Vulnerability CVE-2020-11151

Vulnerability CVE-2020-11151

Published: 2021-01-21

Description:

Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Type:

CWE-416

(Use After Free)

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
6.9/10	10/10	3.4/10

Exploit range	Attack complexity	Authentication
Local	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Qualcomm -> Pm8150a
Qualcomm -> Qat3519
Qualcomm -> Qca6574a
Qualcomm -> Qdm5650
Qualcomm -> Qln5040
Qualcomm -> Qpm5670
Qualcomm -> Sa8150p
Qualcomm -> Sdr660g
Qualcomm -> Wcd9370
Qualcomm -> Wsa8810
Qualcomm -> Pm8150b
Qualcomm -> Qat3522
Qualcomm -> Qca6574au
Qualcomm -> Qdm5652
Qualcomm -> Qpa2625
Qualcomm -> Qpm5677
Qualcomm -> Sa8155
Qualcomm -> Sdr735
Qualcomm -> Wcd9375
Qualcomm -> Wsa8815
Qualcomm -> Pm3003a
Qualcomm -> Pm8150c
Qualcomm -> Qat3550
Qualcomm -> Qca6584au
Qualcomm -> Qdm5670
Qualcomm -> Qpa4360
Qualcomm -> Qpm5679
Qualcomm -> Sa8195p
Qualcomm -> Sdr8250
Qualcomm -> Wcd9380
Qualcomm -> Wsa8830
Qualcomm -> Pm6125
Qualcomm -> Pm8150l
Qualcomm -> Qat3555
Qualcomm -> Qca6595
Qualcomm -> Qdm5671
Qualcomm -> Qpa5580
Qualcomm -> Qpm6582
Qualcomm -> Sd460
Qualcomm -> Sdr865
Qualcomm -> Wcd9385
Qualcomm -> Wsa8835
Qualcomm -> Pm6150
Qualcomm -> Pm8250
Qualcomm -> Qat5515
Qualcomm -> Qca6595au
Qualcomm -> Qdm5677
Qualcomm -> Qpa5581
Qualcomm -> Qpm6585
Qualcomm -> Sd662
Qualcomm -> Sdx55
Qualcomm -> Wcn3610
Qualcomm -> Wtr2965
Qualcomm -> Pm6150a
Qualcomm -> Pmi632
Qualcomm -> Qat5516
Qualcomm -> Qca6696
Qualcomm -> Qdm5679
Qualcomm -> Qpa6560
Qualcomm -> Qpm8820
Qualcomm -> Sd665
Qualcomm -> Sdx55m
Qualcomm -> Wcn3620
Qualcomm -> Wtr3925
Qualcomm -> Pm6150l
Qualcomm -> Pmk8002
Qualcomm -> Qat5522
Qualcomm -> Qcm4290
Qualcomm -> Qet4101
Qualcomm -> Qpa8673
Qualcomm -> Qpm8830
Qualcomm -> Sd675
Qualcomm -> Sdxr25g
Qualcomm -> Wcn3660b
Qualcomm -> Pm6350
Qualcomm -> Pmk8003
Qualcomm -> Qat5533
Qualcomm -> Qcs4290
Qualcomm -> Qet5100
Qualcomm -> Qpa8686
Qualcomm -> Qpm8870
Qualcomm -> Sd6905g
Qualcomm -> Sm7250p
Qualcomm -> Wcn3950
Qualcomm -> Pm640a
Qualcomm -> Pmm8195au
Qualcomm -> Qbt1500
Qualcomm -> Qdm2301
Qualcomm -> Qet6100
Qualcomm -> Qpa8801
Qualcomm -> Qpm8895
Qualcomm -> Sd750g
Qualcomm -> Smb1354
Qualcomm -> Wcn3980
Qualcomm -> Pm640l
Qualcomm -> Pmm855au
Qualcomm -> Qbt2000
Qualcomm -> Qdm2305
Qualcomm -> Qet6110
Qualcomm -> Qpa8802

References:

https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

Vulnerability CVE-2020-11151

Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CWE-416

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

6.9/10

10/10

3.4/10

Local

Medium

No required

Complete

Complete

Complete

Affected software

References: