Vulnerability CVE-2020-11200

Vulnerability CVE-2020-11200

Published: 2021-01-21

Description:

Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Type:

CWE-125

(Out-of-bounds Read)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
5/10	2.9/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	None	Partial

Affected software
Qualcomm -> Sd720g
Qualcomm -> Sdm630
Qualcomm -> Pm6150l
Qualcomm -> Sdx55m
Qualcomm -> Pm8004
Qualcomm -> Smb1395
Qualcomm -> Pm855p
Qualcomm -> Wcn3660
Qualcomm -> Pmm6155au
Qualcomm -> Wsa8815
Qualcomm -> Qat3555
Qualcomm -> Qca6420
Qualcomm -> Qca6696
Qualcomm -> Qdm2307
Qualcomm -> Qet6100
Qualcomm -> Qln1020
Qualcomm -> Qpa5373
Qualcomm -> Qpm5620
Qualcomm -> Qsw8573
Qualcomm -> Sa8155p
Qualcomm -> Sd730
Qualcomm -> Apq8053
Qualcomm -> Sdm830
Qualcomm -> Pm6250
Qualcomm -> Sdxr1
Qualcomm -> Pm8005
Qualcomm -> Smb1396
Qualcomm -> Pm8953
Qualcomm -> Wcn3660b
Qualcomm -> Pmm8155au
Qualcomm -> Wsa8830
Qualcomm -> Qat5515
Qualcomm -> Qca6421
Qualcomm -> Qca9379
Qualcomm -> Qdm2308
Qualcomm -> Qet6110
Qualcomm -> Qln1021aq
Qualcomm -> Qpa5460
Qualcomm -> Qpm5621
Qualcomm -> Qsw8574
Qualcomm -> Sa8195p
Qualcomm -> Sd750g
Qualcomm -> Apq8064au
Qualcomm -> Sdr051
Qualcomm -> Pm6350
Qualcomm -> Sdxr25g
Qualcomm -> Pm8008
Qualcomm -> Smb2351
Qualcomm -> Pm8996
Qualcomm -> Wcn3680b
Qualcomm -> Pmm8195au
Qualcomm -> Wsa8835
Qualcomm -> Qat5516
Qualcomm -> Qca6426
Qualcomm -> Qcc112
Qualcomm -> Qdm2310
Qualcomm -> Qfe2080fc
Qualcomm -> Qln1030
Qualcomm -> Qpa5580
Qualcomm -> Qpm5657
Qualcomm -> Qtc410s
Qualcomm -> Sc8180x\+sdx55
Qualcomm -> Sd450
Qualcomm -> Sd765
Qualcomm -> Apq8096au
Qualcomm -> Sdr052
Qualcomm -> Pm640a
Qualcomm -> Sm4125
Qualcomm -> Pm8009
Qualcomm -> Smr525
Qualcomm -> Pm8998
Qualcomm -> Wcn3910
Qualcomm -> Pmm855au
Qualcomm -> Wtr2955
Qualcomm -> Qat5522
Qualcomm -> Qca6430
Qualcomm -> Qcm2290
Qualcomm -> Qdm3301
Qualcomm -> Qfe2081fc
Qualcomm -> Qln1031
Qualcomm -> Qpa5581
Qualcomm -> Qpm5658
Qualcomm -> Qtc800h
Qualcomm -> Sd455
Qualcomm -> Sd765g
Qualcomm -> Aqt1000
Qualcomm -> Sdr425
Qualcomm -> Pm640l
Qualcomm -> Sm4350
Qualcomm -> Pm8019
Qualcomm -> Smr526
Qualcomm -> Pmc1000h
Qualcomm -> Wcn3950
Qualcomm -> Pmm8996au
Qualcomm -> Wtr2965
Qualcomm -> Qat5533
Qualcomm -> Qca6431
Qualcomm -> Qcm4290
Qualcomm -> Qdm5620
Qualcomm -> Qfe2082fc

References:

https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

Vulnerability CVE-2020-11200

Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

CWE-125

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

5/10

2.9/10

10/10

Remote

Low

No required

None

None

Partial

Affected software

References: