Lucene search

[email protected]CVE-2020-11286

HistoryFeb 22, 2021 - 7:15 a.m.

CVE-2020-11286

2021-02-2207:15:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2020-11286

untrusted pointer dereference

usb control transfers

snapdragon auto

snapdragon consumer iot

snapdragon industrial iot

snapdragon mobile

snapdragon voice & music

snapdragon wearables

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.5%

JSON

An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface & endpoint are made together. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CPENameOperatorVersion
qualcomm:mdm9206qualcomm mdm9206eq-
qualcomm:mdm9607qualcomm mdm9607eq-
qualcomm:mdm9650qualcomm mdm9650eq-
qualcomm:msm8909wqualcomm msm8909weq-
qualcomm:mdm9655qualcomm mdm9655eq-
qualcomm:mdm9640qualcomm mdm9640eq-
qualcomm:sdx20qualcomm sdx20eq-
qualcomm:sdm630qualcomm sdm630eq-
qualcomm:qca6174aqualcomm qca6174aeq-
qualcomm:qca6574auqualcomm qca6574aueq-

CPE	Name	Operator	Version
qualcomm:mdm9206	qualcomm mdm9206	eq	-
qualcomm:mdm9607	qualcomm mdm9607	eq	-
qualcomm:mdm9650	qualcomm mdm9650	eq	-
qualcomm:msm8909w	qualcomm msm8909w	eq	-
qualcomm:mdm9655	qualcomm mdm9655	eq	-
qualcomm:mdm9640	qualcomm mdm9640	eq	-
qualcomm:sdx20	qualcomm sdx20	eq	-
qualcomm:sdm630	qualcomm sdm630	eq	-
qualcomm:qca6174a	qualcomm qca6174a	eq	-
qualcomm:qca6574au	qualcomm qca6574au	eq	-

Rows per page:

1-10 of 1351

References

www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin

Social References

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

29.5%

JSON

Related for CVE-2020-11286

prion1 androidsecurity1