Lucene search

[email protected]CVE-2020-11254

HistoryMay 07, 2021 - 9:15 a.m.

CVE-2020-11254

2021-05-0709:15:07

CWE-476

[email protected]

web.nvd.nist.gov

cve-2020-11254

memory corruption

buffer allocation

snapdragon auto

snapdragon compute

snapdragon connectivity

snapdragon mobile

nvd

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Affected configurations

NVD

Node

qualcommpm6150aMatch-

qualcommpm6150lMatch-

qualcommpm6350Match-

qualcommpm660Match-

qualcommpm660lMatch-

qualcommpm7250bMatch-

qualcommpm8008Match-

qualcommpm8009Match-

qualcommpm8350Match-

qualcommpm8350bMatch-

qualcommpm8350bhMatch-

qualcommpm8350cMatch-

qualcommpmk8003Match-

qualcommpmk8350Match-

qualcommpmm6155auMatch-

qualcommpmm8155auMatch-

qualcommpmm8195auMatch-

qualcommpmr735aMatch-

qualcommpmr735bMatch-

qualcommqat3516Match-

qualcommqat3518Match-

qualcommqat3519Match-

qualcommqat3555Match-

qualcommqat5515Match-

qualcommqat5516Match-

qualcommqat5522Match-

qualcommqat5568Match-

qualcommqbt1500Match-

qualcommqca6574auMatch-

qualcommqca6696Match-

qualcommqdm3301Match-

qualcommqdm4643Match-

qualcommqdm4650Match-

qualcommqdm5620Match-

qualcommqdm5621Match-

qualcommqdm5670Match-

qualcommqdm5671Match-

qualcommqet5100Match-

qualcommqet5100mMatch-

qualcommqet6100Match-

qualcommqet6105Match-

qualcommqet6110Match-

qualcommqfs2530Match-

qualcommqfs2580Match-

qualcommqfs2608Match-

qualcommqfs2630Match-

qualcommqln4642Match-

qualcommqln4650Match-

qualcommqln5020Match-

qualcommqln5030Match-

qualcommqln5040Match-

qualcommqpa2625Match-

qualcommqpa5461Match-

qualcommqpa5580Match-

qualcommqpa5581Match-

qualcommqpa8801Match-

qualcommqpa8802Match-

qualcommqpa8803Match-

qualcommqpa8821Match-

qualcommqpa8842Match-

qualcommqpm4621Match-

qualcommqpm4630Match-

qualcommqpm4640Match-

qualcommqpm4641Match-

qualcommqpm4650Match-

qualcommqpm5621Match-

qualcommqpm5641Match-

qualcommqpm5670Match-

qualcommqpm5677Match-

qualcommqpm5679Match-

qualcommqpm5870Match-

qualcommqpm5875Match-

qualcommqpm6585Match-

qualcommqpm6621Match-

qualcommqpm6670Match-

qualcommqpm8820Match-

qualcommqpm8870Match-

qualcommqtc800hMatch-

qualcommqtc800sMatch-

qualcommqtc801sMatch-

qualcommqtm525Match-

qualcommsa6145pMatch-

qualcommsa6150pMatch-

qualcommsa6155pMatch-

qualcommsa8150pMatch-

qualcommsa8155pMatch-

qualcommsa8195pMatch-

qualcommsd480Match-

qualcommsd670Match-

qualcommsd710Match-

qualcommsd888Match-

qualcommsd888_5gMatch-

qualcommsdr660Match-

qualcommsdr660gMatch-

qualcommsdr735Match-

qualcommsdr735gMatch-

qualcommsdr865Match-

qualcommsdxr1Match-

qualcommsmb1351Match-

qualcommsmb1355Match-

qualcommsmb1396Match-

qualcommsmb1398Match-

qualcommsmr526Match-

qualcommsmr545Match-

qualcommsmr546Match-

qualcommwcd9326Match-

qualcommwcd9341Match-

qualcommwcd9370Match-

qualcommwcd9375Match-

qualcommwcd9380Match-

qualcommwcd9385Match-

qualcommwcn3980Match-

qualcommwcn3988Match-

qualcommwcn3990Match-

qualcommwcn3991Match-

qualcommwcn6850Match-

qualcommwcn6851Match-

qualcommwcn6855Match-

qualcommwcn6856Match-

qualcommwsa8830Match-

qualcommwsa8835Match-

CPENameOperatorVersion
qualcomm:pm6150aqualcomm pm6150aeq-
qualcomm:pm6150lqualcomm pm6150leq-
qualcomm:pm6350qualcomm pm6350eq-
qualcomm:pm660qualcomm pm660eq-
qualcomm:pm660lqualcomm pm660leq-
qualcomm:pm7250bqualcomm pm7250beq-
qualcomm:pm8008qualcomm pm8008eq-
qualcomm:pm8009qualcomm pm8009eq-
qualcomm:pm8350qualcomm pm8350eq-
qualcomm:pm8350bqualcomm pm8350beq-

CPE	Name	Operator	Version
qualcomm:pm6150a	qualcomm pm6150a	eq	-
qualcomm:pm6150l	qualcomm pm6150l	eq	-
qualcomm:pm6350	qualcomm pm6350	eq	-
qualcomm:pm660	qualcomm pm660	eq	-
qualcomm:pm660l	qualcomm pm660l	eq	-
qualcomm:pm7250b	qualcomm pm7250b	eq	-
qualcomm:pm8008	qualcomm pm8008	eq	-
qualcomm:pm8009	qualcomm pm8009	eq	-
qualcomm:pm8350	qualcomm pm8350	eq	-
qualcomm:pm8350b	qualcomm pm8350b	eq	-

Rows per page:

1-10 of 1211

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "PM6150A, PM6150L, PM6350, PM660, PM660L, PM7250B, PM8008, PM8009, PM8350, PM8350B, PM8350BH, PM8350C, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMR735A, PMR735B, QAT3516, QAT3518, QAT3519, QAT3555, QAT5515, QAT5516, QAT5522, QAT5568, QBT1500, QCA6574AU, QCA6696, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5670, QDM5671, QET5100, QET5100M, QET6100, QET6105, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA5461, QPA5580, QPA5581, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5621, QPM5641, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6585, QPM6621, QPM6670, QPM8820, QPM8870, QTC800H, QTC800S, QTC801S, QTM525, SA6145P, SA6150P, SA6155P, SA8150P, SA8155P, SA8195P, SD480, SD670, SD710, SD888, SD888 5G, SDR660, SDR660G, SDR735, SDR735G, SDR865, SDXR1, SMB1351, SMB1355, SMB1396, SMB1398, SMR526, SMR545, SMR546, WCD9326, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3980, WCN3988, WCN3 ...[truncated*]"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin

Social References

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVE-2020-11254

nvd1 prion1 cvelist1