QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P
Patch*

CVE-2020-11130

CVE ID CVE-2020-11130
Title Buffer Copy Without Checking Size of Input in WLAN
Description Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length
Technology Area WLAN HOST
Vulnerability Type CWE-120 Buffer Copy Without Checking Size of Input ('Classic Buffer Overflow')
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.7
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported 01/03/2020
Customer Notified Date 05/04/2020
Affected Chipsets* QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P
Patch*

CVE-2020-11131

CVE ID CVE-2020-11131
Title Integer Overflow to Buffer Overflow in WLAN
Description Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space
Technology Area WLAN HOST
Vulnerability Type CWE-680 Integer Overflow to Buffer Overflow
Access Vector Local
Security Rating Medium
CVSS Rating Medium
CVSS Score 6.7
CVSS String CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Date Reported 10/01/2019
Customer Notified Date 05/04/2020
Affected Chipsets* APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9250, MDM9628, MDM9640, MDM9650, MSM8996AU, QCS405, SDA845, SDX20, SDX20M, WCD9330
Patch*

* Data is generated only at the time of bulletin creation  

Industry Coordination

Security ratings of issues included in Android security
bulletins and these bulletins match in the most common scenarios but may
differ in some cases due to one of the following reasons:

  • Consideration of security protections such as SELinux not enforced on some platforms

     

  • Differences in assessment of some specific
    scenarios that involves local denial of service or privilege escalation
    vulnerabilities in the high level OS kernel

Version History

Version Date Comments
1.0 November 2, 2020 Bulletin Published

All Qualcomm products mentioned herein are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Qualcomm is a trademark of Qualcomm Incorporated, registered in the United States and other countries. Other product and brand names may be trademarks or registered trademarks of their respective owners.

This technical data may be subject to U.S. and international export, re-export, or transfer ("export") laws. Diversion contrary to U.S. and international law is strictly prohibited.

Qualcomm Technologies, Inc.
5775 Morehouse Drive
San Diego, CA 92121
U.S.A.

© 2020 Qualcomm Technologies, Inc. and/or its subsidiaries. All rights reserved.

©2021 Qualcomm Technologies, Inc. and/or its affiliated companies.

References to "Qualcomm" may mean Qualcomm Incorporated, or subsidiaries or business units within the Qualcomm corporate structure, as applicable.

Qualcomm Incorporated includes Qualcomm's licensing business, QTL, and the vast majority of its patent portfolio. Qualcomm Technologies, Inc., a wholly-owned subsidiary of Qualcomm Incorporated, operates, along with its subsidiaries, substantially all of Qualcomm's engineering, research and development functions, and substantially all of its products and services businesses. Qualcomm products referenced on this page are products of Qualcomm Technologies, Inc. and/or its subsidiaries.

Materials that are as of a specific date, including but not limited to press releases, presentations, blog posts and webcasts, may have been superseded by subsequent events or disclosures.

Nothing in these materials is an offer to sell any of the components or devices referenced herein.