Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Qualcomm
  • Qsm8250 Firmware
  • Sxr2130
  • Msm8976sg Firmware
  • Apq8098
  • Qsm8250
  • Sm8150p Firmware
  • Msm8952 Firmware
  • Qcs410 Firmware
  • Sa6155 Firmware
  • Sdx55
  • Sm7250p Firmware
  • Sm6115
  • Apq8096
  • Msm8952
  • Sa6150p
  • Sdm660
  • Qcs6125 Firmware
  • Sa6145p
  • Sc7180
  • Apq8076 Firmware
  • Sxr2130p Firmware
  • Sm6350
  • Sm6125 Firmware
  • Apq8052
  • Qcs610 Firmware
  • Sm7250 Firmware
  • Mdm9655
  • Sdm850
  • Sa8155 Firmware
  • Sm7225 Firmware
  • Sxr2130 Firmware
  • Sm6150p
  • Msm8998 Firmware
  • Sda660
  • Apq8052 Firmware
  • Sm4250p Firmware
  • Sdm660 Firmware
  • Sda845 Firmware
  • Sm7150 Firmware
  • Sm6150 Firmware
  • Sdx55m
  • Apq8096 Firmware
  • Msm8976sg
  • Msm8996sg
  • Sda855
  • Sm7150p Firmware
  • Sdm845
  • Sm4250 Firmware
  • Sxr2130p
  • Msm8956
  • Sm7225
  • Sa8150p Firmware
  • Apq8098 Firmware
  • Sm6150p Firmware
  • Sm6250p Firmware
  • Sa6155
  • Msm8996
  • Qcm6125 Firmware
  • Sm6350 Firmware
  • Msm8996 Firmware
  • Sc7180 Firmware
  • Sdx50m
  • Sa6145p Firmware
  • Sa6155p
  • Sm4250
  • Qcs6125
  • Sda845
  • Sdm640
  • Sm6250 Firmware
  • Sm6150
  • Sda660 Firmware
  • Sm8150p
  • Mdm9655 Firmware
  • Sm6250p
  • Msm8996sg Firmware
  • Qcs410
  • Sda640
  • Sm6250
  • Sm8150 Firmware
  • Qcm4290
  • Sm4250p
  • Sa8195p
  • Sm8150
  • Sa8155p Firmware
  • Sm7150p
  • Qcs4290 Firmware
  • Msm8998
  • Sm8250
  • Msm8976
  • Sa8155
  • Sdm830
  • Sm8250 Firmware
  • Sdx55m Firmware
  • Sdm640 Firmware
  • Apq8056 Firmware
  • Sm6125
  • Qcs4290
  • Sda855 Firmware
  • Sa8195p Firmware
  • Sdx55 Firmware
  • Sda640 Firmware
  • Sm6115p
  • Sm7250
  • Sa8150p
  • Apq8076
  • Sm6115 Firmware
  • Sa8155p
  • Sm6115p Firmware
  • Qcm6125
  • Qcm4290 Firmware
  • Sm7125
  • Sm7125 Firmware
  • Sm7250p
  • Sdx50m Firmware
  • Apq8056
  • Qcs610
  • Sdm830 Firmware
  • Msm8976 Firmware
  • Msm8956 Firmware
  • Sa6150p Firmware
  • Sdm850 Firmware
  • Sa6155p Firmware
  • Sm7150
  • Sdm845 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:qualcomm:apq8052_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:apq8052:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:qualcomm:apq8056_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:apq8056:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:qualcomm:apq8076_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:apq8076:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:qualcomm:apq8096_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:apq8096:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:qualcomm:apq8098_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:apq8098:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:qualcomm:msm8952_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8952:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:qualcomm:msm8956_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8956:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:qualcomm:msm8976_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8976:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:qualcomm:msm8976sg_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8976sg:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:qualcomm:msm8996_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8996:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:qualcomm:msm8996sg_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8996sg:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcm4290:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcm6125:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs410:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs4290:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcs6125:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qsm8250:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:qualcomm:sa6150p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8155:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND
cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND
cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sc7180:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND
cpe:2.3:o:qualcomm:sda640_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sda640:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND
cpe:2.3:o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sda845:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND
cpe:2.3:o:qualcomm:sda855_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sda855:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND
cpe:2.3:o:qualcomm:sdm640_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm640:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND
cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND
cpe:2.3:o:qualcomm:sdm830_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm830:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND
cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm845:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND
cpe:2.3:o:qualcomm:sdm850_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdm850:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND
cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdx50m:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND
cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND
cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdx55m:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND
cpe:2.3:o:qualcomm:sm4250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm4250:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND
cpe:2.3:o:qualcomm:sm4250p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm4250p:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND
cpe:2.3:o:qualcomm:sm6115_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm6115:-:*:*:*:*:*:*:*

Configuration 45 [-]

AND
cpe:2.3:o:qualcomm:sm6115p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm6115p:-:*:*:*:*:*:*:*

Configuration 46 [-]

AND
cpe:2.3:o:qualcomm:sm6125_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm6125:-:*:*:*:*:*:*:*

Configuration 47 [-]

AND
cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*

Configuration 48 [-]

AND
cpe:2.3:o:qualcomm:sm6150p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm6150p:-:*:*:*:*:*:*:*

Configuration 49 [-]

AND
cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm6250:-:*:*:*:*:*:*:*

Configuration 50 [-]

AND
cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm6250p:-:*:*:*:*:*:*:*

Configuration 51 [-]

AND
cpe:2.3:o:qualcomm:sm6350_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm6350:-:*:*:*:*:*:*:*

Configuration 52 [-]

AND
cpe:2.3:o:qualcomm:sm7125_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm7125:-:*:*:*:*:*:*:*

Configuration 53 [-]

AND
cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*

Configuration 54 [-]

AND
cpe:2.3:o:qualcomm:sm7150p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm7150p:-:*:*:*:*:*:*:*

Configuration 55 [-]

AND
cpe:2.3:o:qualcomm:sm7225_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm7225:-:*:*:*:*:*:*:*

Configuration 56 [-]

AND
cpe:2.3:o:qualcomm:sm7250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm7250:-:*:*:*:*:*:*:*

Configuration 57 [-]

AND
cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm7250p:-:*:*:*:*:*:*:*

Configuration 58 [-]

AND
cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*

Configuration 59 [-]

AND
cpe:2.3:o:qualcomm:sm8150p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8150p:-:*:*:*:*:*:*:*

Configuration 60 [-]

AND
cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*

Configuration 61 [-]

AND
cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*

Configuration 62 [-]

AND
cpe:2.3:o:qualcomm:sxr2130p_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sxr2130p:-:*:*:*:*:*:*:*
References
Link Resource
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/ Third Party Advisory
https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/ Exploit Third Party Advisory
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: qualcomm

Published: 2020-11-12T10:00:58

Updated: 2021-05-10T12:13:27

Reserved: 2020-03-31T00:00:00

Link: CVE-2020-11207

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2020-11-12T10:15:13.107

Modified: 2022-10-19T15:51:39.133

Link: CVE-2020-11207

JSON object: View

cve-icon Redhat Information

No data.

CWE