| |
Vulnerability CVE-2020-11233
Published: 2021-06-09
Description: |
Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
Type:
CWE-367 (Time-of-check Time-of-use (TOCTOU) Race Condition)
CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
6.9/10 |
10/10 |
3.4/10 |
Exploit range |
Attack complexity |
Authentication |
Local |
Medium |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
Complete |
Complete |
Complete |
References: |
https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin
|
|
|
Copyright 2024, cxsecurity.com
|
|
|