Lucene search

[email protected]CVE-2020-11150

HistoryJan 21, 2021 - 10:15 a.m.

CVE-2020-11150

2021-01-2110:15:13

CWE-119

[email protected]

web.nvd.nist.gov

cve-2020-11150

data validation

memory access

camera driver

snapdragon auto

snapdragon compute

snapdragon connectivity

snapdragon consumer iot

snapdragon industrial iot

snapdragon mobile

snapdragon voice & music

snapdragon wearables

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Out of bound memory access in camera driver due to improper validation on data coming from UMD which is used for offset manipulation of pointer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Affected configurations

NVD

Node

qualcommaqt1000Match-

qualcommar8031Match-

qualcommar8035Match-

qualcommcsra6620Match-

qualcommcsra6640Match-

qualcommpm215Match-

qualcommpm3003aMatch-

qualcommpm6125Match-

qualcommpm6150Match-

qualcommpm6150aMatch-

qualcommpm6150lMatch-

qualcommpm6350Match-

qualcommpm640aMatch-

qualcommpm640lMatch-

qualcommpm640pMatch-

qualcommpm660Match-

qualcommpm660lMatch-

qualcommpm670Match-

qualcommpm670aMatch-

qualcommpm670lMatch-

qualcommpm7150aMatch-

qualcommpm7150lMatch-

qualcommpm7250Match-

qualcommpm7250bMatch-

qualcommpm7350cMatch-

qualcommpm8005Match-

qualcommpm8008Match-

qualcommpm8009Match-

qualcommpm8150Match-

qualcommpm8150aMatch-

qualcommpm8150bMatch-

qualcommpm8150cMatch-

qualcommpm8150lMatch-

qualcommpm8250Match-

qualcommpm8350Match-

qualcommpm8350bMatch-

qualcommpm8350bhMatch-

qualcommpm8350bhsMatch-

qualcommpm8350cMatch-

qualcommpm855Match-

qualcommpm855bMatch-

qualcommpm855lMatch-

qualcommpm855pMatch-

qualcommpm8909Match-

qualcommpm8916Match-

qualcommpmc1000hMatch-

qualcommpmd9655Match-

qualcommpme605Match-

qualcommpmi632Match-

qualcommpmk7350Match-

qualcommpmk8002Match-

qualcommpmk8003Match-

qualcommpmk8350Match-

qualcommpmm6155auMatch-

qualcommpmm8155auMatch-

qualcommpmm8195auMatch-

qualcommpmm855auMatch-

qualcommpmr525Match-

qualcommpmr735aMatch-

qualcommpmr735bMatch-

qualcommpmx24Match-

qualcommpmx55Match-

qualcommqat3514Match-

qualcommqat3516Match-

qualcommqat3518Match-

qualcommqat3519Match-

qualcommqat3522Match-

qualcommqat3550Match-

qualcommqat3555Match-

qualcommqat5515Match-

qualcommqat5516Match-

qualcommqat5522Match-

qualcommqat5533Match-

qualcommqat5568Match-

qualcommqbt1500Match-

qualcommqbt2000Match-

qualcommqca4020Match-

qualcommqca6174aMatch-

qualcommqca6175aMatch-

qualcommqca6390Match-

qualcommqca6391Match-

qualcommqca6420Match-

qualcommqca6421Match-

qualcommqca6426Match-

qualcommqca6430Match-

qualcommqca6431Match-

qualcommqca6436Match-

qualcommqca6564Match-

qualcommqca6564aMatch-

qualcommqca6564auMatch-

qualcommqca6574Match-

qualcommqca6574aMatch-

qualcommqca6574auMatch-

qualcommqca6584auMatch-

qualcommqca6595Match-

qualcommqca6595auMatch-

qualcommqca6696Match-

qualcommqca8337Match-

qualcommqca9377Match-

qualcommqca9379Match-

qualcommqcm4290Match-

qualcommqcs405Match-

qualcommqcs4290Match-

qualcommqcs603Match-

qualcommqcs605Match-

qualcommqdm2301Match-

qualcommqdm2302Match-

qualcommqdm2305Match-

qualcommqdm2307Match-

qualcommqdm2308Match-

qualcommqdm2310Match-

qualcommqdm3301Match-

qualcommqdm3302Match-

qualcommqdm4643Match-

qualcommqdm4650Match-

qualcommqdm5579Match-

qualcommqdm5620Match-

qualcommqdm5621Match-

qualcommqdm5650Match-

qualcommqdm5652Match-

qualcommqdm5670Match-

qualcommqdm5671Match-

qualcommqdm5677Match-

qualcommqdm5679Match-

qualcommqet4101Match-

qualcommqet4200aqMatch-

qualcommqet5100Match-

qualcommqet5100mMatch-

qualcommqet6100Match-

qualcommqet6110Match-

qualcommqfs2530Match-

qualcommqfs2580Match-

qualcommqfs2608Match-

qualcommqfs2630Match-

qualcommqln1021aqMatch-

qualcommqln1031Match-

qualcommqln1036aqMatch-

qualcommqln4642Match-

qualcommqln4650Match-

qualcommqln5020Match-

qualcommqln5030Match-

qualcommqln5040Match-

qualcommqpa2625Match-

qualcommqpa4360Match-

qualcommqpa4361Match-

qualcommqpa5461Match-

qualcommqpa5580Match-

qualcommqpa5581Match-

qualcommqpa6560Match-

qualcommqpa8673Match-

qualcommqpa8686Match-

qualcommqpa8801Match-

qualcommqpa8802Match-

qualcommqpa8803Match-

qualcommqpa8821Match-

qualcommqpa8842Match-

qualcommqpm4621Match-

qualcommqpm4630Match-

qualcommqpm4640Match-

qualcommqpm4641Match-

qualcommqpm4650Match-

qualcommqpm5541Match-

qualcommqpm5577Match-

qualcommqpm5579Match-

qualcommqpm5621Match-

qualcommqpm5641Match-

qualcommqpm5658Match-

qualcommqpm5670Match-

qualcommqpm5677Match-

qualcommqpm5679Match-

qualcommqpm5870Match-

qualcommqpm5875Match-

qualcommqpm6325Match-

qualcommqpm6375Match-

qualcommqpm6582Match-

qualcommqpm6585Match-

qualcommqpm6621Match-

qualcommqpm6670Match-

qualcommqpm8820Match-

qualcommqpm8830Match-

qualcommqpm8870Match-

qualcommqpm8895Match-

qualcommqsm7250Match-

qualcommqsw6310Match-

qualcommqsw8573Match-

qualcommqsw8574Match-

qualcommqtc410sMatch-

qualcommqtc800hMatch-

qualcommqtc801sMatch-

qualcommqtm525Match-

qualcommqtm527Match-

qualcommqualcomm215Match-

qualcommsa6145pMatch-

qualcommsa6155Match-

qualcommsa6155pMatch-

qualcommsa8150pMatch-

qualcommsa8155Match-

qualcommsa8155pMatch-

qualcommsa8195pMatch-

qualcommsd205Match-

qualcommsd210Match-

qualcommsd460Match-

qualcommsd662Match-

qualcommsd665Match-

qualcommsd675Match-

qualcommsd6905gMatch-

qualcommsd750gMatch-

qualcommsd765Match-

qualcommsd765gMatch-

qualcommsd768gMatch-

qualcommsd855Match-

qualcommsd8655gMatch-

qualcommsd8885gMatch-

qualcommsd8cMatch-

qualcommsd8cxMatch-

qualcommsda429wMatch-

qualcommsdm429wMatch-

qualcommsdr425Match-

qualcommsdr660Match-

qualcommsdr660gMatch-

qualcommsdr735Match-

qualcommsdr735gMatch-

qualcommsdr8150Match-

qualcommsdr8250Match-

qualcommsdr865Match-

qualcommsdx24Match-

qualcommsdx55Match-

qualcommsdx55mMatch-

qualcommsdxr1Match-

qualcommsdxr25gMatch-

qualcommsm7250pMatch-

qualcommsm7350Match-

qualcommsmb1351Match-

qualcommsmb1354Match-

qualcommsmb1355Match-

qualcommsmb1381Match-

qualcommsmb1390Match-

qualcommsmb1394Match-

qualcommsmb1395Match-

qualcommsmb1396Match-

qualcommsmb1398Match-

qualcommsmb2351Match-

qualcommsmr525Match-

qualcommsmr526Match-

qualcommsmr545Match-

qualcommsmr546Match-

qualcommwcd9326Match-

qualcommwcd9335Match-

qualcommwcd9340Match-

qualcommwcd9341Match-

qualcommwcd9370Match-

qualcommwcd9375Match-

qualcommwcd9380Match-

qualcommwcd9385Match-

qualcommwcn3610Match-

qualcommwcn3615Match-

qualcommwcn3620Match-

qualcommwcn3660bMatch-

qualcommwcn3680Match-

qualcommwcn3680bMatch-

qualcommwcn3950Match-

qualcommwcn3980Match-

qualcommwcn3988Match-

qualcommwcn3990Match-

qualcommwcn3991Match-

qualcommwcn3998Match-

qualcommwcn3999Match-

qualcommwcn6740Match-

qualcommwcn6750Match-

qualcommwcn6850Match-

qualcommwcn6851Match-

qualcommwcn6856Match-

qualcommwgr7640Match-

qualcommwsa8810Match-

qualcommwsa8815Match-

qualcommwsa8830Match-

qualcommwsa8835Match-

qualcommwtr2965Match-

qualcommwtr3925Match-

qualcommwtr4905Match-

CPENameOperatorVersion
qualcomm:aqt1000qualcomm aqt1000eq-
qualcomm:ar8031qualcomm ar8031eq-
qualcomm:ar8035qualcomm ar8035eq-
qualcomm:csra6620qualcomm csra6620eq-
qualcomm:csra6640qualcomm csra6640eq-
qualcomm:pm215qualcomm pm215eq-
qualcomm:pm3003aqualcomm pm3003aeq-
qualcomm:pm6125qualcomm pm6125eq-
qualcomm:pm6150qualcomm pm6150eq-
qualcomm:pm6150aqualcomm pm6150aeq-

CPE	Name	Operator	Version
qualcomm:aqt1000	qualcomm aqt1000	eq	-
qualcomm:ar8031	qualcomm ar8031	eq	-
qualcomm:ar8035	qualcomm ar8035	eq	-
qualcomm:csra6620	qualcomm csra6620	eq	-
qualcomm:csra6640	qualcomm csra6640	eq	-
qualcomm:pm215	qualcomm pm215	eq	-
qualcomm:pm3003a	qualcomm pm3003a	eq	-
qualcomm:pm6125	qualcomm pm6125	eq	-
qualcomm:pm6150	qualcomm pm6150	eq	-
qualcomm:pm6150a	qualcomm pm6150a	eq	-

Rows per page:

1-10 of 2801

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, PM215, PM3003A, PM6125, PM6150, PM6150A, PM6150L, PM6350, PM640A, PM640L, PM640P, PM660, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM855P, PM8909, PM8916, PMC1000H, PMD9655, PME605, PMI632, PMK7350, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMR525, PMR735A, PMR735B, PMX24, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6175A, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCA9377, QCA9379, QCM4290, QCS405, QCS4290, QCS603, QCS605, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643 ...[truncated*]"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

Social References

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2020-11150

nvd1 prion1 cvelist1 androidsecurity1