Vulnerability CVE-2020-11216

Vulnerability CVE-2020-11216

Published: 2021-01-21

Description:

Buffer over read can happen in video driver when playing clip with atomsize having value UINT32_MAX in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Type:

CWE-190

(Integer Overflow or Wraparound)

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
7.5/10	6.4/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

Affected software
Qualcomm -> Mdm9650
Qualcomm -> Sd750g
Qualcomm -> Pm6250
Qualcomm -> Sdr052
Qualcomm -> Pm8004
Qualcomm -> Sdx55m
Qualcomm -> Pm855l
Qualcomm -> Smb1381
Qualcomm -> Pmi8996
Qualcomm -> Wcd9370
Qualcomm -> Pmx20
Qualcomm -> Wcn3998
Qualcomm -> Qbt2000
Qualcomm -> Wtr4905
Qualcomm -> Qca6564au
Qualcomm -> Qcs610
Qualcomm -> Qdm5670
Qualcomm -> Qfe4302
Qualcomm -> Qln4640
Qualcomm -> Qpa8673
Qualcomm -> Qpm5670
Qualcomm -> Qsw8574
Qualcomm -> Sd205
Qualcomm -> Sd210
Qualcomm -> Msm8909w
Qualcomm -> Sd765
Qualcomm -> Pm6350
Qualcomm -> Sdr425
Qualcomm -> Pm8005
Qualcomm -> Sdxr1
Qualcomm -> Pm855p
Qualcomm -> Smb1390
Qualcomm -> Pmi8998
Qualcomm -> Wcd9371
Qualcomm -> Pmx50
Qualcomm -> Wcn6740
Qualcomm -> Qca4020
Qualcomm -> Wtr5975
Qualcomm -> Qca6574
Qualcomm -> Qdm2301
Qualcomm -> Qdm5671
Qualcomm -> Qfe4303
Qualcomm -> Qln4642
Qualcomm -> Qpa8675
Qualcomm -> Qpm5677
Qualcomm -> Qtc410s
Qualcomm -> Apq8009
Qualcomm -> Sd429
Qualcomm -> Msm8917
Qualcomm -> Sd765g
Qualcomm -> Pm640a
Qualcomm -> Sdr660
Qualcomm -> Pm8008
Qualcomm -> Sdxr25g
Qualcomm -> Pm8909
Qualcomm -> Smb1394
Qualcomm -> Pmk7350
Qualcomm -> Wcd9375
Qualcomm -> Pmx55
Qualcomm -> Wcn6750
Qualcomm -> Qca6174a
Qualcomm -> Qca6574a
Qualcomm -> Qdm2302
Qualcomm -> Qdm5677
Qualcomm -> Qfe4305
Qualcomm -> Qln4650
Qualcomm -> Qpa8686
Qualcomm -> Qpm5679
Qualcomm -> Qtc800h
Qualcomm -> Apq8009w
Qualcomm -> Sd439
Qualcomm -> Msm8920
Qualcomm -> Sd768g
Qualcomm -> Pm640l
Qualcomm -> Sdr660g
Qualcomm -> Pm8009
Qualcomm -> Sm4350
Qualcomm -> Pm8916
Qualcomm -> Smb1395
Qualcomm -> Pmk8001
Qualcomm -> Wcd9380
Qualcomm -> Qat3514
Qualcomm -> Wcn6850
Qualcomm -> Qca6175a
Qualcomm -> Qca6574au
Qualcomm -> Qdm2305
Qualcomm -> Qdm5679
Qualcomm -> Qfe4308
Qualcomm -> Qln5020
Qualcomm -> Qpa8801
Qualcomm -> Qpm5870
Qualcomm -> Qtc800s
Qualcomm -> Apq8017
Qualcomm -> Sd450
Qualcomm -> Msm8937
Qualcomm -> Sd820
Qualcomm -> Pm640p
Qualcomm -> Sdr675
Qualcomm -> Pm8150a
Qualcomm -> Sm6250

References:

https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

Vulnerability CVE-2020-11216

Buffer over read can happen in video driver when playing clip with atomsize having value UINT32_MAX in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CWE-190

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

7.5/10

6.4/10

10/10

Remote

Low

No required

Partial

Partial

Partial

Affected software

References: