CVE-2020-11206 : Possible buffer overflow in Fastrpc while handling received parameters due to la

Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

Published 2020-11-12 10:15:13

Updated 2022-10-19 17:12:53

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Overflow

Products affected by CVE-2020-11206

Qualcomm » Sdm660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm660 » Version: N/A
Qualcomm » Sdm845 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm845 » Version: N/A
Qualcomm » Msm8998 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8998 » Version: N/A
Qualcomm » Sda660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda660 » Version: N/A
Qualcomm » Sda845 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda845 » Version: N/A
Qualcomm » Sm7150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7150 » Version: N/A
Qualcomm » Sdx55 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55 » Version: N/A
Qualcomm » Sm6150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6150 » Version: N/A
Qualcomm » Sm8150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8150 » Version: N/A
Qualcomm » Apq8098 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8098_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8098 » Version: N/A
Qualcomm » Sdm850 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm850_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm850 » Version: N/A
Qualcomm » Sm8250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8250 » Version: N/A
Qualcomm » Sxr2130 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr2130 » Version: N/A
Qualcomm » Sa6155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6155p » Version: N/A
Qualcomm » Sc7180 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sc7180 » Version: N/A
Qualcomm » Qcs610 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs610 » Version: N/A
Qualcomm » Sa8155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8155p » Version: N/A
Qualcomm » Qcm4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm4290 » Version: N/A
Qualcomm » Qcs4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs4290 » Version: N/A
Qualcomm » Qsm8350 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qsm8350_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qsm8350 » Version: N/A
Qualcomm » Sa6155 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6155 » Version: N/A
Qualcomm » Sa8155 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8155 » Version: N/A
Qualcomm » Sda640 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda640_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda640 » Version: N/A
Qualcomm » Sda855 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda855_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda855 » Version: N/A
Qualcomm » Sdm640 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm640_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm640 » Version: N/A
Qualcomm » Sdm830 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm830_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm830 » Version: N/A
Qualcomm » Sdx50m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx50m » Version: N/A
Qualcomm » Sdx55m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55m » Version: N/A
Qualcomm » Sm4250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4250 » Version: N/A
Qualcomm » Sm4250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4250p » Version: N/A
Qualcomm » Sm6115 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6115_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6115 » Version: N/A
Qualcomm » Sm6115p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6115p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6115p » Version: N/A
Qualcomm » Sm6125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6125 » Version: N/A
Qualcomm » Sm6250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6250 » Version: N/A
Qualcomm » Sm6350 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6350_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6350 » Version: N/A
Qualcomm » Sm7125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7125 » Version: N/A
Qualcomm » Sm7225 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7225_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7225 » Version: N/A
Qualcomm » Sm7250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7250 » Version: N/A
Qualcomm » Sm7250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7250p » Version: N/A
Qualcomm » Sm8150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8150p » Version: N/A
Qualcomm » Sm8350 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8350_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8350 » Version: N/A
Qualcomm » Sm8350p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8350p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8350p » Version: N/A
Qualcomm » Sxr2130p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr2130p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr2130p » Version: N/A
Qualcomm » Sa6145p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6145p » Version: N/A
Qualcomm » Sa6150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6150p » Version: N/A
Qualcomm » Sa8150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8150p » Version: N/A
Qualcomm » Sa8195p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8195p » Version: N/A
Qualcomm » Qcm6125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm6125 » Version: N/A
Qualcomm » Qcs410 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs410 » Version: N/A
Qualcomm » Qcs6125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs6125 » Version: N/A
Qualcomm » Qsm8250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qsm8250 » Version: N/A
Qualcomm » Sm6150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6150p » Version: N/A
Qualcomm » Sm6250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6250p » Version: N/A
Qualcomm » Sm7150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7150p » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-11206

EPSS FAQ

0.66%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 70 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-11206

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2020-11206

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Page not found
Vendor Advisory

CVEs referencing this url
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/

Pwn2Own Qualcomm DSP - Check Point Research
Exploit;Third Party Advisory

CVEs referencing this url
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/

Achilles: Small chip, big peril. - Check Point Software
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-11206

Products affected by CVE-2020-11206

Exploit prediction scoring system (EPSS) score for CVE-2020-11206

CVSS scores for CVE-2020-11206

References for CVE-2020-11206