CVE-2020-11148 - OpenCVE

Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is deleted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qualcomm	Apq8017 Apq8053 Msm8917 Msm8953 Pm215 Pm3003a Pm439 Pm6125 Pm6150 Pm6150a Pm6150l Pm6350 Pm640a Pm640l Pm640p Pm660 Pm660l Pm670 Pm670l Pm7150a Pm7150l Pm7250 Pm7250b Pm7350c Pm8008 Pm8009 Pm8150a Pm8150b Pm8150c Pm8150l Pm8250 Pm8350 Pm8350b Pm8350bh Pm8350bhs Pm8350c Pm855 Pm855b Pm855l Pm8916 Pm8937 Pm8953 Pmi632 Pmi8937 Pmi8952 Pmk7350 Pmk8002 Pmk8003 Pmk8350 Pmm8195au Pmm855au Pmr525 Pmr735a Pmr735b Pmx55 Qat3514 Qat3516 Qat3518 Qat3519 Qat3522 Qat3550 Qat3555 Qat5515 Qat5516 Qat5522 Qat5533 Qat5568 Qbt1500 Qbt2000 Qca6390 Qca6391 Qca6421 Qca6426 Qca6431 Qca6436 Qca6574a Qca6574au Qca6595 Qca6595au Qca6696 Qcs605 Qdm2301 Qdm2302 Qdm2305 Qdm2307 Qdm2308 Qdm2310 Qdm3301 Qdm3302 Qdm4643 Qdm4650 Qdm5579 Qdm5620 Qdm5621 Qdm5650 Qdm5652 Qdm5670 Qdm5671 Qdm5677 Qdm5679 Qet4101 Qet5100 Qet5100m Qet6100 Qet6110 Qfe2101 Qfe2520 Qfe2550 Qfe3340 Qfe4301 Qfe4302 Qfe4303 Qfe4305 Qfe4308 Qfe4309 Qfe4320 Qfe4373fc Qfs2530 Qfs2580 Qfs2608 Qfs2630 Qln4642 Qln4650 Qln5020 Qln5030 Qln5040 Qpa2625 Qpa4360 Qpa4361 Qpa5373 Qpa5461 Qpa5580 Qpa5581 Qpa6560 Qpa8673 Qpa8686 Qpa8801 Qpa8802 Qpa8803 Qpa8821 Qpa8842 Qpm4621 Qpm4630 Qpm4640 Qpm4641 Qpm4650 Qpm5621 Qpm5641 Qpm5658 Qpm5670 Qpm5677 Qpm5679 Qpm5870 Qpm5875 Qpm6582 Qpm6585 Qpm6621 Qpm6670 Qpm8820 Qpm8830 Qpm8870 Qpm8895 Qsm7250 Qsw6310 Qsw8573 Qsw8574 Qtc410s Qtc800h Qtc801s Qtm525 Qualcomm215 Sa6155p Sa8150p Sa8155 Sa8195p Sd429 Sd439 Sd632 Sd665 Sd675 Sd6905g Sd750g Sd765 Sd765g Sd768g Sd855 Sd8655g Sd8885g Sda429w Sdm429w Sdr660 Sdr660g Sdr735 Sdr735g Sdr8250 Sdr865 Sdx55 Sdx55m Sdxr1 Sdxr25g Sm7250p Sm7350 Smb1351 Smb1355 Smb1358 Smb1360 Smb1381 Smb1390 Smb1394 Smb1395 Smb1396 Smb1398 Smr525 Smr526 Smr545 Smr546 Wcd9326 Wcd9341 Wcd9370 Wcd9375 Wcd9380 Wcd9385 Wcn3610 Wcn3615 Wcn3620 Wcn3660b Wcn3680 Wcn3680b Wcn3950 Wcn3980 Wcn3988 Wcn3990 Wcn3991 Wcn3998 Wcn6740 Wcn6850 Wcn6851 Wcn6856 Wgr7640 Wsa8810 Wsa8815 Wsa8830 Wsa8835 Wtr2955 Wtr2965 Wtr3925

Configuration 1 [-]

OR	cpe:2.3:h:qualcomm:apq8017:-:::::::*
	cpe:2.3:h:qualcomm:apq8053:-:::::::*
	cpe:2.3:h:qualcomm:msm8917:-:::::::*
	cpe:2.3:h:qualcomm:msm8953:-:::::::*
	cpe:2.3:h:qualcomm:pm215:-:::::::*
	cpe:2.3:h:qualcomm:pm3003a:-:::::::*
	cpe:2.3:h:qualcomm:pm439:-:::::::*
	cpe:2.3:h:qualcomm:pm6125:-:::::::*
	cpe:2.3:h:qualcomm:pm6150:-:::::::*
	cpe:2.3:h:qualcomm:pm6150a:-:::::::*
	cpe:2.3:h:qualcomm:pm6150l:-:::::::*
	cpe:2.3:h:qualcomm:pm6350:-:::::::*
	cpe:2.3:h:qualcomm:pm640a:-:::::::*
	cpe:2.3:h:qualcomm:pm640l:-:::::::*
	cpe:2.3:h:qualcomm:pm640p:-:::::::*
	cpe:2.3:h:qualcomm:pm660:-:::::::*
	cpe:2.3:h:qualcomm:pm660l:-:::::::*
	cpe:2.3:h:qualcomm:pm670:-:::::::*
	cpe:2.3:h:qualcomm:pm670l:-:::::::*
	cpe:2.3:h:qualcomm:pm7150a:-:::::::*
	cpe:2.3:h:qualcomm:pm7150l:-:::::::*
	cpe:2.3:h:qualcomm:pm7250:-:::::::*
	cpe:2.3:h:qualcomm:pm7250b:-:::::::*
	cpe:2.3:h:qualcomm:pm7350c:-:::::::*
	cpe:2.3:h:qualcomm:pm8008:-:::::::*
	cpe:2.3:h:qualcomm:pm8009:-:::::::*
	cpe:2.3:h:qualcomm:pm8150a:-:::::::*
	cpe:2.3:h:qualcomm:pm8150b:-:::::::*
	cpe:2.3:h:qualcomm:pm8150c:-:::::::*
	cpe:2.3:h:qualcomm:pm8150l:-:::::::*
	cpe:2.3:h:qualcomm:pm8250:-:::::::*
	cpe:2.3:h:qualcomm:pm8350:-:::::::*
	cpe:2.3:h:qualcomm:pm8350b:-:::::::*
	cpe:2.3:h:qualcomm:pm8350bh:-:::::::*
	cpe:2.3:h:qualcomm:pm8350bhs:-:::::::*
	cpe:2.3:h:qualcomm:pm8350c:-:::::::*
	cpe:2.3:h:qualcomm:pm855:-:::::::*
	cpe:2.3:h:qualcomm:pm855b:-:::::::*
	cpe:2.3:h:qualcomm:pm855l:-:::::::*
	cpe:2.3:h:qualcomm:pm8916:-:::::::*
	cpe:2.3:h:qualcomm:pm8937:-:::::::*
	cpe:2.3:h:qualcomm:pm8953:-:::::::*
	cpe:2.3:h:qualcomm:pmi632:-:::::::*
	cpe:2.3:h:qualcomm:pmi8937:-:::::::*
	cpe:2.3:h:qualcomm:pmi8952:-:::::::*
	cpe:2.3:h:qualcomm:pmk7350:-:::::::*
	cpe:2.3:h:qualcomm:pmk8002:-:::::::*
	cpe:2.3:h:qualcomm:pmk8003:-:::::::*
	cpe:2.3:h:qualcomm:pmk8350:-:::::::*
	cpe:2.3:h:qualcomm:pmm8195au:-:::::::*
	cpe:2.3:h:qualcomm:pmm855au:-:::::::*
	cpe:2.3:h:qualcomm:pmr525:-:::::::*
	cpe:2.3:h:qualcomm:pmr735a:-:::::::*
	cpe:2.3:h:qualcomm:pmr735b:-:::::::*
	cpe:2.3:h:qualcomm:pmx55:-:::::::*
	cpe:2.3:h:qualcomm:qat3514:-:::::::*
	cpe:2.3:h:qualcomm:qat3516:-:::::::*
	cpe:2.3:h:qualcomm:qat3518:-:::::::*
	cpe:2.3:h:qualcomm:qat3519:-:::::::*
	cpe:2.3:h:qualcomm:qat3522:-:::::::*
	cpe:2.3:h:qualcomm:qat3550:-:::::::*
	cpe:2.3:h:qualcomm:qat3555:-:::::::*
	cpe:2.3:h:qualcomm:qat5515:-:::::::*
	cpe:2.3:h:qualcomm:qat5516:-:::::::*
cpe:2.3:h:qualcomm:qat5522:-:::::::*
cpe:2.3:h:qualcomm:qat5533:-:::::::*
cpe:2.3:h:qualcomm:qat5568:-:::::::*
cpe:2.3:h:qualcomm:qbt1500:-:::::::*
cpe:2.3:h:qualcomm:qbt2000:-:::::::*
cpe:2.3:h:qualcomm:qca6390:-:::::::*
cpe:2.3:h:qualcomm:qca6391:-:::::::*
cpe:2.3:h:qualcomm:qca6421:-:::::::*
cpe:2.3:h:qualcomm:qca6426:-:::::::*
cpe:2.3:h:qualcomm:qca6431:-:::::::*
cpe:2.3:h:qualcomm:qca6436:-:::::::*
cpe:2.3:h:qualcomm:qca6574a:-:::::::*
cpe:2.3:h:qualcomm:qca6574au:-:::::::*
cpe:2.3:h:qualcomm:qca6595:-:::::::*
cpe:2.3:h:qualcomm:qca6595au:-:::::::*
cpe:2.3:h:qualcomm:qca6696:-:::::::*
cpe:2.3:h:qualcomm:qcs605:-:::::::*
cpe:2.3:h:qualcomm:qdm2301:-:::::::*
cpe:2.3:h:qualcomm:qdm2302:-:::::::*
cpe:2.3:h:qualcomm:qdm2305:-:::::::*
cpe:2.3:h:qualcomm:qdm2307:-:::::::*
cpe:2.3:h:qualcomm:qdm2308:-:::::::*
cpe:2.3:h:qualcomm:qdm2310:-:::::::*
cpe:2.3:h:qualcomm:qdm3301:-:::::::*
cpe:2.3:h:qualcomm:qdm3302:-:::::::*
cpe:2.3:h:qualcomm:qdm4643:-:::::::*
cpe:2.3:h:qualcomm:qdm4650:-:::::::*
cpe:2.3:h:qualcomm:qdm5579:-:::::::*
cpe:2.3:h:qualcomm:qdm5620:-:::::::*
cpe:2.3:h:qualcomm:qdm5621:-:::::::*
cpe:2.3:h:qualcomm:qdm5650:-:::::::*
cpe:2.3:h:qualcomm:qdm5652:-:::::::*
cpe:2.3:h:qualcomm:qdm5670:-:::::::*
cpe:2.3:h:qualcomm:qdm5671:-:::::::*
cpe:2.3:h:qualcomm:qdm5677:-:::::::*
cpe:2.3:h:qualcomm:qdm5679:-:::::::*
cpe:2.3:h:qualcomm:qet4101:-:::::::*
cpe:2.3:h:qualcomm:qet5100:-:::::::*
cpe:2.3:h:qualcomm:qet5100m:-:::::::*
cpe:2.3:h:qualcomm:qet6100:-:::::::*
cpe:2.3:h:qualcomm:qet6110:-:::::::*
cpe:2.3:h:qualcomm:qfe2101:-:::::::*
cpe:2.3:h:qualcomm:qfe2520:-:::::::*
cpe:2.3:h:qualcomm:qfe2550:-:::::::*
cpe:2.3:h:qualcomm:qfe3340:-:::::::*
cpe:2.3:h:qualcomm:qfe4301:-:::::::*
cpe:2.3:h:qualcomm:qfe4302:-:::::::*
cpe:2.3:h:qualcomm:qfe4303:-:::::::*
cpe:2.3:h:qualcomm:qfe4305:-:::::::*
cpe:2.3:h:qualcomm:qfe4308:-:::::::*
cpe:2.3:h:qualcomm:qfe4309:-:::::::*
cpe:2.3:h:qualcomm:qfe4320:-:::::::*
cpe:2.3:h:qualcomm:qfe4373fc:-:::::::*
cpe:2.3:h:qualcomm:qfs2530:-:::::::*
cpe:2.3:h:qualcomm:qfs2580:-:::::::*
cpe:2.3:h:qualcomm:qfs2608:-:::::::*
cpe:2.3:h:qualcomm:qfs2630:-:::::::*
cpe:2.3:h:qualcomm:qln4642:-:::::::*
cpe:2.3:h:qualcomm:qln4650:-:::::::*
cpe:2.3:h:qualcomm:qln5020:-:::::::*
cpe:2.3:h:qualcomm:qln5030:-:::::::*
cpe:2.3:h:qualcomm:qln5040:-:::::::*
cpe:2.3:h:qualcomm:qpa2625:-:::::::*
cpe:2.3:h:qualcomm:qpa4360:-:::::::*
cpe:2.3:h:qualcomm:qpa4361:-:::::::*
cpe:2.3:h:qualcomm:qpa5373:-:::::::*
cpe:2.3:h:qualcomm:qpa5461:-:::::::*
cpe:2.3:h:qualcomm:qpa5580:-:::::::*
cpe:2.3:h:qualcomm:qpa5581:-:::::::*
cpe:2.3:h:qualcomm:qpa6560:-:::::::*
cpe:2.3:h:qualcomm:qpa8673:-:::::::*
cpe:2.3:h:qualcomm:qpa8686:-:::::::*
cpe:2.3:h:qualcomm:qpa8801:-:::::::*
cpe:2.3:h:qualcomm:qpa8802:-:::::::*
cpe:2.3:h:qualcomm:qpa8803:-:::::::*
cpe:2.3:h:qualcomm:qpa8821:-:::::::*
cpe:2.3:h:qualcomm:qpa8842:-:::::::*
cpe:2.3:h:qualcomm:qpm4621:-:::::::*
cpe:2.3:h:qualcomm:qpm4630:-:::::::*
cpe:2.3:h:qualcomm:qpm4640:-:::::::*
cpe:2.3:h:qualcomm:qpm4641:-:::::::*
cpe:2.3:h:qualcomm:qpm4650:-:::::::*
cpe:2.3:h:qualcomm:qpm5621:-:::::::*
cpe:2.3:h:qualcomm:qpm5641:-:::::::*
cpe:2.3:h:qualcomm:qpm5658:-:::::::*
cpe:2.3:h:qualcomm:qpm5670:-:::::::*
cpe:2.3:h:qualcomm:qpm5677:-:::::::*
cpe:2.3:h:qualcomm:qpm5679:-:::::::*
cpe:2.3:h:qualcomm:qpm5870:-:::::::*
cpe:2.3:h:qualcomm:qpm5875:-:::::::*
cpe:2.3:h:qualcomm:qpm6582:-:::::::*
cpe:2.3:h:qualcomm:qpm6585:-:::::::*
cpe:2.3:h:qualcomm:qpm6621:-:::::::*
cpe:2.3:h:qualcomm:qpm6670:-:::::::*
cpe:2.3:h:qualcomm:qpm8820:-:::::::*
cpe:2.3:h:qualcomm:qpm8830:-:::::::*
cpe:2.3:h:qualcomm:qpm8870:-:::::::*
cpe:2.3:h:qualcomm:qpm8895:-:::::::*
cpe:2.3:h:qualcomm:qsm7250:-:::::::*
cpe:2.3:h:qualcomm:qsw6310:-:::::::*
cpe:2.3:h:qualcomm:qsw8573:-:::::::*
cpe:2.3:h:qualcomm:qsw8574:-:::::::*
cpe:2.3:h:qualcomm:qtc410s:-:::::::*
cpe:2.3:h:qualcomm:qtc800h:-:::::::*
cpe:2.3:h:qualcomm:qtc801s:-:::::::*
cpe:2.3:h:qualcomm:qtm525:-:::::::*
cpe:2.3:h:qualcomm:qualcomm215:-:::::::*
cpe:2.3:h:qualcomm:sa6155p:-:::::::*
cpe:2.3:h:qualcomm:sa8150p:-:::::::*
cpe:2.3:h:qualcomm:sa8155:-:::::::*
cpe:2.3:h:qualcomm:sa8195p:-:::::::*
cpe:2.3:h:qualcomm:sd429:-:::::::*
cpe:2.3:h:qualcomm:sd439:-:::::::*
cpe:2.3:h:qualcomm:sd632:-:::::::*
cpe:2.3:h:qualcomm:sd665:-:::::::*
cpe:2.3:h:qualcomm:sd675:-:::::::*
cpe:2.3:h:qualcomm:sd6905g:-:::::::*
cpe:2.3:h:qualcomm:sd750g:-:::::::*
cpe:2.3:h:qualcomm:sd765:-:::::::*
cpe:2.3:h:qualcomm:sd765g:-:::::::*
cpe:2.3:h:qualcomm:sd768g:-:::::::*
cpe:2.3:h:qualcomm:sd855:-:::::::*
cpe:2.3:h:qualcomm:sd8655g:-:::::::*
cpe:2.3:h:qualcomm:sd8885g:-:::::::*
cpe:2.3:h:qualcomm:sda429w:-:::::::*
cpe:2.3:h:qualcomm:sdm429w:-:::::::*
cpe:2.3:h:qualcomm:sdr660:-:::::::*
cpe:2.3:h:qualcomm:sdr660g:-:::::::*
cpe:2.3:h:qualcomm:sdr735:-:::::::*
cpe:2.3:h:qualcomm:sdr735g:-:::::::*
cpe:2.3:h:qualcomm:sdr8250:-:::::::*
cpe:2.3:h:qualcomm:sdr865:-:::::::*
cpe:2.3:h:qualcomm:sdx55:-:::::::*
cpe:2.3:h:qualcomm:sdx55m:-:::::::*
cpe:2.3:h:qualcomm:sdxr1:-:::::::*
cpe:2.3:h:qualcomm:sdxr25g:-:::::::*
cpe:2.3:h:qualcomm:sm7250p:-:::::::*
cpe:2.3:h:qualcomm:sm7350:-:::::::*
cpe:2.3:h:qualcomm:smb1351:-:::::::*
cpe:2.3:h:qualcomm:smb1355:-:::::::*
cpe:2.3:h:qualcomm:smb1358:-:::::::*
cpe:2.3:h:qualcomm:smb1360:-:::::::*
cpe:2.3:h:qualcomm:smb1381:-:::::::*
cpe:2.3:h:qualcomm:smb1390:-:::::::*
cpe:2.3:h:qualcomm:smb1394:-:::::::*
cpe:2.3:h:qualcomm:smb1395:-:::::::*
cpe:2.3:h:qualcomm:smb1396:-:::::::*
cpe:2.3:h:qualcomm:smb1398:-:::::::*
cpe:2.3:h:qualcomm:smr525:-:::::::*
cpe:2.3:h:qualcomm:smr526:-:::::::*
cpe:2.3:h:qualcomm:smr545:-:::::::*
cpe:2.3:h:qualcomm:smr546:-:::::::*
cpe:2.3:h:qualcomm:wcd9326:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcd9370:-:::::::*
cpe:2.3:h:qualcomm:wcd9375:-:::::::*
cpe:2.3:h:qualcomm:wcd9380:-:::::::*
cpe:2.3:h:qualcomm:wcd9385:-:::::::*
cpe:2.3:h:qualcomm:wcn3610:-:::::::*
cpe:2.3:h:qualcomm:wcn3615:-:::::::*
cpe:2.3:h:qualcomm:wcn3620:-:::::::*
cpe:2.3:h:qualcomm:wcn3660b:-:::::::*
cpe:2.3:h:qualcomm:wcn3680:-:::::::*
cpe:2.3:h:qualcomm:wcn3680b:-:::::::*
cpe:2.3:h:qualcomm:wcn3950:-:::::::*
cpe:2.3:h:qualcomm:wcn3980:-:::::::*
cpe:2.3:h:qualcomm:wcn3988:-:::::::*
cpe:2.3:h:qualcomm:wcn3990:-:::::::*
cpe:2.3:h:qualcomm:wcn3991:-:::::::*
cpe:2.3:h:qualcomm:wcn3998:-:::::::*
cpe:2.3:h:qualcomm:wcn6740:-:::::::*
cpe:2.3:h:qualcomm:wcn6850:-:::::::*
cpe:2.3:h:qualcomm:wcn6851:-:::::::*
cpe:2.3:h:qualcomm:wcn6856:-:::::::*
cpe:2.3:h:qualcomm:wgr7640:-:::::::*
cpe:2.3:h:qualcomm:wsa8810:-:::::::*
cpe:2.3:h:qualcomm:wsa8815:-:::::::*
cpe:2.3:h:qualcomm:wsa8830:-:::::::*
cpe:2.3:h:qualcomm:wsa8835:-:::::::*
cpe:2.3:h:qualcomm:wtr2955:-:::::::*
cpe:2.3:h:qualcomm:wtr2965:-:::::::*
cpe:2.3:h:qualcomm:wtr3925:-:::::::*

No data.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

History

No history.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2021-01-21T09:41:16

Updated: 2024-08-04T11:28:12.539Z

Reserved: 2020-03-31T00:00:00

Link: CVE-2020-11148

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-01-21T10:15:13.683

Modified: 2021-01-29T19:18:54.403

Link: CVE-2020-11148

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object