Vulnerability CVE-2020-11180

Vulnerability CVE-2020-11180

Published: 2021-01-21

Description:

Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.2/10	10/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Qualcomm -> Pm8250
Qualcomm -> Qat3516
Qualcomm -> Qca6436
Qualcomm -> Qdm5679
Qualcomm -> Qpa8801
Qualcomm -> Qpm8830
Qualcomm -> Sd730
Qualcomm -> Sdx55
Qualcomm -> Wcd9380
Qualcomm -> Pm855
Qualcomm -> Qat3518
Qualcomm -> Qca6574
Qualcomm -> Qet4101
Qualcomm -> Qpa8802
Qualcomm -> Qpm8895
Qualcomm -> Sd765
Qualcomm -> Sdx55m
Qualcomm -> Wcd9385
Qualcomm -> Aqt1000
Qualcomm -> Pm855b
Qualcomm -> Qat3519
Qualcomm -> Qca6574a
Qualcomm -> Qet5100
Qualcomm -> Qpa8803
Qualcomm -> Qsm7250
Qualcomm -> Sd765g
Qualcomm -> Sdxr25g
Qualcomm -> Wcn3910
Qualcomm -> Pm3003a
Qualcomm -> Pm855l
Qualcomm -> Qat3555
Qualcomm -> Qca6574au
Qualcomm -> Qet6110
Qualcomm -> Qpa8821
Qualcomm -> Qsm8250
Qualcomm -> Sd768g
Qualcomm -> Sm7250p
Qualcomm -> Wcn3980
Qualcomm -> Pm6150
Qualcomm -> Pm855p
Qualcomm -> Qat5515
Qualcomm -> Qca6595au
Qualcomm -> Qfs2530
Qualcomm -> Qpa8842
Qualcomm -> Qtc800h
Qualcomm -> Sd855
Qualcomm -> Smb1355
Qualcomm -> Wcn3988
Qualcomm -> Pm7150a
Qualcomm -> Pmc1000h
Qualcomm -> Qat5522
Qualcomm -> Qca6696
Qualcomm -> Qfs2580
Qualcomm -> Qpm4650
Qualcomm -> Qtc801s
Qualcomm -> Sd8655g
Qualcomm -> Smb1381
Qualcomm -> Wcn3990
Qualcomm -> Pm7150l
Qualcomm -> Pmk8002
Qualcomm -> Qat5533
Qualcomm -> Qdm2301
Qualcomm -> Qln4642
Qualcomm -> Qpm5620
Qualcomm -> Qtm525
Qualcomm -> SD8C
Qualcomm -> Smb1390
Qualcomm -> Wcn3991
Qualcomm -> Pm7250
Qualcomm -> Pmk8003
Qualcomm -> Qbt1500
Qualcomm -> Qdm2305
Qualcomm -> Qln4650
Qualcomm -> Qpm5621
Qualcomm -> Sa6145p
Qualcomm -> Sd8cx
Qualcomm -> Smb1395
Qualcomm -> Wcn3998
Qualcomm -> Pm7250b
Qualcomm -> Pmm6155au
Qualcomm -> Qbt2000
Qualcomm -> Qdm3301
Qualcomm -> Qln5020
Qualcomm -> Qpm5657
Qualcomm -> Sa6150p
Qualcomm -> Sdr051
Qualcomm -> Smb2351
Qualcomm -> Wcn6750
Qualcomm -> Pm8004
Qualcomm -> Pmm8155au
Qualcomm -> Qca6390
Qualcomm -> Qdm5620
Qualcomm -> Qln5030
Qualcomm -> Qpm5658
Qualcomm -> Sa6155
Qualcomm -> Sdr052
Qualcomm -> Smr525
Qualcomm -> Wcn6850
Qualcomm -> Pm8008
Qualcomm -> Pmm8195au

References:

https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

Vulnerability CVE-2020-11180

Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

CWE-119

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

7.2/10

10/10

3.9/10

Local

Low

No required

Complete

Complete

Complete

Affected software

References: