CVE-2020-11196

Published: Nov 12, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096, APQ8096AU, APQ8096SG, APQ8098, MDM9206, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QM215, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SDA429W, SDA640, SDA660, SDA670, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM455, SDM630, SDM632, SDM636, SDM640, SDM660, SDM670, SDM710, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330

Affected (92)

Products: Qualcomm: Apq8009 Firmware, Apq8009w Firmware, Apq8017 Firmware, Apq8037 Firmware, Apq8053 Firmware, Apq8064au Firmware, Apq8096 Firmware, Apq8096au Firmware, Apq8096sg Firmware, Apq8098 Firmware, Mdm9206 Firmware, Mdm9650 Firmware, Msm8905 Firmware, Msm8909 Firmware, Msm8909w Firmware, Msm8917 Firmware, Msm8920 Firmware, Msm8937 Firmware, Msm8940 Firmware, Msm8953 Firmware, Msm8996 Firmware, Msm8996au Firmware, Msm8996sg Firmware, Msm8998 Firmware, Qcm4290 Firmware, Qcm6125 Firmware, Qcs405 Firmware, Qcs410 Firmware, Qcs4290 Firmware, Qcs603 Firmware, Qcs605 Firmware, Qcs610 Firmware, Qcs6125 Firmware, Qm215 Firmware, Sa6145 Firmware, Sa6150p Firmware, Sa6155 Firmware, Sa6155p Firmware, Sa8150p Firmware, Sa8155 Firmware, Sa8155p Firmware, Sa8195p Firmware, Sda429w Firmware, Sda640 Firmware, Sda660 Firmware, Sda670 Firmware, Sda845 Firmware, Sdm429 Firmware, Sdm429w Firmware, Sdm439 Firmware, Sdm450 Firmware, Sdm455 Firmware, Sdm630 Firmware, Sdm632 Firmware, Sdm636 Firmware, Sdm640 Firmware, Sdm660 Firmware, Sdm670 Firmware, Sdm710 Firmware, Sdm830 Firmware, Sdm845 Firmware, Sdw2500 Firmware, Sdx20 Firmware, Sdx20m Firmware, Sdx50m Firmware, Sdx55 Firmware, Sdx55m Firmware, Sm4125 Firmware, Sm4250 Firmware, Sm4250p Firmware, Sm6115 Firmware, Sm6115p Firmware, Sm6125 Firmware, Sm6150 Firmware, Sm6150p Firmware, Sm6250 Firmware, Sm6250p Firmware, Sm6350 Firmware, Sm7125 Firmware, Sm7150 Firmware, Sm7150p Firmware, Sm7225 Firmware, Sm7250 Firmware, Sm7250p Firmware, Sm8150 Firmware, Sm8150p Firmware, Sm8250 Firmware, Sxr1120 Firmware, Sxr1130 Firmware, Sxr2130 Firmware, Sxr2130p Firmware, Wcd9330 Firmware

92 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8009 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8009	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8009w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8009w	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8017 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8017	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8037 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8037	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8053 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8053	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8064au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8064au	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8096 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8096	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8096au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8096au	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8096sg Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8096sg	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8098 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8098	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9650 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9650	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8905 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8905	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8909 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8909	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8909w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8909w	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8917 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8917	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8920 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8920	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8937 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8937	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8940 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8940	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8953 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8953	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8996 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8996	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8996au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8996au	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8996sg Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8996sg	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8998 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8998	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcm4290 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcm4290	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcm6125 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcm6125	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs405 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs405	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs410 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs410	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs4290 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs4290	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs603 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs603	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs605 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs605	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs610 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs610	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs6125 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs6125	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qm215 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qm215	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa6145 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa6145	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa6150p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa6150p	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa6155 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa6155	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa6155p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa6155p	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa8150p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa8150p	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa8155 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa8155	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa8155p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa8155p	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa8195p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa8195p	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sda429w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sda429w	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sda640 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sda640	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sda660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sda660	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sda670 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sda670	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sda845 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sda845	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm429 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm429	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm429w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm429w	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm439 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm439	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm450 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm450	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm455 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm455	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm630 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm630	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm632 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm632	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm636 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm636	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm640 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm640	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm660 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm660	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm670 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm670	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm710 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm710	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm830 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm830	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm845 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm845	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdw2500 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdw2500	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx20 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx20	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx20m Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx20m	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx50m Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx50m	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx55 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx55	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx55m Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx55m	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm4125 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm4125	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm4250 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm4250	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm4250p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm4250p	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm6115 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm6115	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm6115p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm6115p	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm6125 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm6125	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm6150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm6150	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm6150p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm6150p	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm6250 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm6250	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm6250p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm6250p	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm6350 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm6350	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7125 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7125	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7150	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7150p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7150p	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7225 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7225	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7250 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7250	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7250p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7250p	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8150	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8150p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8150p	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8250 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8250	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sxr1120 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sxr1120	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sxr1130 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sxr1130	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sxr2130 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sxr2130	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sxr2130p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sxr2130p	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9330 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9330	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (2)

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Source: product-security@qualcomm.com

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.