Lucene search

[email protected]CVE-2020-11148

HistoryJan 21, 2021 - 10:15 a.m.

CVE-2020-11148

2021-01-2110:15:13

CWE-416

[email protected]

web.nvd.nist.gov

cve-2020-11148

hidl

callback

rx thread

snapdragon auto

snapdragon compute

snapdragon connectivity

snapdragon consumer iot

snapdragon industrial iot

snapdragon mobile

snapdragon wearables

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is deleted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Affected configurations

NVD

Node

qualcommapq8017Match-

qualcommapq8053Match-

qualcommmsm8917Match-

qualcommmsm8953Match-

qualcommpm215Match-

qualcommpm3003aMatch-

qualcommpm439Match-

qualcommpm6125Match-

qualcommpm6150Match-

qualcommpm6150aMatch-

qualcommpm6150lMatch-

qualcommpm6350Match-

qualcommpm640aMatch-

qualcommpm640lMatch-

qualcommpm640pMatch-

qualcommpm660Match-

qualcommpm660lMatch-

qualcommpm670Match-

qualcommpm670lMatch-

qualcommpm7150aMatch-

qualcommpm7150lMatch-

qualcommpm7250Match-

qualcommpm7250bMatch-

qualcommpm7350cMatch-

qualcommpm8008Match-

qualcommpm8009Match-

qualcommpm8150aMatch-

qualcommpm8150bMatch-

qualcommpm8150cMatch-

qualcommpm8150lMatch-

qualcommpm8250Match-

qualcommpm8350Match-

qualcommpm8350bMatch-

qualcommpm8350bhMatch-

qualcommpm8350bhsMatch-

qualcommpm8350cMatch-

qualcommpm855Match-

qualcommpm855bMatch-

qualcommpm855lMatch-

qualcommpm8916Match-

qualcommpm8937Match-

qualcommpm8953Match-

qualcommpmi632Match-

qualcommpmi8937Match-

qualcommpmi8952Match-

qualcommpmk7350Match-

qualcommpmk8002Match-

qualcommpmk8003Match-

qualcommpmk8350Match-

qualcommpmm8195auMatch-

qualcommpmm855auMatch-

qualcommpmr525Match-

qualcommpmr735aMatch-

qualcommpmr735bMatch-

qualcommpmx55Match-

qualcommqat3514Match-

qualcommqat3516Match-

qualcommqat3518Match-

qualcommqat3519Match-

qualcommqat3522Match-

qualcommqat3550Match-

qualcommqat3555Match-

qualcommqat5515Match-

qualcommqat5516Match-

qualcommqat5522Match-

qualcommqat5533Match-

qualcommqat5568Match-

qualcommqbt1500Match-

qualcommqbt2000Match-

qualcommqca6390Match-

qualcommqca6391Match-

qualcommqca6421Match-

qualcommqca6426Match-

qualcommqca6431Match-

qualcommqca6436Match-

qualcommqca6574aMatch-

qualcommqca6574auMatch-

qualcommqca6595Match-

qualcommqca6595auMatch-

qualcommqca6696Match-

qualcommqcs605Match-

qualcommqdm2301Match-

qualcommqdm2302Match-

qualcommqdm2305Match-

qualcommqdm2307Match-

qualcommqdm2308Match-

qualcommqdm2310Match-

qualcommqdm3301Match-

qualcommqdm3302Match-

qualcommqdm4643Match-

qualcommqdm4650Match-

qualcommqdm5579Match-

qualcommqdm5620Match-

qualcommqdm5621Match-

qualcommqdm5650Match-

qualcommqdm5652Match-

qualcommqdm5670Match-

qualcommqdm5671Match-

qualcommqdm5677Match-

qualcommqdm5679Match-

qualcommqet4101Match-

qualcommqet5100Match-

qualcommqet5100mMatch-

qualcommqet6100Match-

qualcommqet6110Match-

qualcommqfe2101Match-

qualcommqfe2520Match-

qualcommqfe2550Match-

qualcommqfe3340Match-

qualcommqfe4301Match-

qualcommqfe4302Match-

qualcommqfe4303Match-

qualcommqfe4305Match-

qualcommqfe4308Match-

qualcommqfe4309Match-

qualcommqfe4320Match-

qualcommqfe4373fcMatch-

qualcommqfs2530Match-

qualcommqfs2580Match-

qualcommqfs2608Match-

qualcommqfs2630Match-

qualcommqln4642Match-

qualcommqln4650Match-

qualcommqln5020Match-

qualcommqln5030Match-

qualcommqln5040Match-

qualcommqpa2625Match-

qualcommqpa4360Match-

qualcommqpa4361Match-

qualcommqpa5373Match-

qualcommqpa5461Match-

qualcommqpa5580Match-

qualcommqpa5581Match-

qualcommqpa6560Match-

qualcommqpa8673Match-

qualcommqpa8686Match-

qualcommqpa8801Match-

qualcommqpa8802Match-

qualcommqpa8803Match-

qualcommqpa8821Match-

qualcommqpa8842Match-

qualcommqpm4621Match-

qualcommqpm4630Match-

qualcommqpm4640Match-

qualcommqpm4641Match-

qualcommqpm4650Match-

qualcommqpm5621Match-

qualcommqpm5641Match-

qualcommqpm5658Match-

qualcommqpm5670Match-

qualcommqpm5677Match-

qualcommqpm5679Match-

qualcommqpm5870Match-

qualcommqpm5875Match-

qualcommqpm6582Match-

qualcommqpm6585Match-

qualcommqpm6621Match-

qualcommqpm6670Match-

qualcommqpm8820Match-

qualcommqpm8830Match-

qualcommqpm8870Match-

qualcommqpm8895Match-

qualcommqsm7250Match-

qualcommqsw6310Match-

qualcommqsw8573Match-

qualcommqsw8574Match-

qualcommqtc410sMatch-

qualcommqtc800hMatch-

qualcommqtc801sMatch-

qualcommqtm525Match-

qualcommqualcomm215Match-

qualcommsa6155pMatch-

qualcommsa8150pMatch-

qualcommsa8155Match-

qualcommsa8195pMatch-

qualcommsd429Match-

qualcommsd439Match-

qualcommsd632Match-

qualcommsd665Match-

qualcommsd675Match-

qualcommsd6905gMatch-

qualcommsd750gMatch-

qualcommsd765Match-

qualcommsd765gMatch-

qualcommsd768gMatch-

qualcommsd855Match-

qualcommsd8655gMatch-

qualcommsd8885gMatch-

qualcommsda429wMatch-

qualcommsdm429wMatch-

qualcommsdr660Match-

qualcommsdr660gMatch-

qualcommsdr735Match-

qualcommsdr735gMatch-

qualcommsdr8250Match-

qualcommsdr865Match-

qualcommsdx55Match-

qualcommsdx55mMatch-

qualcommsdxr1Match-

qualcommsdxr25gMatch-

qualcommsm7250pMatch-

qualcommsm7350Match-

qualcommsmb1351Match-

qualcommsmb1355Match-

qualcommsmb1358Match-

qualcommsmb1360Match-

qualcommsmb1381Match-

qualcommsmb1390Match-

qualcommsmb1394Match-

qualcommsmb1395Match-

qualcommsmb1396Match-

qualcommsmb1398Match-

qualcommsmr525Match-

qualcommsmr526Match-

qualcommsmr545Match-

qualcommsmr546Match-

qualcommwcd9326Match-

qualcommwcd9341Match-

qualcommwcd9370Match-

qualcommwcd9375Match-

qualcommwcd9380Match-

qualcommwcd9385Match-

qualcommwcn3610Match-

qualcommwcn3615Match-

qualcommwcn3620Match-

qualcommwcn3660bMatch-

qualcommwcn3680Match-

qualcommwcn3680bMatch-

qualcommwcn3950Match-

qualcommwcn3980Match-

qualcommwcn3988Match-

qualcommwcn3990Match-

qualcommwcn3991Match-

qualcommwcn3998Match-

qualcommwcn6740Match-

qualcommwcn6850Match-

qualcommwcn6851Match-

qualcommwcn6856Match-

qualcommwgr7640Match-

qualcommwsa8810Match-

qualcommwsa8815Match-

qualcommwsa8830Match-

qualcommwsa8835Match-

qualcommwtr2955Match-

qualcommwtr2965Match-

qualcommwtr3925Match-

CPENameOperatorVersion
qualcomm:apq8017qualcomm apq8017eq-
qualcomm:apq8053qualcomm apq8053eq-
qualcomm:msm8917qualcomm msm8917eq-
qualcomm:msm8953qualcomm msm8953eq-
qualcomm:pm215qualcomm pm215eq-
qualcomm:pm3003aqualcomm pm3003aeq-
qualcomm:pm439qualcomm pm439eq-
qualcomm:pm6125qualcomm pm6125eq-
qualcomm:pm6150qualcomm pm6150eq-
qualcomm:pm6150aqualcomm pm6150aeq-

CPE	Name	Operator	Version
qualcomm:apq8017	qualcomm apq8017	eq	-
qualcomm:apq8053	qualcomm apq8053	eq	-
qualcomm:msm8917	qualcomm msm8917	eq	-
qualcomm:msm8953	qualcomm msm8953	eq	-
qualcomm:pm215	qualcomm pm215	eq	-
qualcomm:pm3003a	qualcomm pm3003a	eq	-
qualcomm:pm439	qualcomm pm439	eq	-
qualcomm:pm6125	qualcomm pm6125	eq	-
qualcomm:pm6150	qualcomm pm6150	eq	-
qualcomm:pm6150a	qualcomm pm6150a	eq	-

Rows per page:

1-10 of 2461

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8017, APQ8053, MSM8917, MSM8953, PM215, PM3003A, PM439, PM6125, PM6150, PM6150A, PM6150L, PM6350, PM640A, PM640L, PM640P, PM660, PM660L, PM670, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM8916, PM8937, PM8953, PMI632, PMI8937, PMI8952, PMK7350, PMK8002, PMK8003, PMK8350, PMM8195AU, PMM855AU, PMR525, PMR735A, PMR735B, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCS605, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4101, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2520, QFE2550, QFE3340, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE ...[truncated*]"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

Social References

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2020-11148

nvd1 cvelist1 prion1 androidsecurity1