SB2021010426 - Multiple vulnerabilities in Qualcomm chipsets
Published: January 4, 2021 Updated: February 6, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 24 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2020-11165)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
2) Use After Free (CVE-ID: CVE-2020-11262)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics. A local application can execute arbitrary code.
3) Incorrect Calculation of Buffer Size (CVE-ID: CVE-2020-11240)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Camera. A local application can execute arbitrary code.
4) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2020-11233)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation in Boot. A local application can gain access to sensitive information.
5) Buffer over-read (CVE-ID: CVE-2020-11266)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Trustzone. A local application can read and manipulate data.
6) Buffer over-read (CVE-ID: CVE-2020-11265)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Trustzone. A local application can read and manipulate data.
7) Use of Uninitialized Variable (CVE-ID: CVE-2020-11260)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in DIAG. A local application can execute arbitrary code.
8) Buffer over-read (CVE-ID: CVE-2020-11241)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.
9) Buffer over-read (CVE-ID: CVE-2020-11238)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.
10) Integer overflow (CVE-ID: CVE-2020-11235)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in WLAN. A local application can execute arbitrary code.
11) Input validation error (CVE-ID: CVE-2020-11178)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to unspecified error within the Qualcomm closed-source component, included into the Google Android OS. A remote attacker can use this vulnerability to execute arbitrary code on the system.
12) Buffer over-read (CVE-ID: CVE-2020-11159)
The vulnerability allows a remote attacker to read and manipulate data.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can read and manipulate data.
13) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-11256)
The vulnerability allows a local user to escalate privileges on the system
The vulnerability exists due to a boundary error in WIN TZ FW, when processing a pointer to buffer in trustzone. A local user can run a specially crafted program to trigger an out-of-bound pointer offset and execute arbitrary code on the system with elevated privileges.
14) Buffer over-read (CVE-ID: CVE-2020-11126)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation in WLAN. A remote attacker can perform a denial of service (DoS) attack.
15) Heap-based buffer overflow (CVE-ID: CVE-2020-11182)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when parsing the NAL header. A remote attacker can pass an overly long header to the system, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Improper Validation of Array Index (CVE-ID: CVE-2020-11134)
The vulnerability allows a remote attacker to compromise the affected device.
The vulnerability exists due to a boundary error within the WLAN Firmware when validating time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame. A remote attacker can send specially crafted traffic to the device, trigger an out-of-bounds write and execute arbitrary code on the system.
17) Integer overflow (CVE-ID: CVE-2020-11160)
The vulnerability allows a local privileged application to execute arbitrary code.
The vulnerability exists due to improper input validation in Diag Services. A local privileged application can execute arbitrary code.
18) Use After Free (CVE-ID: CVE-2020-11250)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in DSP Services. A local application can execute arbitrary code.
19) Buffer over-read (CVE-ID: CVE-2020-11161)
The vulnerability allows a local application to read and manipulate data.
The vulnerability exists due to improper input validation in Graphics. A local application can read and manipulate data.
20) Improper Input Validation (CVE-ID: CVE-2020-11261)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation in Graphics. A local application can execute arbitrary code.
21) Use-after-free (CVE-ID: CVE-2020-11239)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error when importing a DMA buffer by using the CPU address of the buffer within the Graphics component. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.
22) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-11259)
The vulnerability allows a local user to escalate privileges on the system
23) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-11258)
The vulnerability allows a local user to escalate privileges on the system
24) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2020-11257)
The vulnerability allows a local user to escalate privileges on the system
Remediation
Install update from vendor's website.