Vulnerability Description
u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9150, MDM9607, MDM9650, MSM8905, MSM8917, MSM8953, Nicobar, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Agatti Firmware | - |
| Qualcomm | Agatti | - |
| Qualcomm | Apq8009 Firmware | - |
| Qualcomm | Apq8009 | - |
| Qualcomm | Bitra Firmware | - |
| Qualcomm | Bitra | - |
| Qualcomm | Ipq4019 Firmware | - |
| Qualcomm | Ipq4019 | - |
| Qualcomm | Ipq5018 Firmware | - |
| Qualcomm | Ipq5018 | - |
| Qualcomm | Ipq6018 Firmware | - |
| Qualcomm | Ipq6018 | - |
| Qualcomm | Ipq8064 Firmware | - |
| Qualcomm | Ipq8064 | - |
| Qualcomm | Ipq8074 Firmware | - |
| Qualcomm | Ipq8074 | - |
| Qualcomm | Kamorta Firmware | - |
| Qualcomm | Kamorta | - |
| Qualcomm | Mdm9150 Firmware | - |
| Qualcomm | Mdm9150 | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletiBroken Link
- https://www.qualcomm.com/company/product-security/bulletins/october-2020-securitPatchVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletiBroken Link
FAQ
What is CVE-2020-11125?
CVE-2020-11125 is a vulnerability with a CVSS score of 7.8 (HIGH). u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon ...
How severe is CVE-2020-11125?
CVE-2020-11125 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11125?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Agatti Firmware, Qualcomm Agatti, Qualcomm Apq8009 Firmware, Qualcomm Apq8009, Qualcomm Bitra Firmware.