CVE-2020-11132

HIGH

Qualcomm Snapdragon Firmware - Out-of-bounds Read in GUID Attribute Handling

Title source: llm
STIX 2.1

Description

u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA670, SDA845, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330

References (1)

Core 1

Scores

CVSS v3 7.1
EPSS 0.0018
EPSS Percentile 8.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Details

CWE
CWE-125
Status published
Products (50)
qualcomm/apq8009_firmware
qualcomm/apq8096au_firmware
qualcomm/apq8098_firmware
qualcomm/mdm8207_firmware
qualcomm/mdm9150_firmware
qualcomm/mdm9205_firmware
qualcomm/mdm9206_firmware
qualcomm/mdm9207_firmware
qualcomm/mdm9250_firmware
qualcomm/mdm9607_firmware
... and 40 more
Published Nov 12, 2020
Tracked Since Feb 18, 2026