Advisory Published

CVE-2020-11257: Buffer Overflow

First published: Wed Jun 09 2021(Updated: )

Memory corruption due to lack of validation of pointer arguments passed to TrustZone BSP in Snapdragon Wired Infrastructure and Networking

Credit: product-security@qualcomm.com

Affected SoftwareAffected VersionHow to fix
Qualcomm Ar7420 Firmware
Qualcomm Ar7420
Qualcomm Ar9580 Firmware
Google Android
Qualcomm Csr8811 Firmware
Qualcomm Csr8811
Google Android
Google Android
Qualcomm Ipq4019 Firmware
Qualcomm Ipq4019
Google Android
Qualcomm Ipq4028
Qualcomm Ipq4029 Firmware
Google Android
Google Android
Qualcomm Qca10901
Qualcomm Qca4024 Firmware
Google Android
Qualcomm Qca7500 Firmware
Qualcomm Qca7500
Qualcomm Qca7520 Firmware
Qualcomm Qca7520
Qualcomm Qca7550 Firmware
Qualcomm Qca7550
Google Android
Google Android
Qualcomm Qca9880 Firmware
Qualcomm Qca9880
Qualcomm Qca9886 Firmware
Qualcomm Qca9886
Qualcomm Qca9888 Firmware
Qualcomm Qca9888
Qualcomm Qca9889 Firmware
Qualcomm Qca9889
Google Android
Google Android
Google Android
Google Android
Qualcomm Qca9992 Firmware
Qualcomm Qca9992
Qualcomm Qca9994 Firmware
Qualcomm Qca9994
Qualcomm Qcn3018 Firmware
Qualcomm Qcn3018
Qualcomm Qfe1922 Firmware
Qualcomm Qfe1922
Qualcomm Qfe1952 Firmware
Qualcomm Qfe1952
Google Android
Google Android
Google Android
Google Android

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2020-11257?

    CVE-2020-11257 is a vulnerability that allows memory corruption due to the lack of validation of pointer arguments passed to TrustZone BSP in Snapdragon Wired Infrastructure and Networking.

  • How severe is CVE-2020-11257?

    CVE-2020-11257 has a severity rating of 8.8, which is considered high.

  • What software is affected by CVE-2020-11257?

    Qualcomm Ar7420 Firmware, Qualcomm Ar9580 Firmware, Qualcomm Csr8811 Firmware, Qualcomm Ipq4019 Firmware, Qualcomm Ipq4028 Firmware, Qualcomm Qca4024 Firmware, Qualcomm Qca7500 Firmware, Qualcomm Qca7520 Firmware, Qualcomm Qca7550 Firmware, Qualcomm Qca9880 Firmware, Qualcomm Qca9886 Firmware, Qualcomm Qca9888 Firmware, Qualcomm Qca9889 Firmware, Qualcomm Qcn3018 Firmware, Qualcomm Qfe1922 Firmware, Qualcomm Qfe1952 Firmware, and Google Android running on Qualcomm chipsets are affected by CVE-2020-11257.

  • How is CVE-2020-11257 fixed?

    To fix CVE-2020-11257, users should apply the security patch provided by Qualcomm. More information can be found in the official Qualcomm January 2021 Bulletin.

  • What is the CWE of CVE-2020-11257?

    CVE-2020-11257 is classified as CWE-119, which is a weakness related to improper restriction of operations within the bounds of a memory buffer.


SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203