Details of VAR-202011-0124

ID

VAR-202011-0124

CVE

CVE-2020-11125

TITLE

plural Qualcomm Out-of-bounds write vulnerabilities in the product

Trust: 0.8

sources: JVNDB: JVNDB-2020-012935

DESCRIPTION

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9150, MDM9607, MDM9650, MSM8905, MSM8917, MSM8953, Nicobar, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Qualcomm The product contains a vulnerability related to out-of-bounds writing.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Qualcomm MDM9607, etc. are all products of Qualcomm. MDM9607 is a central processing unit (CPU) product. MDM9650 is a central processing unit (CPU) product. SDM660 is a central processing unit (CPU) product. QCS404 is a central processing unit (CPU) product. QCS605 is a central processing unit (CPU) product. SDX55 is a modem. SDM670 is a central processing unit (CPU) product. SDM710 is a central processing unit (CPU) product. MSM8917 is a central processing unit (CPU) product. SXR2130 is a central processing unit (CPU) product. SDM439 is a central processing unit (CPU) product. MSM8905 is a central processing unit (CPU) product. IPQ6018 is a central processing unit (CPU) product. QCA6390 is a central processing unit (CPU) product. Rennell is a central processing unit (CPU) product. Wire etc. are the products of individual developers. Wire is a chat software. Qualcomm APQ8009 is a central processing unit. Many Qualcomm products have buffer error vulnerabilities. The vulnerability stems from the lack of checking the channel id value received from the MHI device, and out-of-bounds access may occur

Trust: 2.25

sources: NVD: CVE-2020-11125 // JVNDB: JVNDB-2020-012935 // CNNVD: CNNVD-202010-303 // VULMON: CVE-2020-11125

AFFECTED PRODUCTS

vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sc8180x	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq6018	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs405	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	kamorta	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa8155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	agatti	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qrb5165	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4019	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr2130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs404	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9531	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa515m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm2150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	saipan	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa415m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6390	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8064	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	bitra	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa6155p	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	nicobar	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8905	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq5018	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	rennell	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	bitra	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	agatti	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq5018	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq6018	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq4019	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9150	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq8064	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq8074	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	kamorta	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012935 // NVD: CVE-2020-11125

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11125
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-11125
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-303
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-11125
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-11125
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-11125
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-012935 // CNNVD: CNNVD-202010-303 // NVD: CVE-2020-11125

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.0
problemtype:	Out-of-bounds writing (CWE-787) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012935 // NVD: CVE-2020-11125

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-303

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202010-303

PATCH

title:	October 2020 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin	Trust: 0.8
title:	Google Android Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129904	Trust: 0.6
title:	Threatpost	url:	https://threatpost.com/google-android-system-flaws/159948/	Trust: 0.1

sources: VULMON: CVE-2020-11125 // JVNDB: JVNDB-2020-012935 // CNNVD: CNNVD-202010-303

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11125	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-012935	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3453	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-303	Trust: 0.6
db:	VULMON	id:	CVE-2020-11125	Trust: 0.1

sources: VULMON: CVE-2020-11125 // JVNDB: JVNDB-2020-012935 // CNNVD: CNNVD-202010-303 // NVD: CVE-2020-11125

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin	Trust: 1.7
url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11125	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3453/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-october-2020-33491	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://threatpost.com/google-android-system-flaws/159948/	Trust: 0.1

sources: VULMON: CVE-2020-11125 // JVNDB: JVNDB-2020-012935 // CNNVD: CNNVD-202010-303 // NVD: CVE-2020-11125

SOURCES

db:	VULMON	id:	CVE-2020-11125
db:	JVNDB	id:	JVNDB-2020-012935
db:	CNNVD	id:	CNNVD-202010-303
db:	NVD	id:	CVE-2020-11125

LAST UPDATE DATE

2024-11-23T20:22:51.939000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-11125	date:	2020-11-09T00:00:00
db:	JVNDB	id:	JVNDB-2020-012935	date:	2021-06-15T06:01:00
db:	CNNVD	id:	CNNVD-202010-303	date:	2020-11-12T00:00:00
db:	NVD	id:	CVE-2020-11125	date:	2024-11-21T04:56:52.183

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-11125	date:	2020-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-012935	date:	2021-06-15T00:00:00
db:	CNNVD	id:	CNNVD-202010-303	date:	2020-10-06T00:00:00
db:	NVD	id:	CVE-2020-11125	date:	2020-11-02T07:15:13.390