CVE-2020-11167

CVE-2020-11167 is a Qualcomm Snapdragon Bluetooth issue where memory corruption can occur in the L2CAP reassembly logic if a remote device sends more data than expected. Connected sources (Qualcomm December 2020 bulletins, Red Hat advisory, NVD entry) confirm affected Snapdragon Bluetooth compone...

CVE-2020-11167

Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearab...

CVE-2020-11151

CVE-2020-11151 describes a race condition in video handling on Qualcomm Snapdragon devices (Auto, Compute, Connectivity, Industrial IOT, Mobile, Wearables). Two threads calling a user-space ioctl concurrently can trigger a use-after-free in the video stack. Impact per NVD indicates potential high...

CVE-2020-11150

CVE-2020-11150 describes an out-of-bounds memory access in the camera driver caused by improper validation of data from UMD, which affects pointer offset manipulation across multiple Snapdragon SKUs (Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music/Wearables). The issue ...

CVE-2020-11149

CVE-2020-11149 involves an out-of-bounds access caused by an out-of-range pointer offset in the camera driver across Snapdragon platforms (Auto/Compute/Connectivity/Consumer IoT/Industrial IoT/Mobile/Voice & Music/Wearables). The vulnerability stems from improper pointer handling in the camera su...

CVE-2020-11148

CVE-2020-11148 describes a use-after-free in HIDL when posting events from a callback in a Snapdragon stack (Auto/Compute/Connectivity/Consumer IOT/Industrial IOT/Mobile/Wearables). The root cause is that a callback instance can be deleted in a window where an internal mutex is not held and a clo...

CVE-2020-11148

Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is deleted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...

CVE-2020-11146

Out of bound write while copying data using IOCTL due to lack of check of array index received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2020-11146

CVE-2020-11146 describes an out-of-bounds write during IOCTL data copying due to missing check of a user-provided array index in Qualcomm Snapdragon components (across Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, Wearables). This enables a local att...

CVE-2020-11145

CVE-2020-11145 describes a divide-by-zero flaw in the delta extension header update caused by improper validation of master SN and extension header SN in Qualcomm Snapdragon components (Auto, Compute, Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Wearables, etc.). This is reported acro...

CVE-2020-11144

CVE-2020-11144 affects Qualcomm Snapdragon family components (Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables). Root cause: buffer over-read from decompression of invalid DL ROHC packets due to missing size check on the compressed packet...

CVE-2020-11140

CVE-2020-11140 describes an out-of-bounds memory access during music playback with ALAC-modified content due to improper validation in Qualcomm Snapdragon components. Affected are Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, IoT, Mobile, Voice & Music, Wearables, and Wire...

CVE-2020-11139

CVE-2020-11139 describes an out-of-bounds memory access when processing frames due to insufficient validation of invalid frames in Qualcomm Snapdragon components (across Snapdragon Auto/Compute/Connectivity/IoT families). The vulnerability affects Snapdragon platforms and is associated with proce...

CVE-2020-11119

Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT...

CVE-2020-11136

CVE-2020-11136 corresponds to a buffer over-read in the Qualcomm audio driver caused by not returning NULL for a zero-sized memory request in the vulnerable Snapdragon family (Auto/Compute/Connectivity/IOT/Mobile, etc.). The issue affects Qualcomm closed‑source components and is listed as Critica...

Create Efficient Well-Architected Cloud Infrastructure

This article explores the Performance Efficiency pillar of the Amazon Web Services and Azure Well-Architected Framework. We will examine how to create performance efficiency in the compute, storage, database, and network elements of cloud infrastructures...

CVE-2020-29651

A denial of service via regular expression in the py.path.svnwc component of py aka python-py through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality...

How DevOps Tools Can Help Publishers Thrive

Agility has proven to be a key weapon in the publisher arsenal during the pandemic. Agile firms -- particularly news publishers -- that switched directions or added digital services quickly reaped the rewards of new readers and viewers, even if the audience boost didn't result in a similar increa...

CVE-2020-29651

A denial of service via regular expression in the py.path.svnwc component of py aka python-py through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality...

CVE-2020-29651

A denial of service via regular expression in the py.path.svnwc component of py aka python-py through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality...