HIGHCVSS7.8
|Actively Exploited
|CISA KEV|CVE-2020-11261|Auth: low — authenticated user|Reboot: required|Manual onlyQualcomm Multiple Chipsets Improper Input Validation Vulnerability (CVE-2020-11261)
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Published Jun 9, 2021 · Updated May 17, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched
A local attacker, with a low-privilege account, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2022-06-01 under CISA BOD 22-01.
How the attack worksNo clicks needed
This is a Out-of-bounds Write (CWE-787) vulnerability in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Exploitation requires local access, low attack complexity, a low-privilege authenticated account, and no user interaction required.
Am I affected?Quick check
Probably yes if any of these apply:
●IT Security
●Running apq8009 firmware: -; apq8009w firmware: -; apq8017 firmware: -; apq8037 firmware: -; apq8053 firmware: -; apq8064au firmware: -; apq8096au firmware: -; aqt1000 firmware: -; ar8031 firmware: -; ar8035 firmware: -; ar8151 firmware: -; csra6620 firmware: -; csra6640 firmware: -; csrb31024 firmware: -; fsm10055 firmware: -; fsm10056 firmware: -; mdm9650 firmware: -; msm8909w firmware: -; msm8917 firmware: -; msm8920 firmware: -; msm8937 firmware: -; msm8940 firmware: -; msm8953 firmware: -; msm8996au firmware: -; pm215 firmware: -; pm3003a firmware: -; pm4125 firmware: -; pm439 firmware: -; pm456 firmware: -; pm6125 firmware: -; pm6150 firmware: -; pm6150a firmware: -; pm6150l firmware: -; pm6250 firmware: -; pm6350 firmware: -; pm640a firmware: -; pm640l firmware: -; pm640p firmware: -; pm660 firmware: -; pm660a firmware: -; pm660l firmware: -; pm670 firmware: -; pm670a firmware: -; pm670l firmware: -; pm7150a firmware: -; pm7150l firmware: -; pm7250 firmware: -; pm7250b firmware: -; pm7350c firmware: -; pm8004 firmware: -; pm8005 firmware: -; pm8008 firmware: -; pm8009 firmware: -; pm8150 firmware: -; pm8150a firmware: -; pm8150b firmware: -; pm8150c firmware: -; pm8150l firmware: -; pm8250 firmware: -; pm8350 firmware: -; pm8350b firmware: -; pm8350bh firmware: -; pm8350bhs firmware: -; pm8350c firmware: -; pm855 firmware: -; pm855a firmware: -; pm855b firmware: -; pm855l firmware: -; pm855p firmware: -; pm8909 firmware: -; pm8916 firmware: -; pm8937 firmware: -; pm8940 firmware: -; pm8953 firmware: -; pm8996 firmware: -; pm8998 firmware: -; pmc1000h firmware: -; pmd9655 firmware: -; pme605 firmware: -; pmi632 firmware: -; pmi8937 firmware: -; pmi8952 firmware: -; pmi8994 firmware: -; pmi8996 firmware: -; pmi8998 firmware: -; pmk7350 firmware: -; pmk8001 firmware: -; pmk8002 firmware: -; pmk8003 firmware: -; pmk8350 firmware: -; pmm6155au firmware: -; pmm8155au firmware: -; pmm855au firmware: -; pmm8996au firmware: -; pmr525 firmware: -; pmr735a firmware: -; pmr735b firmware: -; pmw3100 firmware: -; pmx20 firmware: -; pmx24 firmware: -; pmx50 firmware: -; pmx55 firmware: -; qat3514 firmware: -; qat3516 firmware: -; qat3518 firmware: -; qat3519 firmware: -; qat3522 firmware: -; qat3550 firmware: -; qat3555 firmware: -; qat5515 firmware: -; qat5516 firmware: -; qat5522 firmware: -; qat5533 firmware: -; qat5568 firmware: -; qbt1000 firmware: -; qbt1500 firmware: -; qbt2000 firmware: -; qca4020 firmware: -; qca6174a firmware: -; qca6310 firmware: -; qca6320 firmware: -; qca6335 firmware: -; qca6390 firmware: -; qca6391 firmware: -; qca6420 firmware: -; qca6421 firmware: -; qca6426 firmware: -; qca6430 firmware: -; qca6431 firmware: -; qca6436 firmware: -; qca6564 firmware: -; qca6564a firmware: -; qca6564au firmware: -; qca6574 firmware: -; qca6574a firmware: -; qca6574au firmware: -; qca6584au firmware: -; qca6595au firmware: -; qca6696 firmware: -; qca8337 firmware: -; qca9377 firmware: -; qca9379 firmware: -; qcc1110 firmware: -; qcm2290 firmware: -; qcm4290 firmware: -; qcm6125 firmware: -; qcs2290 firmware: -; qcs405 firmware: -; qcs410 firmware: -; qcs4290 firmware: -; qcs603 firmware: -; qcs605 firmware: -; qcs610 firmware: -; qcs6125 firmware: -; qdm2301 firmware: -; qdm2302 firmware: -; qdm2305 firmware: -; qdm2307 firmware: -; qdm2308 firmware: -; qdm2310 firmware: -; qdm3301 firmware: -; qdm3302 firmware: -; qdm4643 firmware: -; qdm4650 firmware: -; qdm5579 firmware: -; qdm5620 firmware: -; qdm5621 firmware: -; qdm5650 firmware: -; qdm5652 firmware: -; qdm5670 firmware: -; qdm5671 firmware: -; qdm5677 firmware: -; qdm5679 firmware: -; qet4100 firmware: -; qet4101 firmware: -; qet5100 firmware: -; qet5100m firmware: -; qet6100 firmware: -; qet6110 firmware: -; qfe2101 firmware: -; qfe2520 firmware: -; qfe2550 firmware: -; qfe3340 firmware: -; qfe4301 firmware: -; qfe4302 firmware: -; qfe4303 firmware: -; qfe4305 firmware: -; qfe4308 firmware: -; qfe4309 firmware: -; qfe4320 firmware: -; qfe4373fc firmware: -; qfs2530 firmware: -; qfs2580 firmware: -; qfs2608 firmware: -; qfs2630 firmware: -; qln1020 firmware: -; qln1021aq firmware: -; qln1030 firmware: -; qln1031 firmware: -; qln1036aq firmware: -; qln4640 firmware: -; qln4642 firmware: -; qln4650 firmware: -; qln5020 firmware: -; qln5030 firmware: -; qln5040 firmware: -; qpa2625 firmware: -; qpa4340 firmware: -; qpa4360 firmware: -; qpa4361 firmware: -; qpa5373 firmware: -; qpa5460 firmware: -; qpa5461 firmware: -; qpa5580 firmware: -; qpa5581 firmware: -; qpa6560 firmware: -; qpa8673 firmware: -; qpa8675 firmware: -; qpa8686 firmware: -; qpa8801 firmware: -; qpa8802 firmware: -; qpa8803 firmware: -; qpa8821 firmware: -; qpa8842 firmware: -; qpm2630 firmware: -; qpm4621 firmware: -; qpm4630 firmware: -; qpm4640 firmware: -; qpm4641 firmware: -; qpm4650 firmware: -; qpm5541 firmware: -; qpm5577 firmware: -; qpm5579 firmware: -; qpm5620 firmware: -; qpm5621 firmware: -; qpm5641 firmware: -; qpm5657 firmware: -; qpm5658 firmware: -; qpm5670 firmware: -; qpm5677 firmware: -; qpm5679 firmware: -; qpm5870 firmware: -; qpm5875 firmware: -; qpm6325 firmware: -; qpm6375 firmware: -; qpm6582 firmware: -; qpm6585 firmware: -; qpm6621 firmware: -; qpm6670 firmware: -; qpm8820 firmware: -; qpm8830 firmware: -; qpm8870 firmware: -; qpm8895 firmware: -; qsm7250 firmware: -; qsm8250 firmware: -; qsw6310 firmware: -; qsw8573 firmware: -; qsw8574 firmware: -; qtc410s firmware: -; qtc800h firmware: -; qtc800s firmware: -; qtc800t firmware: -; qtc801s firmware: -; qtm525 firmware: -; qtm527 firmware: -; qualcomm215 firmware: -; rgr7640au firmware: -; rsw8577 firmware: -; sa415m firmware: -; sa515m firmware: -; sa6145p firmware: -; sa6155 firmware: -; sa6155p firmware: -; sa8155 firmware: -; sa8155p firmware: -; sd 455 firmware: -; sd 636 firmware: -; sd 675 firmware: -; sd 8c firmware: -; sd 8cx firmware: -; sd205 firmware: -; sd210 firmware: -; sd429 firmware: -; sd439 firmware: -; sd450 firmware: -; sd460 firmware: -; sd632 firmware: -; sd660 firmware: -; sd662 firmware: -; sd665 firmware: -; sd670 firmware: -; sd675 firmware: -; sd690 5g firmware: -; sd710 firmware: -; sd720g firmware: -; sd730 firmware: -; sd750g firmware: -; sd765 firmware: -; sd765g firmware: -; sd768g firmware: -; sd820 firmware: -; sd821 firmware: -; sd835 firmware: -; sd845 firmware: -; sd855 firmware: -; sd865 5g firmware: -; sd888 5g firmware: -; sda429w firmware: -; sdm429w firmware: -; sdm630 firmware: -; sdm830 firmware: -; sdr051 firmware: -; sdr052 firmware: -; sdr425 firmware: -; sdr660 firmware: -; sdr660g firmware: -; sdr675 firmware: -; sdr735 firmware: -; sdr735g firmware: -; sdr8150 firmware: -; sdr8250 firmware: -; sdr845 firmware: -; sdr865 firmware: -; sdw2500 firmware: -; sdw3100 firmware: -; sdx20 firmware: -; sdx20m firmware: -; sdx24 firmware: -; sdx50m firmware: -; sdx55 firmware: -; sdx55m firmware: -; sdxr1 firmware: -; sdxr2 5g firmware: -; sm4125 firmware: -; sm4350 firmware: -; sm6250 firmware: -; sm6250p firmware: -; sm7250p firmware: -; sm7350 firmware: -; smb1350 firmware: -; smb1351 firmware: -; smb1354 firmware: -; smb1355 firmware: -; smb1357 firmware: -; smb1358 firmware: -; smb1360 firmware: -; smb1380 firmware: -; smb1381 firmware: -; smb1390 firmware: -; smb1394 firmware: -; smb1395 firmware: -; smb1396 firmware: -; smb1398 firmware: -; smb231 firmware: -; smb2351 firmware: -; smr525 firmware: -; smr526 firmware: -; wcd9326 firmware: -; wcd9335 firmware: -; wcd9340 firmware: -; wcd9341 firmware: -; wcd9370 firmware: -; wcd9371 firmware: -; wcd9375 firmware: -; wcd9380 firmware: -; wcd9385 firmware: -; wcn3610 firmware: -; wcn3615 firmware: -; wcn3620 firmware: -; wcn3660 firmware: -; wcn3660b firmware: -; wcn3680 firmware: -; wcn3680b firmware: -; wcn3910 firmware: -; wcn3950 firmware: -; wcn3980 firmware: -; wcn3988 firmware: -; wcn3990 firmware: -; wcn3991 firmware: -; wcn3998 firmware: -; wcn3999 firmware: -; wcn6740 firmware: -; wcn6750 firmware: -; wcn6850 firmware: -; wcn6851 firmware: -; wcn6856 firmware: -; wgr7640 firmware: -; wsa8810 firmware: -; wsa8815 firmware: -; wsa8830 firmware: -; wsa8835 firmware: -; wtr2955 firmware: -; wtr2965 firmware: -; wtr3905 firmware: -; wtr3925 firmware: -; wtr3950 firmware: -; wtr4905 firmware: -; wtr5975 firmware: -; wtr6955 firmware: -
Real-world incidentsWhat we've seen
CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2021-12-01 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2022-06-01.
How to patch
Manual remediation steps
1
Identify affected hosts: query inventory for general installs in scope.
2
Apply the vendor security update referenced in CVE-2020-11261's advisory. No specific KB/version is encoded yet — consult the linked MSRC/vendor URL.
3
Verify the fix per the vendor's published verification steps.
4
Document the remediation in your change ticket and re-scan with your vulnerability scanner to confirm closure.
PowerShell automationComing soon
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.