CVE-2020-11131: Integer Overflow
First published: Thu Nov 12 2020(Updated: )
u'Possible buffer overflow in WMA message processing due to integer overflow occurs when processing command received from user space' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9250, MDM9628, MDM9640, MDM9650, MSM8996AU, QCS405, SDA845, SDX20, SDX20M, WCD9330
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Qualcomm Apq8009 | ||
| Qualcomm Apq8053 Firmware | ||
| Qualcomm Apq8053 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Mdm9206 Firmware | ||
| Qualcomm Mdm9206 | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Mdm9628 | ||
| Qualcomm Mdm9640 Firmware | ||
| Qualcomm Mdm9640 | ||
| Qualcomm Mdm9650 Firmware | ||
| Qualcomm Mdm9650 | ||
| Qualcomm Msm8996au Firmware | ||
| Qualcomm Msm8996au | ||
| Qualcomm Qcs405 Firmware | ||
| Qualcomm Qcs405 | ||
| Qualcomm Sda845 Firmware | ||
| Qualcomm Sda845 | ||
| Qualcomm Sdx20 Firmware | ||
| Qualcomm Sdx20 | ||
| Qualcomm Sdx20m Firmware | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Wcd9330 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2020-11131.
What is the severity level of CVE-2020-11131?
The severity level of CVE-2020-11131 is high with a severity value of 7.8.
Which software is affected by CVE-2020-11131?
The software affected by CVE-2020-11131 includes Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9250, MDM9628, MDM9640, MDM9650, MSM8996AU, QCS405, SDA845, SDX20, SDX20m, and WCD9330.
What is the vulnerability description of CVE-2020-11131?
The vulnerability CVE-2020-11131 refers to a possible buffer overflow in WMA message processing due to integer overflow when processing a command received from user space.
How can I fix the vulnerability CVE-2020-11131?
To fix the vulnerability CVE-2020-11131, it is recommended to follow the security bulletin provided by Qualcomm at the following link: [Qualcomm Security Bulletin](https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin).
- agent/weakness
- agent/severity
- agent/references
- agent/type
- agent/event
- agent/author
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/qualcomm
- canonical/google android
- canonical/qualcomm apq8009
- canonical/qualcomm apq8053 firmware
- canonical/qualcomm apq8053
- canonical/qualcomm mdm9206 firmware
- canonical/qualcomm mdm9206
- canonical/qualcomm mdm9628
- canonical/qualcomm mdm9640 firmware
- canonical/qualcomm mdm9640
- canonical/qualcomm mdm9650 firmware
- canonical/qualcomm mdm9650
- canonical/qualcomm msm8996au firmware
- canonical/qualcomm msm8996au
- canonical/qualcomm qcs405 firmware
- canonical/qualcomm qcs405
- canonical/qualcomm sda845 firmware
- canonical/qualcomm sda845
- canonical/qualcomm sdx20 firmware
- canonical/qualcomm sdx20
- canonical/qualcomm sdx20m firmware
- canonical/qualcomm wcd9330