First published: Thu Nov 12 2020(Updated: )
Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Qcs603 Firmware | ||
Qualcomm Qcs603 | ||
Qualcomm Qcs605 Firmware | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Qcs6125 Firmware | ||
Qualcomm Qcs6125 | ||
Google Android | ||
Qualcomm Sa6145p | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Sa6155p | ||
Qualcomm Sa8155 Firmware | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Sda640 Firmware | ||
Google Android | ||
Qualcomm Sda845 Firmware | ||
Qualcomm Sda845 | ||
Google Android | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Sdm845 Firmware | ||
Qualcomm Sdm845 | ||
Qualcomm Sdx50m Firmware | ||
Qualcomm Sdx50m | ||
Qualcomm Sdx55 Firmware | ||
Qualcomm Sdx55 | ||
Google Android | ||
Google Android | ||
Qualcomm Sm6125 Firmware | ||
Qualcomm Sm6125 | ||
Qualcomm Sm6150 Firmware | ||
Qualcomm Sm6150 | ||
Qualcomm Sm6250 Firmware | ||
Google Android | ||
Google Android | ||
Qualcomm Sm6250p | ||
Qualcomm Sm7125 Firmware | ||
Qualcomm Sm7125 | ||
Qualcomm Sm7150 Firmware | ||
Qualcomm Sm7150 | ||
Qualcomm Sm7150p Firmware | ||
Qualcomm Sm7150p | ||
Qualcomm Sm8150 Firmware | ||
Qualcomm Sm8150 | ||
Google Android | ||
Qualcomm Sm8150p |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-11201 is a vulnerability that allows arbitrary access to DSP memory due to an improper check in a loaded library for data received from the CPU side.
The vulnerability affects Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, and other models listed in the official bulletin.
CVE-2020-11201 has a severity level of 7.8 (high).
To fix CVE-2020-11201, users are advised to apply the necessary updates and patches provided by Qualcomm as mentioned in the official bulletin.
More information about CVE-2020-11201 can be found in the official blog post and research report by Check Point, as well as the Qualcomm Product Security bulletins for November 2020.