Lucene search

[email protected]CVE-2020-11205

HistoryNov 12, 2020 - 10:15 a.m.

CVE-2020-11205

2020-11-1210:15:12

CWE-787

CWE-190

[email protected]

web.nvd.nist.gov

cve-2020-11205

integer overflow

heap overflow

snapdragon auto

snapdragon compute

snapdragon mobile

security vulnerability

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

u’Possible integer overflow to heap overflow while processing command due to lack of check of packet length received’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

Affected configurations

NVD

Node

qualcommqsm8350_firmwareMatch-

AND

qualcommqsm8350Match-

Node

qualcommsa6145p_firmwareMatch-

AND

qualcommsa6145pMatch-

Node

qualcommsa6150p_firmwareMatch-

AND

qualcommsa6150pMatch-

Node

qualcommsa6155_firmwareMatch-

AND

qualcommsa6155Match-

Node

qualcommsa6155p_firmwareMatch-

AND

qualcommsa6155pMatch-

Node

qualcommsa8150p_firmwareMatch-

AND

qualcommsa8150pMatch-

Node

qualcommsa8155p_firmwareMatch-

AND

qualcommsa8155pMatch-

Node

qualcommsa8195p_firmwareMatch-

AND

qualcommsa8195pMatch-

Node

qualcommsdx55m_firmwareMatch-

AND

qualcommsdx55mMatch-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsm8350_firmwareMatch-

AND

qualcommsm8350Match-

Node

qualcommsm8350p_firmwareMatch-

AND

qualcommsm8350pMatch-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

Node

qualcommsxr2130p_firmwareMatch-

AND

qualcommsxr2130pMatch-

CPENameOperatorVersion
qualcomm:qsm8350_firmwarequalcomm qsm8350 firmwareeq-

CPE	Name	Operator	Version
qualcomm:qsm8350_firmware	qualcomm qsm8350 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350, SM8350P, SXR2130, SXR2130P"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVE-2020-11205

prion1 cvelist1 nvd1