CVE-2020-11127

high-risk

Published 2020-11-12

u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCM4290, QCS405, QCS410, QCS4290, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA845, SDA855, SDM1000, SDM640, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P

Do I need to act?

0.03% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Mdm9205 Firmware

Qcm4290 Firmware

Qcs405 Firmware

Qcs410 Firmware

Qcs4290 Firmware

Qcs610 Firmware

Qsm8250 Firmware

Sa415M Firmware

Sa515M Firmware

Sa6145P Firmware

Sa6150P Firmware

Sa6155 Firmware

Sa6155P Firmware

Sa8150P Firmware

Sa8155 Firmware

Sa8155P Firmware

Sa8195P Firmware

Sc7180 Firmware

Sc8180X Firmware

Sdx55 Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/november-2020-bullet...

/ 100

high-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 26/34 · High