Vulnerability CVE-2020-11254

Vulnerability CVE-2020-11254

Published: 2021-05-07

Description:

Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Type:

CWE-476

(NULL Pointer Dereference)

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score	Impact Subscore	Exploitability Subscore
2.1/10	2.9/10	3.9/10

Exploit range	Attack complexity	Authentication
Local	Low	No required
Confidentiality impact	Integrity impact	Availability impact
None	None	Partial

Affected software
Qualcomm -> Pmm8155au
Qualcomm -> Qdm4643
Qualcomm -> Qln4650
Qualcomm -> Qpm4641
Qualcomm -> Qtc801s
Qualcomm -> Sdr735g
Qualcomm -> Wcn3980
Qualcomm -> Pmm8195au
Qualcomm -> Qdm4650
Qualcomm -> Qln5020
Qualcomm -> Qpm4650
Qualcomm -> Qtm525
Qualcomm -> Sdr865
Qualcomm -> Wcn3988
Qualcomm -> Pm6150a
Qualcomm -> Pmr735a
Qualcomm -> Qdm5620
Qualcomm -> Qln5030
Qualcomm -> Qpm5621
Qualcomm -> Sa6145p
Qualcomm -> Sdxr1
Qualcomm -> Wcn3990
Qualcomm -> Pm6150l
Qualcomm -> Pmr735b
Qualcomm -> Qdm5621
Qualcomm -> Qln5040
Qualcomm -> Qpm5641
Qualcomm -> Sa6150p
Qualcomm -> Smb1351
Qualcomm -> Wcn3991
Qualcomm -> Pm6350
Qualcomm -> Qat3516
Qualcomm -> Qdm5670
Qualcomm -> Qpa2625
Qualcomm -> Qpm5670
Qualcomm -> Sa6155p
Qualcomm -> Smb1355
Qualcomm -> Wcn6850
Qualcomm -> Pm660
Qualcomm -> Qat3518
Qualcomm -> Qdm5671
Qualcomm -> Qpa5461
Qualcomm -> Qpm5677
Qualcomm -> Sa8150p
Qualcomm -> Smb1396
Qualcomm -> Wcn6851
Qualcomm -> Pm660l
Qualcomm -> Qat3519
Qualcomm -> Qet5100
Qualcomm -> Qpa5580
Qualcomm -> Qpm5679
Qualcomm -> Sa8155p
Qualcomm -> Smb1398
Qualcomm -> Wcn6855
Qualcomm -> Pm7250b
Qualcomm -> Qat3555
Qualcomm -> Qet5100m
Qualcomm -> Qpa5581
Qualcomm -> Qpm5870
Qualcomm -> Sa8195p
Qualcomm -> Smr526
Qualcomm -> Wcn6856
Qualcomm -> Pm8008
Qualcomm -> Qat5515
Qualcomm -> Qet6100
Qualcomm -> Qpa8801
Qualcomm -> Qpm5875
Qualcomm -> Sd480
Qualcomm -> Smr545
Qualcomm -> Wsa8830
Qualcomm -> Pm8009
Qualcomm -> Qat5516
Qualcomm -> Qet6105
Qualcomm -> Qpa8802
Qualcomm -> Qpm6585
Qualcomm -> Sd670
Qualcomm -> Smr546
Qualcomm -> Wsa8835
Qualcomm -> Pm8350
Qualcomm -> Qat5522
Qualcomm -> Qet6110
Qualcomm -> Qpa8803
Qualcomm -> Qpm6621
Qualcomm -> Sd710
Qualcomm -> Wcd9326
Qualcomm -> Pm8350b
Qualcomm -> Qat5568
Qualcomm -> Qfs2530
Qualcomm -> Qpa8821
Qualcomm -> Qpm6670
Qualcomm -> Sd888
Qualcomm -> Wcd9341
Qualcomm -> Pm8350bh
Qualcomm -> Qbt1500
Qualcomm -> Qfs2580
Qualcomm -> Qpa8842
Qualcomm -> Qpm8820
Qualcomm -> Sd888 5g
Qualcomm -> Wcd9370
Qualcomm -> Pm8350c

References:

https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin

Vulnerability CVE-2020-11254

Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

CWE-476

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:N/A:P)

2.1/10

2.9/10

3.9/10

Local

Low

No required

None

None

Partial

Affected software

References: