CVE-2020-11127 — HIGH (7.8)

Vulnerability Description

u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCM4290, QCS405, QCS410, QCS4290, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA845, SDA855, SDM1000, SDM640, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qualcomm	Mdm9205 Firmware	-
Qualcomm	Mdm9205	-
Qualcomm	Qcm4290 Firmware	-
Qualcomm	Qcm4290	-
Qualcomm	Qcs405 Firmware	-
Qualcomm	Qcs405	-
Qualcomm	Qcs410 Firmware	-
Qualcomm	Qcs410	-
Qualcomm	Qcs4290 Firmware	-
Qualcomm	Qcs4290	-
Qualcomm	Qcs610 Firmware	-
Qualcomm	Qcs610	-
Qualcomm	Qsm8250 Firmware	-
Qualcomm	Qsm8250	-
Qualcomm	Sa415M Firmware	-
Qualcomm	Sa415M	-
Qualcomm	Sa515M Firmware	-
Qualcomm	Sa515M	-
Qualcomm	Sa6145P Firmware	-
Qualcomm	Sa6145P	-

Related Weaknesses (CWE)

CWE-190

References

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletVendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletVendor Advisory

FAQ

What is CVE-2020-11127?

CVE-2020-11127 is a vulnerability with a CVSS score of 7.8 (HIGH). u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snap...

How severe is CVE-2020-11127?

CVE-2020-11127 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-11127?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Mdm9205 Firmware, Qualcomm Mdm9205, Qualcomm Qcm4290 Firmware, Qualcomm Qcm4290, Qualcomm Qcs405 Firmware.