Lucene search

[email protected]CVE-2020-11127

HistoryNov 12, 2020 - 10:15 a.m.

CVE-2020-11127

2020-11-1210:15:12

CWE-190

[email protected]

web.nvd.nist.gov

cve-2020-11127

buffer overflow

integer overflow

security metadata

snapdragon auto

snapdragon compute

snapdragon consumer iot

snapdragon industrial iot

snapdragon mobile

snapdragon voice & music

snapdragon wired infrastructure

mdm9205

qcm4290

qcs405

qcs410

qcs4290

qcs610

qsm8250

sa415m

sa515m

sa6145p

sa6150p

sa6155

sa6155p

sa8150p

sa8155

sa8155p

sa8195p

sc7180

sc8180x

sc8180x+sdx55

sc8180xp

sda640

sda845

sda855

sdm1000

sdm640

sdm830

sdm845

sdm850

sdx24

sdx50m

sdx55

sdx55m

sm4125

sm4250

sm4250p

sm6115

sm6115p

sm6150

sm6150p

sm6250

sm6250p

sm6350

sm7125

sm7150

sm7150p

sm7225

sm7250

sm7250p

sm8150

sm8150p

sm8250

sxr2130

sxr2130p

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

u’Integer overflow can cause a buffer overflow due to lack of table length check in the extensible boot Loader during the validation of security metadata while processing objects to be loaded’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in MDM9205, QCM4290, QCS405, QCS410, QCS4290, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA845, SDA855, SDM1000, SDM640, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P

Affected configurations

NVD

Node

qualcommmdm9205Match-

AND

qualcommmdm9205_firmwareMatch-

Node

qualcommqcm4290Match-

AND

qualcommqcm4290_firmwareMatch-

Node

qualcommqcs405Match-

AND

qualcommqcs405_firmwareMatch-

Node

qualcommqcs410Match-

AND

qualcommqcs410_firmwareMatch-

Node

qualcommqcs4290Match-

AND

qualcommqcs4290_firmwareMatch-

Node

qualcommqcs610Match-

AND

qualcommqcs610_firmwareMatch-

Node

qualcommqsm8250Match-

AND

qualcommqsm8250_firmwareMatch-

Node

qualcommsa415mMatch-

AND

qualcommsa415m_firmwareMatch-

Node

qualcommsa515m_firmwareMatch-

AND

qualcommsa515mMatch-

Node

qualcommsa6145p_firmwareMatch-

AND

qualcommsa6145pMatch-

Node

qualcommsa6150p_firmwareMatch-

AND

qualcommsa6150pMatch-

Node

qualcommsa6155_firmwareMatch-

AND

qualcommsa6155Match-

Node

qualcommsa6155p_firmwareMatch-

AND

qualcommsa6155pMatch-

Node

qualcommsa8150p_firmwareMatch-

AND

qualcommsa8150pMatch-

Node

qualcommsa8155_firmwareMatch-

AND

qualcommsa8155Match-

Node

qualcommsa8155p_firmwareMatch-

AND

qualcommsa8155pMatch-

Node

qualcommsa8195p_firmwareMatch-

AND

qualcommsa8195pMatch-

Node

qualcommsc7180_firmwareMatch-

AND

qualcommsc7180Match-

Node

qualcommsc8180x_firmwareMatch-

AND

qualcommsc8180xMatch-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsc8180xp_firmwareMatch-

AND

qualcommsc8180xpMatch-

Node

qualcommsda640_firmwareMatch-

AND

qualcommsda640Match-

Node

qualcommsda845_firmwareMatch-

AND

qualcommsda845Match-

Node

qualcommsda855_firmwareMatch-

AND

qualcommsda855Match-

Node

qualcommsdm1000_firmwareMatch-

AND

qualcommsdm1000Match-

Node

qualcommsdm640_firmwareMatch-

AND

qualcommsdm640Match-

Node

qualcommsdm830_firmwareMatch-

AND

qualcommsdm830Match-

Node

qualcommsdm845_firmwareMatch-

AND

qualcommsdm845Match-

Node

qualcommsdm850_firmwareMatch-

AND

qualcommsdm850Match-

Node

qualcommsdx24_firmwareMatch-

AND

qualcommsdx24Match-

Node

qualcommsdx50m_firmwareMatch-

AND

qualcommsdx50mMatch-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsdx55m_firmwareMatch-

AND

qualcommsdx55mMatch-

Node

qualcommsm4125_firmwareMatch-

AND

qualcommsm4125Match-

Node

qualcommsm4250_firmwareMatch-

AND

qualcommsm4250Match-

Node

qualcommsm4250p_firmwareMatch-

AND

qualcommsm4250pMatch-

Node

qualcommsm6115_firmwareMatch-

AND

qualcommsm6115Match-

Node

qualcommsm6115p_firmwareMatch-

AND

qualcommsm6115pMatch-

Node

qualcommsm6150_firmwareMatch-

AND

qualcommsm6150Match-

Node

qualcommsm6150p_firmwareMatch-

AND

qualcommsm6150pMatch-

Node

qualcommsm6250_firmwareMatch-

AND

qualcommsm6250Match-

Node

qualcommsm6250p_firmwareMatch-

AND

qualcommsm6250pMatch-

Node

qualcommsm6350_firmwareMatch-

AND

qualcommsm6350Match-

Node

qualcommsm7125_firmwareMatch-

AND

qualcommsm7125Match-

Node

qualcommsm7150_firmwareMatch-

AND

qualcommsm7150Match-

Node

qualcommsm7150p_firmwareMatch-

AND

qualcommsm7150pMatch-

Node

qualcommsm7225_firmwareMatch-

AND

qualcommsm7225Match-

Node

qualcommsm7250_firmwareMatch-

AND

qualcommsm7250Match-

Node

qualcommsm7250p_firmwareMatch-

AND

qualcommsm7250pMatch-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

Node

qualcommsm8150p_firmwareMatch-

AND

qualcommsm8150pMatch-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

Node

qualcommsxr2130p_firmwareMatch-

AND

qualcommsxr2130pMatch-

CPENameOperatorVersion
qualcomm:mdm9205_firmwarequalcomm mdm9205 firmwareeq-

CPE	Name	Operator	Version
qualcomm:mdm9205_firmware	qualcomm mdm9205 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9205, QCM4290, QCS405, QCS410, QCS4290, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA845, SDA855, SDM1000, SDM640, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2020-11127

prion1 cvelist1 nvd1