high
7.2
CWE
119
Advisory Published
Updated

CVE-2020-11150: Buffer Overflow

First published: Thu Jan 21 2021(Updated: )

Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of pointer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Credit: product-security@qualcomm.com

Affected SoftwareAffected VersionHow to fix
Qualcomm aqt1000
Qualcomm ar8031
Qualcomm ar8035
Qualcomm csra6620
Qualcomm csra6640
Qualcomm Pm215
Qualcomm Pm3003a
Qualcomm Pm6125
Qualcomm Pm6150
Qualcomm Pm6150a
Qualcomm Pm6150l
Qualcomm Pm6350
Qualcomm Pm640a
Qualcomm Pm640l
Qualcomm Pm640p
Qualcomm pm660
Qualcomm pm660l
Qualcomm pm670
Qualcomm pm670a
Qualcomm pm670l
Qualcomm Pm7150a
Qualcomm Pm7150l
Qualcomm Pm7250
Qualcomm Pm7250b
Qualcomm Pm7350c
Qualcomm pm8005
Qualcomm Pm8008
Qualcomm Pm8009
Qualcomm Pm8150
Qualcomm Pm8150a
Qualcomm Pm8150b
Qualcomm Pm8150c
Qualcomm Pm8150l
Qualcomm Pm8250
Qualcomm Pm8350
Qualcomm Pm8350b
Qualcomm Pm8350bh
Qualcomm Pm8350bhs
Qualcomm Pm8350c
Qualcomm pm855
Qualcomm Pm855b
Qualcomm pm855l
Qualcomm pm855p
Qualcomm Pm8909
Qualcomm pm8916
Qualcomm Pmc1000h
Qualcomm pmd9655
Qualcomm Pme605
Qualcomm pmi632
Qualcomm Pmk7350
Qualcomm Pmk8002
Qualcomm Pmk8003
Qualcomm Pmk8350
Qualcomm Pmm6155au
Qualcomm Pmm8155au
Qualcomm Pmm8195au
Qualcomm Pmm855au
Qualcomm Pmr525
Qualcomm Pmr735a
Qualcomm Pmr735b
Qualcomm pmx24
Qualcomm Pmx55
Qualcomm qat3514
Qualcomm Qat3516
Qualcomm Qat3518
Qualcomm Qat3519
Qualcomm Qat3522
Qualcomm Qat3550
Qualcomm Qat3555
Qualcomm Qat5515
Qualcomm Qat5516
Qualcomm Qat5522
Qualcomm Qat5533
Qualcomm Qat5568
Qualcomm Qbt1500
Qualcomm Qbt2000
qualcomm qca4020
Qualcomm qca6174a
qualcomm qca6175a
Qualcomm qca6390
qualcomm qca6391
Qualcomm qca6420
qualcomm qca6421
qualcomm qca6426
Qualcomm qca6430
qualcomm qca6431
qualcomm qca6436
Qualcomm qca6564
Qualcomm qca6564a
qualcomm qca6564au
qualcomm qca6574
qualcomm qca6574a
qualcomm qca6574au
qualcomm QCA6584AU
qualcomm qca6595
qualcomm qca6595au
qualcomm qca6696
qualcomm qca8337
Qualcomm qca9377
qualcomm qca9379
Qualcomm qcm4290
Qualcomm QCS405 Firmware
Qualcomm qcs4290
Qualcomm qcs603
Qualcomm QCS605
Qualcomm Qdm2301
Qualcomm Qdm2302
Qualcomm Qdm2305
Qualcomm Qdm2307
Qualcomm Qdm2308
Qualcomm Qdm2310
Qualcomm Qdm3301
Qualcomm Qdm3302
Qualcomm Qdm4643
Qualcomm Qdm4650
Qualcomm Qdm5579
Qualcomm Qdm5620
Qualcomm Qdm5621
Qualcomm Qdm5650
Qualcomm Qdm5652
Qualcomm Qdm5670
Qualcomm Qdm5671
Qualcomm Qdm5677
Qualcomm Qdm5679
Qualcomm Qet4101
Qualcomm Qet4200aq
Qualcomm Qet5100
Qualcomm Qet5100m
Qualcomm Qet6100
Qualcomm Qet6110
Qualcomm Qfs2530
Qualcomm Qfs2580
Qualcomm Qfs2608
Qualcomm Qfs2630
Qualcomm Qln1021aq
Qualcomm Qln1031
Qualcomm Qln1036aq
Qualcomm Qln4642
Qualcomm Qln4650
Qualcomm Qln5020
Qualcomm Qln5030
Qualcomm Qln5040
Qualcomm Qpa2625
Qualcomm Qpa4360
Qualcomm Qpa4361
Qualcomm Qpa5461
Qualcomm Qpa5580
Qualcomm Qpa5581
Qualcomm Qpa6560
Qualcomm Qpa8673
Qualcomm Qpa8686
Qualcomm Qpa8801
Qualcomm Qpa8802
Qualcomm Qpa8803
Qualcomm Qpa8821
Qualcomm Qpa8842
Qualcomm Qpm4621
Qualcomm Qpm4630
Qualcomm Qpm4640
Qualcomm Qpm4641
Qualcomm Qpm4650
Qualcomm Qpm5541
Qualcomm Qpm5577
Qualcomm Qpm5579
Qualcomm Qpm5621
Qualcomm Qpm5641
Qualcomm Qpm5658
Qualcomm Qpm5670
Qualcomm Qpm5677
Qualcomm Qpm5679
Qualcomm Qpm5870
Qualcomm Qpm5875
Qualcomm Qpm6325
Qualcomm Qpm6375
Qualcomm Qpm6582
Qualcomm Qpm6585
Qualcomm Qpm6621
Qualcomm Qpm6670
Qualcomm Qpm8820
Qualcomm Qpm8830
Qualcomm Qpm8870
Qualcomm Qpm8895
Qualcomm Qsm7250
Qualcomm Qsw6310
Qualcomm Qsw8573
Qualcomm Qsw8574
Qualcomm Qtc410s
Qualcomm Qtc800h
Qualcomm Qtc801s
Qualcomm Qtm525
Qualcomm Qtm527
Qualcomm Qualcomm215
Qualcomm sa6145p
Qualcomm sa6155
qualcomm SA6155P
Qualcomm sa8150p
Qualcomm sa8155
Qualcomm sa8155p
Qualcomm sa8195p
Qualcomm sd205
Qualcomm sd210
Qualcomm sd460
Qualcomm sd662
Qualcomm sd665
qualcomm sd675
Qualcomm Sd6905g
Qualcomm sd750g
Qualcomm sd765
Qualcomm sd765g
Qualcomm sd768g
qualcomm sd855
Qualcomm Sd8655g
Qualcomm Sd8885g
Qualcomm Sd8c
Qualcomm Sd8cx
Qualcomm sda429w
qualcomm SDM429W
Qualcomm Sdr425
Qualcomm Sdr660
Qualcomm Sdr660g
Qualcomm Sdr735
Qualcomm Sdr735g
Qualcomm Sdr8150
Qualcomm Sdr8250
Qualcomm Sdr865
Qualcomm sdx24
Qualcomm sdx55
Qualcomm sdx55m
qualcomm sdxr1
Qualcomm Sdxr25g
qualcomm sm7250p
Qualcomm Sm7350
Qualcomm Smb1351
Qualcomm Smb1354
Qualcomm Smb1355
Qualcomm Smb1381
Qualcomm Smb1390
Qualcomm Smb1394
Qualcomm Smb1395
Qualcomm Smb1396
Qualcomm Smb1398
Qualcomm Smb2351
Qualcomm Smr525
Qualcomm Smr526
Qualcomm Smr545
Qualcomm Smr546
Qualcomm wcd9326
qualcomm wcd9335
qualcomm wcd9340
qualcomm wcd9341
Qualcomm wcd9370
Qualcomm wcd9375
qualcomm wcd9380
qualcomm wcd9385
Qualcomm wcn3610
Qualcomm wcn3615
Qualcomm Wcn3620
Qualcomm wcn3660b
Qualcomm Wcn3680
Qualcomm wcn3680b
qualcomm wcn3950
Qualcomm Wcn3980
Qualcomm WCN3988
qualcomm wcn3990
Qualcomm WCN3991 Firmware
Qualcomm wcn3998
Qualcomm wcn3999
qualcomm wcn6740
qualcomm wcn6750
Qualcomm WCN6850 Firmware
Qualcomm WCN6851 Firmware
qualcomm wcn6856
Qualcomm Wgr7640
qualcomm wsa8810
qualcomm wsa8815
qualcomm wsa8830
qualcomm wsa8835
Qualcomm Wtr2965
Qualcomm Wtr3925
Qualcomm Wtr4905

Remedy

https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2020-11150?

    CVE-2020-11150 has a high severity rating due to the possibility of out-of-bounds memory access in the camera driver.

  • How do I fix CVE-2020-11150?

    To fix CVE-2020-11150, update the affected Qualcomm device to the latest security patches provided by Qualcomm.

  • What impact does CVE-2020-11150 have on affected devices?

    CVE-2020-11150 may allow an attacker to manipulate memory leading to potential crashes or unauthorized access.

  • Which Qualcomm devices are affected by CVE-2020-11150?

    CVE-2020-11150 affects a wide range of Qualcomm devices, including models in Snapdragon Auto, Compute, and Mobile categories.

  • Is CVE-2020-11150 a remote exploit vulnerability?

    CVE-2020-11150 is considered a local exploit vulnerability that requires the attacker to have access to the affected device.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203