Vulnerability Description
Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Apq8052 Firmware | - |
| Qualcomm | Apq8052 | - |
| Qualcomm | Apq8056 Firmware | - |
| Qualcomm | Apq8056 | - |
| Qualcomm | Apq8076 Firmware | - |
| Qualcomm | Apq8076 | - |
| Qualcomm | Apq8096 Firmware | - |
| Qualcomm | Apq8096 | - |
| Qualcomm | Apq8098 Firmware | - |
| Qualcomm | Apq8098 | - |
| Qualcomm | Mdm9655 Firmware | - |
| Qualcomm | Mdm9655 | - |
| Qualcomm | Msm8952 Firmware | - |
| Qualcomm | Msm8952 | - |
| Qualcomm | Msm8956 Firmware | - |
| Qualcomm | Msm8956 | - |
| Qualcomm | Msm8976 Firmware | - |
| Qualcomm | Msm8976 | - |
| Qualcomm | Msm8976Sg Firmware | - |
| Qualcomm | Msm8976Sg | - |
Related Weaknesses (CWE)
References
- https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/Third Party Advisory
- https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ExploitThird Party Advisory
- https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletVendor Advisory
- https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/Third Party Advisory
- https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ExploitThird Party Advisory
- https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletVendor Advisory
FAQ
What is CVE-2020-11207?
CVE-2020-11207 is a vulnerability with a CVSS score of 7.8 (HIGH). Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon M...
How severe is CVE-2020-11207?
CVE-2020-11207 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11207?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Apq8052 Firmware, Qualcomm Apq8052, Qualcomm Apq8056 Firmware, Qualcomm Apq8056, Qualcomm Apq8076 Firmware.