Vulnerability Description
Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA845, SDM640, SDM670, SDM710, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Qcm6125 Firmware | - |
| Qualcomm | Qcm6125 | - |
| Qualcomm | Qcs410 Firmware | - |
| Qualcomm | Qcs410 | - |
| Qualcomm | Qcs603 Firmware | - |
| Qualcomm | Qcs603 | - |
| Qualcomm | Qcs605 Firmware | - |
| Qualcomm | Qcs605 | - |
| Qualcomm | Qcs610 Firmware | - |
| Qualcomm | Qcs610 | - |
| Qualcomm | Qcs6125 Firmware | - |
| Qualcomm | Qcs6125 | - |
| Qualcomm | Sa6145P Firmware | - |
| Qualcomm | Sa6145P | - |
| Qualcomm | Sa6155 Firmware | - |
| Qualcomm | Sa6155 | - |
| Qualcomm | Sa6155P Firmware | - |
| Qualcomm | Sa6155P | - |
| Qualcomm | Sa8155 Firmware | - |
| Qualcomm | Sa8155 | - |
Related Weaknesses (CWE)
References
- https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/Third Party Advisory
- https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ExploitThird Party Advisory
- https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletBroken LinkVendor Advisory
- https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/Third Party Advisory
- https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ExploitThird Party Advisory
- https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletBroken LinkVendor Advisory
FAQ
What is CVE-2020-11202?
CVE-2020-11202 is a vulnerability with a CVSS score of 7.8 (HIGH). Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute,...
How severe is CVE-2020-11202?
CVE-2020-11202 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11202?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Qcm6125 Firmware, Qualcomm Qcm6125, Qualcomm Qcs410 Firmware, Qualcomm Qcs410, Qualcomm Qcs603 Firmware.