CVE-2020-11205: Integer Overflow
First published: Mon Nov 02 2020(Updated: )
u'Possible integer overflow to heap overflow while processing command due to lack of check of packet length received' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350, SM8350P, SXR2130, SXR2130P
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Qualcomm Qsm8350 Firmware | ||
| Qualcomm Qsm8350 | ||
| Google Android | ||
| Qualcomm Sa6145p | ||
| Qualcomm Sa6150p Firmware | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sa6155p | ||
| Google Android | ||
| Qualcomm Sa8150p | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sa8195p Firmware | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sm8250 Firmware | ||
| Qualcomm SM8250 | ||
| Qualcomm Sm8350 Firmware | ||
| Qualcomm Sm8350 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sxr2130 Firmware | ||
| Qualcomm Sxr2130 | ||
| Google Android | ||
| Qualcomm Sxr2130p |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-11205?
The severity of CVE-2020-11205 is high with a CVSS score of 7.8.
Which products are affected by CVE-2020-11205?
Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350, SM8350P, SXR2130, SXR2130P, and Google Android are affected by CVE-2020-11205.
What is the vulnerability description of CVE-2020-11205?
CVE-2020-11205 is a possible integer overflow to heap overflow vulnerability while processing a command due to a lack of check of the packet length received.
How can I fix CVE-2020-11205?
Apply the necessary patches and updates provided by Qualcomm and Google to fix CVE-2020-11205.
Where can I find more information about CVE-2020-11205?
You can find more information about CVE-2020-11205 on the Qualcomm Product Security Bulletins and the Android Security Bulletin for November 2020.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/android-source
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/software-canonical-lookup
- vendor/google
- canonical/google android
- vendor/qualcomm
- canonical/qualcomm qsm8350 firmware
- canonical/qualcomm qsm8350
- canonical/qualcomm sa6145p
- canonical/qualcomm sa6150p firmware
- canonical/qualcomm sa6155p
- canonical/qualcomm sa8150p
- canonical/qualcomm sa8195p firmware
- canonical/qualcomm sm8250 firmware
- canonical/qualcomm sm8250
- canonical/qualcomm sm8350 firmware
- canonical/qualcomm sm8350
- canonical/qualcomm sxr2130 firmware
- canonical/qualcomm sxr2130
- canonical/qualcomm sxr2130p