SB2020080530 - Multiple vulnerabilities in Qualcomm chipsets

Main Vulnerability Database SB2020080530

SB2020080530 - Multiple vulnerabilities in Qualcomm chipsets

Published: August 5, 2020 Updated: May 17, 2025

Security Bulletin ID SB2020080530

Severity

Low

Patch available

YES

Number of vulnerabilities 50

Exploitation vector Adjecent network

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 50 secuirty vulnerabilities.

1) Integer overflow (CVE-ID: CVE-2020-3624)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Storage. #AV# #AU# can #EXT_IMPACT#.

2) Integer overflow (CVE-ID: CVE-2019-14056)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in TrustZone. #AV# #AU# can #EXT_IMPACT#.

3) Double Free (CVE-ID: CVE-2019-14065)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in TrustZone. #AV# #AU# can #EXT_IMPACT#.

4) Key Management Errors (CVE-ID: CVE-2019-14089)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in HLOS. #AV# #AU# can #EXT_IMPACT#.

5) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2019-14115)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

6) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2019-14119)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in QTEE. #AV# #AU# can #EXT_IMPACT#.

7) Untrusted Pointer Dereference (CVE-ID: CVE-2020-11122)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Video. #AV# #AU# can #EXT_IMPACT#.

8) Stack-based buffer overflow (CVE-ID: CVE-2020-11133)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

9) Improper Access Control (CVE-ID: CVE-2020-3611)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Core. #AV# #AU# can #EXT_IMPACT#.

10) Integer overflow (CVE-ID: CVE-2020-3620)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

11) Improper input validation (CVE-ID: CVE-2020-3622)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

12) Buffer overflow (CVE-ID: CVE-2020-3629)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in DSP Services. #AV# #AU# can #EXT_IMPACT#.

13) Untrusted Pointer Dereference (CVE-ID: CVE-2019-14025)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

14) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-3636)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

15) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2020-3640)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

16) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2020-3643)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

17) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2020-3644)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.

18) Stack-based buffer overflow (CVE-ID: CVE-2020-3666)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

19) Buffer overflow (CVE-ID: CVE-2020-3668)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

20) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-3669)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

21) Buffer over-read (CVE-ID: CVE-2020-3675)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

22) Use After Free (CVE-ID: CVE-2019-14117)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

23) Use After Free (CVE-ID: CVE-2020-11120)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

24) Use of Uninitialized Variable (CVE-ID: CVE-2019-14052)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in MODEM. #AV# #AU# can #EXT_IMPACT#.

25) Integer overflow (CVE-ID: CVE-2019-13999)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

26) Buffer overflow (CVE-ID: CVE-2020-11116)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

27) Improper Authentication (CVE-ID: CVE-2019-10562)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in QTEE. #AV# #AU# can #EXT_IMPACT#.

28) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2020-11115)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

29) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2020-11118)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

30) Improper input validation (CVE-ID: CVE-2020-11117)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in lbd service. #AV# #AU# can #EXT_IMPACT#.

31) Cryptographic Issues (CVE-ID: CVE-2020-3702)

The vulnerability allows a remote attacker to gain access top sensitive information.

The vulnerability exists due to improper input validation in WIFI driver(Krook). A remote attacker can temporary disable WPA2 or the WPA/WPA2 mixed-mode encryption and intercept traffic in clear text.

32) Integer overflow (CVE-ID: CVE-2019-14074)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Diag Services. #AV# #AU# can #EXT_IMPACT#.

33) Improper Validation of Array Index (CVE-ID: CVE-2020-11128)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Diag Services. #AV# #AU# can #EXT_IMPACT#.

34) Buffer overflow (CVE-ID: CVE-2020-3646)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Video. #AV# #AU# can #EXT_IMPACT#.

35) Stack-based buffer overflow (CVE-ID: CVE-2020-3647)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Neural Processing Unit. #AV# #AU# can #EXT_IMPACT#.

36) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-3648)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in DSP Services. #AV# #AU# can #EXT_IMPACT#.

37) NULL Pointer Dereference (CVE-ID: CVE-2020-11158)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in PDF-Compatible Interpreter. #AV# #AU# can #EXT_IMPACT#.

38) Improper Validation of Array Index (CVE-ID: CVE-2019-10628)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Kernel. #AV# #AU# can #EXT_IMPACT#.

39) Integer overflow (CVE-ID: CVE-2019-13995)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Trustzone. #AV# #AU# can #EXT_IMPACT#.

40) Improper Validation of Array Index (CVE-ID: CVE-2019-10629)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in kernel. #AV# #AU# can #EXT_IMPACT#.

41) Integer overflow (CVE-ID: CVE-2019-13994)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Trustzone. #AV# #AU# can #EXT_IMPACT#.

42) Integer overflow (CVE-ID: CVE-2019-13998)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

43) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2020-3619)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Graphics. #AV# #AU# can #EXT_IMPACT#.

44) Improper Validation of Array Index (CVE-ID: CVE-2020-3621)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.

45) Buffer overflow (CVE-ID: CVE-2020-3667)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

46) NULL Pointer Dereference (CVE-ID: CVE-2018-13903)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Modem. #AV# #AU# can #EXT_IMPACT#.

47) Improper Validation of Array Index (CVE-ID: CVE-2019-10527)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Mproc. #AV# #AU# can #EXT_IMPACT#.

48) Improper Access Control (CVE-ID: CVE-2019-10596)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in KERNEL. #AV# #AU# can #EXT_IMPACT#.

49) Integer overflow (CVE-ID: CVE-2019-10615)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Trusted Application. #AV# #AU# can #EXT_IMPACT#.

50) Buffer overflow (CVE-ID: CVE-2019-13992)

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in kernel. #AV# #AU# can #EXT_IMPACT#.

Remediation

Install update from vendor's website.

References

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

Vulnerable Software