CVE-2020-11207

HIGH

Qualcomm Apq8052 Firmware - Buffer Overflow

Title source: rule

Description

Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/

Vendor Advisory x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Exploit, Third Party Advisory x_refsource_misc

https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 18.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-120

Status published

Products (50)

qualcomm/apq8052_firmware

qualcomm/apq8056_firmware

qualcomm/apq8076_firmware

qualcomm/apq8096_firmware

qualcomm/apq8098_firmware

qualcomm/mdm9655_firmware

qualcomm/msm8952_firmware

qualcomm/msm8956_firmware

qualcomm/msm8976_firmware

qualcomm/msm8976sg_firmware

... and 40 more

Published Nov 12, 2020

Tracked Since Feb 18, 2026