CVE-2020-11181

Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin	Broken Link
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:pm3003a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm3003a:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:pm8009_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8009:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:pm8150a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8150a:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:pm8150b_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8150b:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:pm8150c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8150c:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:pm8150l_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8150l:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:pm8250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8250:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:pmk8002_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmk8002:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:pmr525_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmr525:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:qualcomm:pmx55_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmx55:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:qualcomm:qbt2000_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qbt2000:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:qualcomm:qca6421_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6421:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6426:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:qualcomm:qca6431_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6431:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6436:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:qualcomm:qfs2530_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qfs2530:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:qualcomm:qfs2580_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qfs2580:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qsm8250:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:qualcomm:qtc800h_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qtc800h:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:qualcomm:qtc801s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qtc801s:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd865_5g:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:qualcomm:sdr8250_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdr8250:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:qualcomm:sdr865_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdr865:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdx55m:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdxr2_5g:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:qualcomm:smb1355_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:smb1355:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:qualcomm:smb1390_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:smb1390:-:*:*:*:*:*:*:*

Configuration 31 (hide)

AND

cpe:2.3:o:qualcomm:smr525_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:smr525:-:*:*:*:*:*:*:*

Configuration 32 (hide)

AND

cpe:2.3:o:qualcomm:smr526_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:smr526:-:*:*:*:*:*:*:*

Configuration 33 (hide)

AND

cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:*

Configuration 34 (hide)

AND

cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:*

Configuration 35 (hide)

AND

cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn6750:-:*:*:*:*:*:*:*

Configuration 36 (hide)

AND

cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn6850:-:*:*:*:*:*:*:*

Configuration 37 (hide)

AND

cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn6851:-:*:*:*:*:*:*:*

Configuration 38 (hide)

AND

cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*

Configuration 39 (hide)

AND

cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*

History

29 Jan 2021, 23:11

Type	Values Removed	Values Added
References		(MISC) https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin - Vendor Advisory
References	~~(CONFIRM) https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin -~~	(CONFIRM) https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin - Broken Link
CWE		CWE-787
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.2 v3 : 7.8
CPE		cpe:2.3:h:qualcomm:wsa8810:-:::::::* cpe:2.3:o:qualcomm:wcn6750_firmware:-:::::::* cpe:2.3:h:qualcomm:wsa8815:-:::::::* cpe:2.3:h:qualcomm:qsm8250:-:::::::* cpe:2.3:o:qualcomm:pmx55_firmware:-:::::::* cpe:2.3:h:qualcomm:sdr865:-:::::::* cpe:2.3:h:qualcomm:qca6426:-:::::::* cpe:2.3:o:qualcomm:qca6436_firmware:-:::::::* cpe:2.3:o:qualcomm:smr526_firmware:-:::::::* cpe:2.3:h:qualcomm:pm8150c:-:::::::* cpe:2.3:o:qualcomm:wcd9385_firmware:-:::::::* cpe:2.3:o:qualcomm:wsa8815_firmware:-:::::::* cpe:2.3:o:qualcomm:qca6431_firmware:-:::::::* cpe:2.3:h:qualcomm:sdx55m:-:::::::* cpe:2.3:o:qualcomm:wcd9380_firmware:-:::::::* cpe:2.3:h:qualcomm:pm8150a:-:::::::* cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:::::::* cpe:2.3:o:qualcomm:smb1390_firmware:-:::::::* cpe:2.3:h:qualcomm:sdxr2_5g:-:::::::* cpe:2.3:o:qualcomm:pm8250_firmware:-:::::::* cpe:2.3:h:qualcomm:pm8150b:-:::::::* cpe:2.3:o:qualcomm:qfs2580_firmware:-:::::::* cpe:2.3:h:qualcomm:smr525:-:::::::* cpe:2.3:h:qualcomm:wcn6850:-:::::::* cpe:2.3:o:qualcomm:pm8150b_firmware:-:::::::* cpe:2.3:h:qualcomm:pmx55:-:::::::* cpe:2.3:o:qualcomm:pm3003a_firmware:-:::::::* cpe:2.3:o:qualcomm:pm8150l_firmware:-:::::::* cpe:2.3:o:qualcomm:sdx55m_firmware:-:::::::* cpe:2.3:o:qualcomm:qca6390_firmware:-:::::::* cpe:2.3:h:qualcomm:sd865_5g:-:::::::* cpe:2.3:h:qualcomm:qbt2000:-:::::::* cpe:2.3:o:qualcomm:qsm8250_firmware:-:::::::* cpe:2.3:h:qualcomm:qtc800h:-:::::::* cpe:2.3:o:qualcomm:pm8009_firmware:-:::::::* cpe:2.3:o:qualcomm:qfs2530_firmware:-:::::::* cpe:2.3:h:qualcomm:pm8009:-:::::::* cpe:2.3:o:qualcomm:sdr8250_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn6850_firmware:-:::::::* cpe:2.3:o:qualcomm:wcn6851_firmware:-:::::::* cpe:2.3:o:qualcomm:smr525_firmware:-:::::::* cpe:2.3:o:qualcomm:qca6391_firmware:-:::::::* cpe:2.3:h:qualcomm:wcd9380:-:::::::* cpe:2.3:h:qualcomm:pmr525:-:::::::* cpe:2.3:h:qualcomm:qca6436:-:::::::* cpe:2.3:h:qualcomm:qca6391:-:::::::* cpe:2.3:h:qualcomm:smr526:-:::::::* cpe:2.3:o:qualcomm:qca6421_firmware:-:::::::* cpe:2.3:h:qualcomm:qca6431:-:::::::* cpe:2.3:o:qualcomm:pm8150a_firmware:-:::::::* cpe:2.3:o:qualcomm:sdx55_firmware:-:::::::* cpe:2.3:o:qualcomm:pmr525_firmware:-:::::::* cpe:2.3:o:qualcomm:sd865_5g_firmware:-:::::::* cpe:2.3:h:qualcomm:smb1390:-:::::::* cpe:2.3:h:qualcomm:pm3003a:-:::::::* cpe:2.3:h:qualcomm:wcd9385:-:::::::* cpe:2.3:o:qualcomm:qca6426_firmware:-:::::::* cpe:2.3:h:qualcomm:qca6421:-:::::::* cpe:2.3:h:qualcomm:pm8250:-:::::::* cpe:2.3:o:qualcomm:wsa8810_firmware:-:::::::* cpe:2.3:o:qualcomm:pmk8002_firmware:-:::::::* cpe:2.3:h:qualcomm:qtc801s:-:::::::* cpe:2.3:h:qualcomm:sdx55:-:::::::* cpe:2.3:h:qualcomm:wcn6750:-:::::::* cpe:2.3:o:qualcomm:qbt2000_firmware:-:::::::* cpe:2.3:o:qualcomm:pm8150c_firmware:-:::::::* cpe:2.3:h:qualcomm:qfs2530:-:::::::* cpe:2.3:o:qualcomm:sdr865_firmware:-:::::::* cpe:2.3:h:qualcomm:pmk8002:-:::::::* cpe:2.3:o:qualcomm:qtc800h_firmware:-:::::::* cpe:2.3:h:qualcomm:pm8150l:-:::::::* cpe:2.3:o:qualcomm:qtc801s_firmware:-:::::::* cpe:2.3:h:qualcomm:wcn6851:-:::::::* cpe:2.3:h:qualcomm:qca6390:-:::::::* cpe:2.3:h:qualcomm:qfs2580:-:::::::* cpe:2.3:o:qualcomm:smb1355_firmware:-:::::::* cpe:2.3:h:qualcomm:smb1355:-:::::::* cpe:2.3:h:qualcomm:sdr8250:-:::::::*

21 Jan 2021, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-01-21 10:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-11181

Mitre link : CVE-2020-11181

CVE.ORG link : CVE-2020-11181

JSON object : View

Products Affected

qualcomm

pm8250
sdx55m_firmware
qca6391
wcn6851_firmware
qca6390
pm8150l
sdxr2_5g
pm8150b
smb1355_firmware
wcd9385
pm3003a_firmware
qtc800h_firmware
wcn6850_firmware
wsa8810_firmware
sdx55m
qtc801s_firmware
sdx55
sd865_5g_firmware
qsm8250_firmware
sdr8250
qbt2000_firmware
wsa8810
qsm8250
pm3003a
smb1390
qca6436_firmware
smr525
pm8150b_firmware
sd865_5g
qca6421_firmware
qca6391_firmware
qfs2530_firmware
pmk8002
pm8150l_firmware
pmk8002_firmware
pmr525_firmware
pm8150c
qca6426
smr526
sdxr2_5g_firmware
sdr865_firmware
wcn6850
wsa8815_firmware
pm8009_firmware
qfs2580_firmware
qca6421
qca6431_firmware
pmx55_firmware
qca6426_firmware
smb1355
wcn6750_firmware
wcd9380
sdr865
qtc800h
pm8009
wcn6851
pm8150a_firmware
wcd9385_firmware
pm8150a
qca6390_firmware
wcd9380_firmware
qbt2000
qfs2530
pmr525
smb1390_firmware
pm8150c_firmware
pmx55
pm8250_firmware
sdx55_firmware
smr525_firmware
smr526_firmware
wcn6750
qtc801s
qfs2580
wsa8815
qca6436
qca6431
sdr8250_firmware

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

7.8 /10