CVE-2020-11154

{"id": "CVE-2020-11154", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2020-11-02T07:15:13.593", "references": [{"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin", "tags": ["Broken Link"], "source": "product-security@qualcomm.com"}, {"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin", "tags": ["Vendor Advisory"], "source": "nvd@nist.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-120"}]}], "descriptions": [{"lang": "en", "value": "u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55"}, {"lang": "es", "value": "Un desbordamiento del b\u00fafer mientras procesa un paquete de datos PDU dise\u00f1ado en bluetooth debido a una falta de comprobaci\u00f3n del tama\u00f1o del b\u00fafer antes de copiarlo en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking en versiones APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55"}], "lastModified": "2020-11-03T17:41:56.583", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C61BF93F-53DF-4399-AF41-45CEC1E0A2B8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7CC498E0-B82B-4A53-8F55-6C1DA58AFA88"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B052615D-857A-46D4-9098-1CBFA14687C6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19B59B60-A298-4A56-A45A-E34B7AAB43D7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96FBD6DF-F174-4690-AA3D-1E8974E3627F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A3BF86E1-3FAC-4A42-8C01-5944C6C30AE5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C9D1966-30F0-414D-BE75-0A14B12A1457"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CD28C87D-1D28-4C84-BFE4-56EE3BF2C6B0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qcn7606_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F466A5BD-1912-4811-9A93-81555F101D46"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qcn7606:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0F92914E-16F6-4A25-9FEF-FB7CB3377132"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4387DBE-67F7-4E95-A2B0-828211EBDC22"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sa415m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AC798E06-0A2E-4DAD-81D1-9B2FAE6327C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02A2DB6A-7137-4D3D-9D6E-B9B0D0376758"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sa515m:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5BE4F498-4C58-4DCC-B7D8-1B461177D083"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0514D433-162C-4680-8912-721D19BE6201"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8648B38-2597-401A-8F53-D582FA911569"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A01CD59B-8F21-4CD6-8A1A-7B37547A8715"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30A45C1A-C921-42B5-9237-367245023B45"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56C9D979-F214-4CD4-8CF9-43BC804BB179"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E93FB34B-3674-404D-9687-E092E9A246AB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F3FF5A9A-A34A-499C-B6E0-D67B496C5454"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product-security@qualcomm.com"}