Lucene search

[email protected]CVE-2020-11181

HistoryJan 21, 2021 - 10:15 a.m.

CVE-2020-11181

2021-01-2110:15:14

CWE-119

[email protected]

web.nvd.nist.gov

cve-2020-11181

out of bound access

cvp process control command

snapdragon

nvd

security issue

improper validation

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Affected configurations

NVD

Node

qualcommpm3003a_firmwareMatch-

AND

qualcommpm3003aMatch-

Node

qualcommpm8009_firmwareMatch-

AND

qualcommpm8009Match-

Node

qualcommpm8150a_firmwareMatch-

AND

qualcommpm8150aMatch-

Node

qualcommpm8150b_firmwareMatch-

AND

qualcommpm8150bMatch-

Node

qualcommpm8150c_firmwareMatch-

AND

qualcommpm8150cMatch-

Node

qualcommpm8150l_firmwareMatch-

AND

qualcommpm8150lMatch-

Node

qualcommpm8250_firmwareMatch-

AND

qualcommpm8250Match-

Node

qualcommpmk8002_firmwareMatch-

AND

qualcommpmk8002Match-

Node

qualcommpmr525_firmwareMatch-

AND

qualcommpmr525Match-

Node

qualcommpmx55_firmwareMatch-

AND

qualcommpmx55Match-

Node

qualcommqbt2000_firmwareMatch-

AND

qualcommqbt2000Match-

Node

qualcommqca6390_firmwareMatch-

AND

qualcommqca6390Match-

Node

qualcommqca6391_firmwareMatch-

AND

qualcommqca6391Match-

Node

qualcommqca6421_firmwareMatch-

AND

qualcommqca6421Match-

Node

qualcommqca6426_firmwareMatch-

AND

qualcommqca6426Match-

Node

qualcommqca6431_firmwareMatch-

AND

qualcommqca6431Match-

Node

qualcommqca6436_firmwareMatch-

AND

qualcommqca6436Match-

Node

qualcommqfs2530_firmwareMatch-

AND

qualcommqfs2530Match-

Node

qualcommqfs2580_firmwareMatch-

AND

qualcommqfs2580Match-

Node

qualcommqsm8250_firmwareMatch-

AND

qualcommqsm8250Match-

Node

qualcommqtc800h_firmwareMatch-

AND

qualcommqtc800hMatch-

Node

qualcommqtc801s_firmwareMatch-

AND

qualcommqtc801sMatch-

Node

qualcommsd865_5g_firmwareMatch-

AND

qualcommsd865_5gMatch-

Node

qualcommsdr8250_firmwareMatch-

AND

qualcommsdr8250Match-

Node

qualcommsdr865_firmwareMatch-

AND

qualcommsdr865Match-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsdx55m_firmwareMatch-

AND

qualcommsdx55mMatch-

Node

qualcommsdxr2_5g_firmwareMatch-

AND

qualcommsdxr2_5gMatch-

Node

qualcommsmb1355_firmwareMatch-

AND

qualcommsmb1355Match-

Node

qualcommsmb1390_firmwareMatch-

AND

qualcommsmb1390Match-

Node

qualcommsmr525_firmwareMatch-

AND

qualcommsmr525Match-

Node

qualcommsmr526_firmwareMatch-

AND

qualcommsmr526Match-

Node

qualcommwcd9380_firmwareMatch-

AND

qualcommwcd9380Match-

Node

qualcommwcd9385_firmwareMatch-

AND

qualcommwcd9385Match-

Node

qualcommwcn6750_firmwareMatch-

AND

qualcommwcn6750Match-

Node

qualcommwcn6850_firmwareMatch-

AND

qualcommwcn6850Match-

Node

qualcommwcn6851_firmwareMatch-

AND

qualcommwcn6851Match-

Node

qualcommwsa8810_firmwareMatch-

AND

qualcommwsa8810Match-

Node

qualcommwsa8815_firmwareMatch-

AND

qualcommwsa8815Match-

CPENameOperatorVersion
qualcomm:pm3003a_firmwarequalcomm pm3003a firmwareeq-

CPE	Name	Operator	Version
qualcomm:pm3003a_firmware	qualcomm pm3003a firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "PM3003A, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PMK8002, PMR525, PMX55, QBT2000, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QFS2530, QFS2580, QSM8250, QTC800H, QTC801S, SD865 5G, SDR8250, SDR865, SDX55, SDX55M, SDXR2 5G, SMB1355, SMB1390, SMR525, SMR526, WCD9380, WCD9385, WCN6750, WCN6850, WCN6851, WSA8810, WSA8815"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVE-2020-11181

nvd1 prion1 cvelist1