Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2021-AVI-001
Vulnerability from certfr_avis - Published: 2021-01-05 - Updated: 2021-01-05
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données, une élévation de privilèges et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions sans le correctif de s\u00e9curit\u00e9 du 05 janvier 2021",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-0311",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0311"
},
{
"name": "CVE-2021-0321",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0321"
},
{
"name": "CVE-2020-11235",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11235"
},
{
"name": "CVE-2021-0320",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0320"
},
{
"name": "CVE-2021-0312",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0312"
},
{
"name": "CVE-2021-0323",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0323"
},
{
"name": "CVE-2020-11181",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11181"
},
{
"name": "CVE-2020-11240",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11240"
},
{
"name": "CVE-2021-0322",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0322"
},
{
"name": "CVE-2019-9376",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9376"
},
{
"name": "CVE-2020-11159",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11159"
},
{
"name": "CVE-2020-11241",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11241"
},
{
"name": "CVE-2021-0315",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0315"
},
{
"name": "CVE-2020-10732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
},
{
"name": "CVE-2020-0471",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0471"
},
{
"name": "CVE-2021-0306",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0306"
},
{
"name": "CVE-2021-0317",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0317"
},
{
"name": "CVE-2021-0310",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0310"
},
{
"name": "CVE-2021-0319",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0319"
},
{
"name": "CVE-2021-0301",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0301"
},
{
"name": "CVE-2021-0304",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0304"
},
{
"name": "CVE-2016-6328",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6328"
},
{
"name": "CVE-2020-11182",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11182"
},
{
"name": "CVE-2020-11238",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11238"
},
{
"name": "CVE-2020-11261",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11261"
},
{
"name": "CVE-2021-0313",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0313"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2020-11262",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11262"
},
{
"name": "CVE-2020-11260",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11260"
},
{
"name": "CVE-2020-11250",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11250"
},
{
"name": "CVE-2021-0316",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0316"
},
{
"name": "CVE-2020-11126",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11126"
},
{
"name": "CVE-2021-0308",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0308"
},
{
"name": "CVE-2021-0309",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0309"
},
{
"name": "CVE-2021-0303",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0303"
},
{
"name": "CVE-2021-0318",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0318"
},
{
"name": "CVE-2020-11233",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11233"
},
{
"name": "CVE-2020-11239",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11239"
},
{
"name": "CVE-2021-0307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0307"
},
{
"name": "CVE-2020-10766",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10766"
},
{
"name": "CVE-2020-11134",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11134"
}
],
"initial_release_date": "2021-01-05T00:00:00",
"last_revision_date": "2021-01-05T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 PIxel 2021-01-1 du 04 janvier 2021",
"url": "https://source.android.com/security/bulletin/pixel/2021-01-01"
}
],
"reference": "CERTFR-2021-AVI-001",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de\nservice.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Pixel 2021-01-1 du 04 janvier 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google 2021-01-1 du 04 janvier 2021",
"url": "https://source.android.com/security/bulletin/2021-01-01"
}
]
}
CVE-2020-11233 (GCVE-0-2020-11233)
Vulnerability from cvelistv5 – Published: 2021-06-09 05:00 – Updated: 2024-08-04 11:28
VLAI
EPSS
Summary
Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Severity
No CVSS data available.
CWE
- Time of Check Time of Use Race Condition in Boot
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
Affected:
APQ8009, APQ8009W, APQ8017, APQ8053, APQ8076, APQ8096AU, CSR6030, MDM9206, MDM9230, MDM9250, MDM9330, MDM9607, MDM9626, MDM9628, MDM9630, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8937, MSM8996AU, PM215, PM439, PM660, PM8004, PM8909, PM8916, PM8937, PM8952, PM8953, PM8956, PM8996, PMD9607, PMD9635, PMD9645, PMD9655, PMI632, PMI8937, PMI8952, PMI8994, PMI8996, PMK8001, PMM8996AU, PMX20, QCA4020, QCA6174, QCA6174A, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584, QCA9367, QCA9377, QCA9379, QCC1110, QCC112, QET4100, QET4101, QET4200AQ, QFE1035, QFE1040, QFE1045, QFE2340, QFE2550, QFE3100, QFE3320, QFE3335, QFE3345, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QSW8573, QTC801S, Qualcomm215, RGR7640AU, SD205, SD210, SD439, SD820, SDW2500, SDW3100, SDX20, SDX20M, SMB1350, SMB1351, SMB1355, SMB1357, SMB1358, SMB1360, SMB231, SMB358S, WCD9306, WCD9326, WCD9330, WCD9335, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WGR7640, WSA8810, WSA8815, WTR2955, WTR2965, WTR3905, WTR3925, WTR4905, WTR5975
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.792Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009, APQ8009W, APQ8017, APQ8053, APQ8076, APQ8096AU, CSR6030, MDM9206, MDM9230, MDM9250, MDM9330, MDM9607, MDM9626, MDM9628, MDM9630, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8937, MSM8996AU, PM215, PM439, PM660, PM8004, PM8909, PM8916, PM8937, PM8952, PM8953, PM8956, PM8996, PMD9607, PMD9635, PMD9645, PMD9655, PMI632, PMI8937, PMI8952, PMI8994, PMI8996, PMK8001, PMM8996AU, PMX20, QCA4020, QCA6174, QCA6174A, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584, QCA9367, QCA9377, QCA9379, QCC1110, QCC112, QET4100, QET4101, QET4200AQ, QFE1035, QFE1040, QFE1045, QFE2340, QFE2550, QFE3100, QFE3320, QFE3335, QFE3345, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QSW8573, QTC801S, Qualcomm215, RGR7640AU, SD205, SD210, SD439, SD820, SDW2500, SDW3100, SDX20, SDX20M, SMB1350, SMB1351, SMB1355, SMB1357, SMB1358, SMB1360, SMB231, SMB358S, WCD9306, WCD9326, WCD9330, WCD9335, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WGR7640, WSA8810, WSA8815, WTR2955, WTR2965, WTR3905, WTR3925, WTR4905, WTR5975"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Time of Check Time of Use Race Condition in Boot",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T05:00:41.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8009W, APQ8017, APQ8053, APQ8076, APQ8096AU, CSR6030, MDM9206, MDM9230, MDM9250, MDM9330, MDM9607, MDM9626, MDM9628, MDM9630, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8937, MSM8996AU, PM215, PM439, PM660, PM8004, PM8909, PM8916, PM8937, PM8952, PM8953, PM8956, PM8996, PMD9607, PMD9635, PMD9645, PMD9655, PMI632, PMI8937, PMI8952, PMI8994, PMI8996, PMK8001, PMM8996AU, PMX20, QCA4020, QCA6174, QCA6174A, QCA6564A, QCA6564AU, QCA6574A, QCA6574AU, QCA6584, QCA9367, QCA9377, QCA9379, QCC1110, QCC112, QET4100, QET4101, QET4200AQ, QFE1035, QFE1040, QFE1045, QFE2340, QFE2550, QFE3100, QFE3320, QFE3335, QFE3345, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QSW8573, QTC801S, Qualcomm215, RGR7640AU, SD205, SD210, SD439, SD820, SDW2500, SDW3100, SDX20, SDX20M, SMB1350, SMB1351, SMB1355, SMB1357, SMB1358, SMB1360, SMB231, SMB358S, WCD9306, WCD9326, WCD9330, WCD9335, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WGR7640, WSA8810, WSA8815, WTR2955, WTR2965, WTR3905, WTR3925, WTR4905, WTR5975"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Time of Check Time of Use Race Condition in Boot"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11233",
"datePublished": "2021-06-09T05:00:41.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11235 (GCVE-0-2020-11235)
Vulnerability from cvelistv5 – Published: 2021-06-09 05:00 – Updated: 2024-08-04 11:28
VLAI
EPSS
Summary
Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Severity
No CVSS data available.
CWE
- Integer Overflow to Buffer Overflow in WLAN
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking |
Affected:
APQ8009, APQ8017, APQ8053, APQ8064AU, APQ8076, APQ8084, APQ8092, APQ8094, APQ8096AU, AQT1000, AR7420, AR8031, AR8035, AR8151, AR9380, CSR6030, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8215, MDM9206, MDM9215, MDM9225, MDM9225M, MDM9230, MDM9235M, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9625, MDM9625M, MDM9626, MDM9628, MDM9630, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8976, MSM8992, MSM8994, MSM8996AU, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8018, PM8019, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8 ...[truncated*]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.379Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009, APQ8017, APQ8053, APQ8064AU, APQ8076, APQ8084, APQ8092, APQ8094, APQ8096AU, AQT1000, AR7420, AR8031, AR8035, AR8151, AR9380, CSR6030, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8215, MDM9206, MDM9215, MDM9225, MDM9225M, MDM9230, MDM9235M, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9625, MDM9625M, MDM9626, MDM9628, MDM9630, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8976, MSM8992, MSM8994, MSM8996AU, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8018, PM8019, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8 ...[truncated*]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Overflow to Buffer Overflow in WLAN",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T05:00:41.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"x_ConverterErrors": {
"version_name": {
"error": "version_name too long. Use array of versions to record more than one version.",
"message": "Truncated!"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8017, APQ8053, APQ8064AU, APQ8076, APQ8084, APQ8092, APQ8094, APQ8096AU, AQT1000, AR7420, AR8031, AR8035, AR8151, AR9380, CSR6030, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8215, MDM9206, MDM9215, MDM9225, MDM9225M, MDM9230, MDM9235M, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9625, MDM9625M, MDM9626, MDM9628, MDM9630, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8976, MSM8992, MSM8994, MSM8996AU, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8018, PM8019, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8952, PM8953, PM8956, PM8994, PM8996, PM8998, PMC1000H, PMC7180, PMD9607, PMD9635, PMD9645, PMD9655, PME605, PMI632, PMI8952, PMI8994, PMI8996, PMI8998, PMK7350, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8920AU, PMM8996AU, PMP8074, PMR525, PMR735A, PMR735B, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA0000, QCA1023, QCA1990, QCA4020, QCA4024, QCA4531, QCA6164, QCA6174, QCA6174A, QCA6175A, QCA6234, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA7500, QCA7520, QCA7550, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9369, QCA9377, QCA9378, QCA9378A, QCA9379, QCA9531, QCA9558, QCA9561, QCA9563, QCA9880, QCA9882, QCA9886, QCA9887, QCA9888, QCA9889, QCA9890, QCA9896, QCA9898, QCA9980, QCA9982, QCA9984, QCA9985, QCA9986, QCA9987, QCA9988, QCA9990, QCA9992, QCA9994, QCM6125, QCN3018, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5500, QCN5501, QCN5502, QCN5550, QCN6023, QCN6024, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS405, QCS603, QCS605, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFE1035, QFE1040, QFE1045, QFE1055, QFE1100, QFE1922, QFE1952, QFE2080FC, QFE2081FC, QFE2082FC, QFE2101, QFE2330, QFE2340, QFE2520, QFE2550, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, QFE3440FC, QFE4455FC, QFE4465FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1035BD, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, RGR7640AU, RSW8577, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD210, SD460, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD888 5G, SDM630, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7350, SMB1350, SMB1351, SMB1354, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMB231, SMB2351, SMB358S, SMR525, SMR526, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR1605, WTR1625L, WTR2955, WTR2965, WTR3905, WTR3925, WTR3925L, WTR3950, WTR4605, WTR4905, WTR5975, WTR6955"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow to Buffer Overflow in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11235",
"datePublished": "2021-06-09T05:00:41.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.379Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11238 (GCVE-0-2020-11238)
Vulnerability from cvelistv5 – Published: 2021-06-09 05:00 – Updated: 2024-08-04 11:28
VLAI
EPSS
Summary
Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Severity
No CVSS data available.
CWE
- Buffer Over-read in WLAN
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking |
Affected:
AQT1000, AR8031, AR8035, AR8151, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8998, PMC1000H, PMC7180, PMD9655, PME605, PMI632, PMI8998, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMP8074, PMR525, PMR735A, PMR735B, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA1062, QCA1064, QCA4024, ...[truncated*]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.795Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "AQT1000, AR8031, AR8035, AR8151, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8998, PMC1000H, PMC7180, PMD9655, PME605, PMI632, PMI8998, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMP8074, PMR525, PMR735A, PMR735B, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA1062, QCA1064, QCA4024, ...[truncated*]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Over-read in WLAN",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T05:00:42.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"x_ConverterErrors": {
"version_name": {
"error": "version_name too long. Use array of versions to record more than one version.",
"message": "Truncated!"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "AQT1000, AR8031, AR8035, AR8151, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8998, PMC1000H, PMC7180, PMD9655, PME605, PMI632, PMI8998, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMP8074, PMR525, PMR735A, PMR735B, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA1062, QCA1064, QCA4024, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9377, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFE2080FC, QFE2081FC, QFE2082FC, QFE2101, QFE3100, QFE3440FC, QFE4455FC, QFE4465FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1035BD, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, RSW8577, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD460, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD835, SD845, SD850, SD855, SD865 5G, SD888 5G, SDM630, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SMB1350, SMB1351, SMB1354, SMB1355, SMB1380, SMB1381, SMB1390, SMB1395, SMB1396, SMB1398, SMB2351, SMR525, SMR526, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6850, WCN6851, WCN6855, WCN6856, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3925, WTR5975, WTR6955"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11238",
"datePublished": "2021-06-09T05:00:42.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.795Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11239 (GCVE-0-2020-11239)
Vulnerability from cvelistv5 – Published: 2021-06-09 05:00 – Updated: 2024-08-04 11:28
VLAI
EPSS
Summary
Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Severity
No CVSS data available.
CWE
- Use After Free in Graphics
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
Affected:
APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9206, MDM9250, MDM9650, MDM9655, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8952, PM8953, PM8956, PM8996, PM8998, PMC1000H, PMD9607, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8994, PMI8996, PMI8998, PMK7350, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555 ...[truncated*]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9206, MDM9250, MDM9650, MDM9655, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8952, PM8953, PM8956, PM8996, PM8998, PMC1000H, PMD9607, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8994, PMI8996, PMI8998, PMK7350, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555 ...[truncated*]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free in Graphics",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T05:00:43.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"x_ConverterErrors": {
"version_name": {
"error": "version_name too long. Use array of versions to record more than one version.",
"message": "Truncated!"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8076, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9206, MDM9250, MDM9650, MDM9655, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8952, PM8953, PM8956, PM8996, PM8998, PMC1000H, PMD9607, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8994, PMI8996, PMI8998, PMK7350, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9367, QCA9377, QCA9379, QCC1110, QCM6125, QCS405, QCS410, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2520, QFE2550, QFE3340, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, Qualcomm215, RGR7640AU, RSW8577, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD820, SD821, SD835, SD845, SD855, SD865 5G, SD888 5G, SDA429W, SDM429W, SDM630, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDW2500, SDW3100, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SM7350, SMB1350, SMB1351, SMB1354, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMB231, SMB2351, SMR525, SMR526, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3905, WTR3925, WTR3950, WTR4905, WTR5975, WTR6955"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up properly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Graphics"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11239",
"datePublished": "2021-06-09T05:00:43.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11240 (GCVE-0-2020-11240)
Vulnerability from cvelistv5 – Published: 2021-06-09 05:00 – Updated: 2024-08-04 11:28
VLAI
EPSS
Summary
Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy of the user argument in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Severity
No CVSS data available.
CWE
- Incorrect Calculation of Buffer Size in Camera
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
Affected:
APQ8009W, APQ8017, APQ8053, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MSM8909W, MSM8917, MSM8953, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8953, PM8998, PMC1000H, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8998, PMK7350, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMR525, PMR735A, PMR735B, PMW3100, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9 ...[truncated*]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.811Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009W, APQ8017, APQ8053, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MSM8909W, MSM8917, MSM8953, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8953, PM8998, PMC1000H, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8998, PMK7350, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMR525, PMR735A, PMR735B, PMW3100, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9 ...[truncated*]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy of the user argument in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Calculation of Buffer Size in Camera",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T05:00:43.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"x_ConverterErrors": {
"version_name": {
"error": "version_name too long. Use array of versions to record more than one version.",
"message": "Truncated!"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "APQ8009W, APQ8017, APQ8053, AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, MSM8909W, MSM8917, MSM8953, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8953, PM8998, PMC1000H, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8998, PMK7350, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMR525, PMR735A, PMR735B, PMW3100, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9377, QCA9379, QCC1110, QCS405, QCS410, QCS603, QCS605, QCS610, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2520, QFE2550, QFE3340, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5621, QPM5641, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, QTM527, Qualcomm215, RSW8577, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD845, SD855, SD865 5G, SD888 5G, SDA429W, SDM429W, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDW3100, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SM7350, SMB1351, SMB1354, SMB1355, SMB1358, SMB1380, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMB2351, SMR525, SMR526, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3925, WTR4905, WTR5975, WTR6955"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy of the user argument in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Calculation of Buffer Size in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11240",
"datePublished": "2021-06-09T05:00:43.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11241 (GCVE-0-2020-11241)
Vulnerability from cvelistv5 – Published: 2021-06-09 05:00 – Updated: 2024-08-04 11:28
VLAI
EPSS
Summary
Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
Severity
No CVSS data available.
CWE
- Buffer Over-read in WLAN
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking |
Affected:
APQ8009, APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9250, MDM9607, MDM9626, MDM9628, MDM9640, MDM9650, MDM9655, MSM8994, MSM8996AU, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8996, PM8998, PMC1000H, PMC7180, PMD9607, PMD9645, PMD9655, PME605, PMI632, PMI8994, PMI8996, PMI8998, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMM8996AU, PMP8074, PMR525, PMR735A, PMR735B, PMX20, P ...[truncated*]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.847Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009, APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9250, MDM9607, MDM9626, MDM9628, MDM9640, MDM9650, MDM9655, MSM8994, MSM8996AU, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8996, PM8998, PMC1000H, PMC7180, PMD9607, PMD9645, PMD9655, PME605, PMI632, PMI8994, PMI8996, PMI8998, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMM8996AU, PMP8074, PMR525, PMR735A, PMR735B, PMX20, P ...[truncated*]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Over-read in WLAN",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T05:00:44.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"x_ConverterErrors": {
"version_name": {
"error": "version_name too long. Use array of versions to record more than one version.",
"message": "Truncated!"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8096AU, AQT1000, AR8031, AR8035, AR9380, CSR8811, CSRA6620, CSRA6640, CSRB31024, IPQ4018, IPQ4028, IPQ4029, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8069, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM9250, MDM9607, MDM9626, MDM9628, MDM9640, MDM9650, MDM9655, MSM8994, MSM8996AU, PM3003A, PM4125, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8996, PM8998, PMC1000H, PMC7180, PMD9607, PMD9645, PMD9655, PME605, PMI632, PMI8994, PMI8996, PMI8998, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMM8996AU, PMP8074, PMR525, PMR735A, PMR735B, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA1023, QCA1062, QCA1064, QCA4020, QCA4024, QCA6174A, QCA6175A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9369, QCA9377, QCA9379, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9990, QCA9992, QCA9994, QCM2290, QCM4290, QCM6125, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN7605, QCN7606, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, QTM527, RGR7640AU, RSW8577, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 675, SD 8C, SD 8CX, SD460, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD820, SD845, SD850, SD855, SD865 5G, SD888 5G, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SMB1351, SMB1354, SMB1355, SMB1357, SMB1360, SMB1380, SMB1381, SMB1390, SMB1395, SMB1396, SMB1398, SMB2351, SMR525, SMR526, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6850, WCN6851, WCN6855, WCN6856, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3905, WTR3925, WTR3950, WTR4905, WTR5975, WTR6955"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11241",
"datePublished": "2021-06-09T05:00:44.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11250 (GCVE-0-2020-11250)
Vulnerability from cvelistv5 – Published: 2021-06-09 05:00 – Updated: 2024-08-04 11:28
VLAI
EPSS
Summary
Use after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Severity
No CVSS data available.
CWE
- Use After Free in DSP Services
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
Affected:
APQ8009W, APQ8017, APQ8053, AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, FSM10055, FSM10056, IPQ6010, IPQ6018, IPQ6028, IPQ8074A, IPQ8076A, IPQ8174, MSM8909W, MSM8917, MSM8953, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM855P, PM8909, PM8937, PM8953, PM8998, PMC1000H, PMD9655, PMI632, PMI8937, PMI8952, PMI8998, PMK7350, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMP8074, PMR525, PMR735A, PMR735B, PMW3100, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA4024, QCA6175A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6 ...[truncated*]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009W, APQ8017, APQ8053, AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, FSM10055, FSM10056, IPQ6010, IPQ6018, IPQ6028, IPQ8074A, IPQ8076A, IPQ8174, MSM8909W, MSM8917, MSM8953, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM855P, PM8909, PM8937, PM8953, PM8998, PMC1000H, PMD9655, PMI632, PMI8937, PMI8952, PMI8998, PMK7350, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMP8074, PMR525, PMR735A, PMR735B, PMW3100, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA4024, QCA6175A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6 ...[truncated*]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free in DSP Services",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T05:00:45.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"x_ConverterErrors": {
"version_name": {
"error": "version_name too long. Use array of versions to record more than one version.",
"message": "Truncated!"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "APQ8009W, APQ8017, APQ8053, AQT1000, AR8031, AR8035, CSR8811, CSRA6620, CSRA6640, FSM10055, FSM10056, IPQ6010, IPQ6018, IPQ6028, IPQ8074A, IPQ8076A, IPQ8174, MSM8909W, MSM8917, MSM8953, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM855P, PM8909, PM8937, PM8953, PM8998, PMC1000H, PMD9655, PMI632, PMI8937, PMI8952, PMI8998, PMK7350, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMP8074, PMR525, PMR735A, PMR735B, PMW3100, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA4024, QCA6175A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCC1110, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5124, QCN5154, QCN9000, QCN9022, QCN9024, QCN9074, QCS405, QCS410, QCS610, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2520, QFE2550, QFE3340, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, QTM527, Qualcomm215, RSW8577, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD845, SD855, SD865 5G, SD888 5G, SDA429W, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR865, SDW3100, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SM7350, SMB1351, SMB1354, SMB1355, SMB1358, SMB1380, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMB2351, SMR525, SMR526, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3925, WTR4905, WTR5975, WTR6955"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free due to race condition when reopening the device driver repeatedly in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in DSP Services"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11250",
"datePublished": "2021-06-09T05:00:45.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11260 (GCVE-0-2020-11260)
Vulnerability from cvelistv5 – Published: 2021-06-09 05:00 – Updated: 2024-08-04 11:28
VLAI
EPSS
Summary
An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
Severity
No CVSS data available.
CWE
- Use of Uninitialized Variable in DIAG
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile |
Affected:
APQ8017, APQ8053, AQT1000, MSM8917, MSM8953, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM660, PM660A, PM660L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM855P, PM8937, PM8953, PMI632, PMI8937, PMI8952, PMK7350, PMK8002, PMK8003, PMK8350, PMR525, PMR735A, PMR735B, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA6390, QCA6391, QCA6420, QCA6430, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2550, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, Q ...[truncated*]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8017, APQ8053, AQT1000, MSM8917, MSM8953, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM660, PM660A, PM660L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM855P, PM8937, PM8953, PMI632, PMI8937, PMI8952, PMK7350, PMK8002, PMK8003, PMK8350, PMR525, PMR735A, PMR735B, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA6390, QCA6391, QCA6420, QCA6430, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2550, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, Q ...[truncated*]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Uninitialized Variable in DIAG",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T05:00:49.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"x_ConverterErrors": {
"version_name": {
"error": "version_name too long. Use array of versions to record more than one version.",
"message": "Truncated!"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "APQ8017, APQ8053, AQT1000, MSM8917, MSM8953, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM660, PM660A, PM660L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855B, PM855L, PM855P, PM8937, PM8953, PMI632, PMI8937, PMI8952, PMK7350, PMK8002, PMK8003, PMK8350, PMR525, PMR735A, PMR735B, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA6390, QCA6391, QCA6420, QCA6430, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2550, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6585, QPM6621, QPM6670, QPM8820, QPM8870, QPM8895, QSM7250, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, Qualcomm215, RSW8577, SD 675, SD429, SD439, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD855, SD865 5G, SD888 5G, SDR051, SDR052, SDR425, SDR660, SDR675, SDR735, SDR735G, SDR8150, SDR865, SDX50M, SDX55, SDX55M, SM4125, SM4350, SM6250, SM7250P, SM7350, SMB1351, SMB1354, SMB1355, SMB1358, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMR525, SMR526, WCD9326, WCD9335, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3615, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6740, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3925"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Uninitialized Variable in DIAG"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11260",
"datePublished": "2021-06-09T05:00:49.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11261 (GCVE-0-2020-11261)
Vulnerability from cvelistv5 – Published: 2021-06-09 05:00 – Updated: 2025-10-21 23:25
VLAI
EPSS
Summary
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Severity
7.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Improper Input Validation in Graphics
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
Affected:
APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8953, PM8996, PM8998, PMC1000H, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8994, PMI8996, PMI8998, PMK7350, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT15 ...[truncated*]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-11261",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T20:11:24.667462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-12-01",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11261"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:42.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11261"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-12-01T00:00:00.000Z",
"value": "CVE-2020-11261 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8953, PM8996, PM8998, PMC1000H, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8994, PMI8996, PMI8998, PMK7350, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT15 ...[truncated*]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation in Graphics",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T05:00:49.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"x_ConverterErrors": {
"version_name": {
"error": "version_name too long. Use array of versions to record more than one version.",
"message": "Truncated!"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9650, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8953, PM8996, PM8998, PMC1000H, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8994, PMI8996, PMI8998, PMK7350, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9377, QCA9379, QCC1110, QCM2290, QCM4290, QCM6125, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2520, QFE2550, QFE3340, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, Qualcomm215, RGR7640AU, RSW8577, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD820, SD821, SD835, SD845, SD855, SD865 5G, SD888 5G, SDA429W, SDM429W, SDM630, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDW2500, SDW3100, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SM7350, SMB1350, SMB1351, SMB1354, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMB231, SMB2351, SMR525, SMR526, WCD9326, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3905, WTR3925, WTR3950, WTR4905, WTR5975, WTR6955"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation in Graphics"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11261",
"datePublished": "2021-06-09T05:00:49.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:42.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11262 (GCVE-0-2020-11262)
Vulnerability from cvelistv5 – Published: 2021-06-09 05:00 – Updated: 2024-08-04 11:28
VLAI
EPSS
Summary
A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Severity
No CVSS data available.
CWE
- Use After Free in Graphics
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
Affected:
APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9206, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8953, PM8998, PMC1000H, PMD9607, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8998, PMK7350, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6335, QC ...[truncated*]
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.849Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9206, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8953, PM8998, PMC1000H, PMD9607, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8998, PMK7350, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6335, QC ...[truncated*]"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free in Graphics",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-09T05:00:50.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
],
"x_ConverterErrors": {
"version_name": {
"error": "version_name too long. Use array of versions to record more than one version.",
"message": "Truncated!"
}
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9206, MDM9650, MSM8909W, MSM8917, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8953, PM8998, PMC1000H, PMD9607, PMD9655, PME605, PMI632, PMI8937, PMI8952, PMI8998, PMK7350, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM855AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9367, QCA9377, QCA9379, QCC1110, QCM2290, QCM4290, QCM6125, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFE2101, QFE2520, QFE2550, QFE3340, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, Qualcomm215, RGR7640AU, RSW8577, SA415M, SA515M, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD632, SD660, SD662, SD665, SD670, SD675, SD690 5G, SD710, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD835, SD845, SD855, SD865 5G, SD888 5G, SDA429W, SDM429W, SDM630, SDM830, SDR051, SDR052, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDW3100, SDX20, SDX20M, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM4350, SM6250, SM6250P, SM7250P, SM7350, SMB1350, SMB1351, SMB1354, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1394, SMB1395, SMB1396, SMB1398, SMB231, SMB2351, SMR525, SMR526, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6740, WCN6750, WCN6850, WCN6851, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3925, WTR4905, WTR5975, WTR6955"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wearables"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Graphics"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11262",
"datePublished": "2021-06-09T05:00:50.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:28:13.849Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…