Vulnerability Description
Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Apq8098 Firmware | - |
| Qualcomm | Apq8098 | - |
| Qualcomm | Msm8998 Firmware | - |
| Qualcomm | Msm8998 | - |
| Qualcomm | Qcm4290 Firmware | - |
| Qualcomm | Qcm4290 | - |
| Qualcomm | Qcm6125 Firmware | - |
| Qualcomm | Qcm6125 | - |
| Qualcomm | Qcs410 Firmware | - |
| Qualcomm | Qcs410 | - |
| Qualcomm | Qcs4290 Firmware | - |
| Qualcomm | Qcs4290 | - |
| Qualcomm | Qcs610 Firmware | - |
| Qualcomm | Qcs610 | - |
| Qualcomm | Qcs6125 Firmware | - |
| Qualcomm | Qcs6125 | - |
| Qualcomm | Qsm8250 Firmware | - |
| Qualcomm | Qsm8250 | - |
| Qualcomm | Qsm8350 Firmware | - |
| Qualcomm | Qsm8350 | - |
References
- https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/Third Party Advisory
- https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ExploitThird Party Advisory
- https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletVendor Advisory
- https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/Third Party Advisory
- https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ExploitThird Party Advisory
- https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletVendor Advisory
FAQ
What is CVE-2020-11206?
CVE-2020-11206 is a vulnerability with a CVSS score of 7.8 (HIGH). Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Indust...
How severe is CVE-2020-11206?
CVE-2020-11206 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11206?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Apq8098 Firmware, Qualcomm Apq8098, Qualcomm Msm8998 Firmware, Qualcomm Msm8998, Qualcomm Qcm4290 Firmware.