CVE-2020-11127

HIGH

Qualcomm Snapdragon Firmware - Integer Overflow Buffer Overflow in Extensible Boot Loader

Title source: llm
STIX 2.1

Description

u'Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCM4290, QCS405, QCS410, QCS4290, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA845, SDA855, SDM1000, SDM640, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P

References (1)

Core 1

Scores

CVSS v3 7.8
EPSS 0.0003
EPSS Percentile 10.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-190
Status published
Products (50)
qualcomm/mdm9205_firmware
qualcomm/qcm4290_firmware
qualcomm/qcs405_firmware
qualcomm/qcs410_firmware
qualcomm/qcs4290_firmware
qualcomm/qcs610_firmware
qualcomm/qsm8250_firmware
qualcomm/sa415m_firmware
qualcomm/sa515m_firmware
qualcomm/sa6145p_firmware
... and 40 more
Published Nov 12, 2020
Tracked Since Feb 18, 2026