CVE-2020-11132 : u'Buffer over read in boot due to size check ignored before copying GUID attribu

u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA670, SDA845, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330

Published 2020-11-12 10:15:12

Updated 2020-11-19 18:21:37

Source Qualcomm, Inc.

View at NVD, CVE.org

Products affected by CVE-2020-11132

Qualcomm » Mdm9206 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9206 » Version: N/A
Qualcomm » Mdm9607 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9607 » Version: N/A
Qualcomm » Mdm9650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9650 » Version: N/A
Qualcomm » Apq8096au Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8096au » Version: N/A
Qualcomm » Sdm845 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm845 » Version: N/A
Qualcomm » Msm8998 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8998 » Version: N/A
Qualcomm » Sdm710 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm710 » Version: N/A
Qualcomm » Sda845 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda845 » Version: N/A
Qualcomm » Sdx24 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx24 » Version: N/A
Qualcomm » Sxr1130 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr1130 » Version: N/A
Qualcomm » Mdm9150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9150 » Version: N/A
Qualcomm » Qcs605 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs605 » Version: N/A
Qualcomm » Sm7150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7150 » Version: N/A
Qualcomm » Qcs405 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs405 » Version: N/A
Qualcomm » Msm8909 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8909_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8909 » Version: N/A
Qualcomm » Mdm9205 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9205_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9205 » Version: N/A
Qualcomm » Apq8009 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8009 » Version: N/A
Qualcomm » Sdx55 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55 » Version: N/A
Qualcomm » Sm6150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6150 » Version: N/A
Qualcomm » Sm8150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8150 » Version: N/A
Qualcomm » Apq8098 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8098_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8098 » Version: N/A
Qualcomm » Msm8905 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8905_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8905 » Version: N/A
Qualcomm » Sc8180x Firmware » Version: N/A
cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sc8180x » Version: N/A
Qualcomm » Sdm670 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm670_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm670 » Version: N/A
Qualcomm » Sdm850 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm850_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm850 » Version: N/A
Qualcomm » Sm8250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8250 » Version: N/A
Qualcomm » Sxr2130 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr2130 » Version: N/A
Qualcomm » Sa6155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6155p » Version: N/A
Qualcomm » Sc7180 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sc7180 » Version: N/A
Qualcomm » Qcs610 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs610 » Version: N/A
Qualcomm » Sa415m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa415m » Version: N/A
Qualcomm » Sa515m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa515m » Version: N/A
Qualcomm » Sa8155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8155p » Version: N/A
Qualcomm » Mdm9250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9250 » Version: N/A
Qualcomm » Mdm9628 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9628 » Version: N/A
Qualcomm » Wcd9330 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9330 » Version: N/A
Qualcomm » Qcm4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm4290 » Version: N/A
Qualcomm » Qcs4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs4290 » Version: N/A
Qualcomm » Qcs603 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs603 » Version: N/A
Qualcomm » Sa6155 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6155 » Version: N/A
Qualcomm » Sa8155 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8155 » Version: N/A
Qualcomm » Sda640 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda640_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda640 » Version: N/A
Qualcomm » Sda855 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda855_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda855 » Version: N/A
Qualcomm » Sdm1000 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm1000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm1000 » Version: N/A
Qualcomm » Sdm640 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm640_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm640 » Version: N/A
Qualcomm » Sdm830 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm830_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm830 » Version: N/A
Qualcomm » Sdx50m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx50m » Version: N/A
Qualcomm » Sdx55m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55m » Version: N/A
Qualcomm » Sm4250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4250 » Version: N/A
Qualcomm » Sm4250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4250p » Version: N/A
Qualcomm » Sm6115 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6115_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6115 » Version: N/A
Qualcomm » Sm6115p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6115p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6115p » Version: N/A
Qualcomm » Sm6125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6125 » Version: N/A
Qualcomm » Sm6250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6250 » Version: N/A
Qualcomm » Sm6350 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6350_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6350 » Version: N/A
Qualcomm » Sm7125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7125 » Version: N/A
Qualcomm » Sm7225 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7225_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7225 » Version: N/A
Qualcomm » Sm7250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7250 » Version: N/A
Qualcomm » Sm7250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7250p » Version: N/A
Qualcomm » Sm8150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8150p » Version: N/A
Qualcomm » Sxr2130p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr2130p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr2130p » Version: N/A
Qualcomm » Sa6145p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6145p » Version: N/A
Qualcomm » Sa6150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6150p » Version: N/A
Qualcomm » Sa8150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8150p » Version: N/A
Qualcomm » Sa8195p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8195p » Version: N/A
Qualcomm » Qcs410 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs410 » Version: N/A
Qualcomm » Qsm8250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qsm8250 » Version: N/A
Qualcomm » Sm6150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6150p » Version: N/A
Qualcomm » Sm6250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6250p » Version: N/A
Qualcomm » Sm7150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7150p » Version: N/A
Qualcomm » Sda670 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda670_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda670 » Version: N/A
Qualcomm » Sm4125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4125 » Version: N/A
Qualcomm » Sxr1120 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr1120_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr1120 » Version: N/A
Qualcomm » Sc8180xp Firmware » Version: N/A
cpe:2.3:o:qualcomm:sc8180xp_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sc8180xp » Version: N/A
Qualcomm » Mdm8207 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm8207 » Version: N/A
Qualcomm » Mdm9207 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9207_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9207 » Version: N/A
Qualcomm » Msm8108 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8108_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8108 » Version: N/A
Qualcomm » Msm8208 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8208_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8208 » Version: N/A
Qualcomm » Msm8209 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8209_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8209 » Version: N/A
Qualcomm » Msm8608 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8608_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8608 » Version: N/A
Qualcomm » Sdm712 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm712_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm712 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-11132

EPSS FAQ

0.04%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-11132

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.6	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:P	3.9	4.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
7.1	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H	1.8	5.2	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High

CWE ids for CVE-2020-11132

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-11132

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Page not found
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-11132

Products affected by CVE-2020-11132

Exploit prediction scoring system (EPSS) score for CVE-2020-11132

CVSS scores for CVE-2020-11132

CWE ids for CVE-2020-11132

References for CVE-2020-11132