CVE-2020-11151 - Vulnerability Details

Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00031.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

affected

Version	Status	Constraints
PM3003A, PM6125, PM6150, PM6150A, PM6150L, PM6350, PM640A, PM640L, PM640P, PM7150A, PM7150L, PM7250, PM7250B, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PMI632, PMK8002, PMK8003, PMM8195AU, PMM855AU, PMR525, PMR735A, PMR735B, PMX55, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QBT1500, QBT2000, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCM4290, QCS4290, QDM2301, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4101, QET5100, QET6100, QET6110, QFS2530, QFS2580, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4360, QPA5580, QPA5581, QPA6560, QPA8673, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4650, QPM5621, QPM5658, QPM5670, QPM5677, QPM5679, QPM6582, QPM6585, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW8574, QTC410S, QTC800H, QTC801S, QTM525, SA6155P, SA8150P, SA815 ...[truncated*]	affected	—

Configuration 1 [-]

OR	cpe:2.3:h:qualcomm:pm3003a:-:::::::*
	cpe:2.3:h:qualcomm:pm6125:-:::::::*
	cpe:2.3:h:qualcomm:pm6150:-:::::::*
	cpe:2.3:h:qualcomm:pm6150a:-:::::::*
	cpe:2.3:h:qualcomm:pm6150l:-:::::::*
	cpe:2.3:h:qualcomm:pm6350:-:::::::*
	cpe:2.3:h:qualcomm:pm640a:-:::::::*
	cpe:2.3:h:qualcomm:pm640l:-:::::::*
	cpe:2.3:h:qualcomm:pm640p:-:::::::*
	cpe:2.3:h:qualcomm:pm7150a:-:::::::*
	cpe:2.3:h:qualcomm:pm7150l:-:::::::*
	cpe:2.3:h:qualcomm:pm7250:-:::::::*
	cpe:2.3:h:qualcomm:pm7250b:-:::::::*
	cpe:2.3:h:qualcomm:pm8008:-:::::::*
	cpe:2.3:h:qualcomm:pm8009:-:::::::*
	cpe:2.3:h:qualcomm:pm8150a:-:::::::*
	cpe:2.3:h:qualcomm:pm8150b:-:::::::*
	cpe:2.3:h:qualcomm:pm8150c:-:::::::*
	cpe:2.3:h:qualcomm:pm8150l:-:::::::*
	cpe:2.3:h:qualcomm:pm8250:-:::::::*
	cpe:2.3:h:qualcomm:pmi632:-:::::::*
	cpe:2.3:h:qualcomm:pmk8002:-:::::::*
	cpe:2.3:h:qualcomm:pmk8003:-:::::::*
	cpe:2.3:h:qualcomm:pmm8195au:-:::::::*
	cpe:2.3:h:qualcomm:pmm855au:-:::::::*
	cpe:2.3:h:qualcomm:pmr525:-:::::::*
	cpe:2.3:h:qualcomm:pmr735a:-:::::::*
	cpe:2.3:h:qualcomm:pmr735b:-:::::::*
	cpe:2.3:h:qualcomm:pmx55:-:::::::*
	cpe:2.3:h:qualcomm:qat3516:-:::::::*
	cpe:2.3:h:qualcomm:qat3518:-:::::::*
	cpe:2.3:h:qualcomm:qat3519:-:::::::*
	cpe:2.3:h:qualcomm:qat3522:-:::::::*
	cpe:2.3:h:qualcomm:qat3550:-:::::::*
	cpe:2.3:h:qualcomm:qat3555:-:::::::*
	cpe:2.3:h:qualcomm:qat5515:-:::::::*
	cpe:2.3:h:qualcomm:qat5516:-:::::::*
	cpe:2.3:h:qualcomm:qat5522:-:::::::*
	cpe:2.3:h:qualcomm:qat5533:-:::::::*
	cpe:2.3:h:qualcomm:qbt1500:-:::::::*
	cpe:2.3:h:qualcomm:qbt2000:-:::::::*
	cpe:2.3:h:qualcomm:qca6390:-:::::::*
	cpe:2.3:h:qualcomm:qca6391:-:::::::*
	cpe:2.3:h:qualcomm:qca6421:-:::::::*
	cpe:2.3:h:qualcomm:qca6426:-:::::::*
	cpe:2.3:h:qualcomm:qca6431:-:::::::*
	cpe:2.3:h:qualcomm:qca6436:-:::::::*
	cpe:2.3:h:qualcomm:qca6574a:-:::::::*
	cpe:2.3:h:qualcomm:qca6574au:-:::::::*
	cpe:2.3:h:qualcomm:qca6584au:-:::::::*
	cpe:2.3:h:qualcomm:qca6595:-:::::::*
	cpe:2.3:h:qualcomm:qca6595au:-:::::::*
	cpe:2.3:h:qualcomm:qca6696:-:::::::*
	cpe:2.3:h:qualcomm:qcm4290:-:::::::*
	cpe:2.3:h:qualcomm:qcs4290:-:::::::*
	cpe:2.3:h:qualcomm:qdm2301:-:::::::*
	cpe:2.3:h:qualcomm:qdm2305:-:::::::*
	cpe:2.3:h:qualcomm:qdm2307:-:::::::*
	cpe:2.3:h:qualcomm:qdm2308:-:::::::*
	cpe:2.3:h:qualcomm:qdm2310:-:::::::*
	cpe:2.3:h:qualcomm:qdm3301:-:::::::*
	cpe:2.3:h:qualcomm:qdm5620:-:::::::*
	cpe:2.3:h:qualcomm:qdm5621:-:::::::*
	cpe:2.3:h:qualcomm:qdm5650:-:::::::*
cpe:2.3:h:qualcomm:qdm5652:-:::::::*
cpe:2.3:h:qualcomm:qdm5670:-:::::::*
cpe:2.3:h:qualcomm:qdm5671:-:::::::*
cpe:2.3:h:qualcomm:qdm5677:-:::::::*
cpe:2.3:h:qualcomm:qdm5679:-:::::::*
cpe:2.3:h:qualcomm:qet4101:-:::::::*
cpe:2.3:h:qualcomm:qet5100:-:::::::*
cpe:2.3:h:qualcomm:qet6100:-:::::::*
cpe:2.3:h:qualcomm:qet6110:-:::::::*
cpe:2.3:h:qualcomm:qfs2530:-:::::::*
cpe:2.3:h:qualcomm:qfs2580:-:::::::*
cpe:2.3:h:qualcomm:qln4642:-:::::::*
cpe:2.3:h:qualcomm:qln4650:-:::::::*
cpe:2.3:h:qualcomm:qln5020:-:::::::*
cpe:2.3:h:qualcomm:qln5030:-:::::::*
cpe:2.3:h:qualcomm:qln5040:-:::::::*
cpe:2.3:h:qualcomm:qpa2625:-:::::::*
cpe:2.3:h:qualcomm:qpa4360:-:::::::*
cpe:2.3:h:qualcomm:qpa5580:-:::::::*
cpe:2.3:h:qualcomm:qpa5581:-:::::::*
cpe:2.3:h:qualcomm:qpa6560:-:::::::*
cpe:2.3:h:qualcomm:qpa8673:-:::::::*
cpe:2.3:h:qualcomm:qpa8686:-:::::::*
cpe:2.3:h:qualcomm:qpa8801:-:::::::*
cpe:2.3:h:qualcomm:qpa8802:-:::::::*
cpe:2.3:h:qualcomm:qpa8803:-:::::::*
cpe:2.3:h:qualcomm:qpa8821:-:::::::*
cpe:2.3:h:qualcomm:qpa8842:-:::::::*
cpe:2.3:h:qualcomm:qpm4650:-:::::::*
cpe:2.3:h:qualcomm:qpm5621:-:::::::*
cpe:2.3:h:qualcomm:qpm5658:-:::::::*
cpe:2.3:h:qualcomm:qpm5670:-:::::::*
cpe:2.3:h:qualcomm:qpm5677:-:::::::*
cpe:2.3:h:qualcomm:qpm5679:-:::::::*
cpe:2.3:h:qualcomm:qpm6582:-:::::::*
cpe:2.3:h:qualcomm:qpm6585:-:::::::*
cpe:2.3:h:qualcomm:qpm8820:-:::::::*
cpe:2.3:h:qualcomm:qpm8830:-:::::::*
cpe:2.3:h:qualcomm:qpm8870:-:::::::*
cpe:2.3:h:qualcomm:qpm8895:-:::::::*
cpe:2.3:h:qualcomm:qsm7250:-:::::::*
cpe:2.3:h:qualcomm:qsw8574:-:::::::*
cpe:2.3:h:qualcomm:qtc410s:-:::::::*
cpe:2.3:h:qualcomm:qtc800h:-:::::::*
cpe:2.3:h:qualcomm:qtc801s:-:::::::*
cpe:2.3:h:qualcomm:qtm525:-:::::::*
cpe:2.3:h:qualcomm:sa6155p:-:::::::*
cpe:2.3:h:qualcomm:sa8150p:-:::::::*
cpe:2.3:h:qualcomm:sa8155:-:::::::*
cpe:2.3:h:qualcomm:sa8195p:-:::::::*
cpe:2.3:h:qualcomm:sd460:-:::::::*
cpe:2.3:h:qualcomm:sd662:-:::::::*
cpe:2.3:h:qualcomm:sd665:-:::::::*
cpe:2.3:h:qualcomm:sd675:-:::::::*
cpe:2.3:h:qualcomm:sd6905g:-:::::::*
cpe:2.3:h:qualcomm:sd750g:-:::::::*
cpe:2.3:h:qualcomm:sd765:-:::::::*
cpe:2.3:h:qualcomm:sd765g:-:::::::*
cpe:2.3:h:qualcomm:sd768g:-:::::::*
cpe:2.3:h:qualcomm:sd8655g:-:::::::*
cpe:2.3:h:qualcomm:sda429w:-:::::::*
cpe:2.3:h:qualcomm:sdr425:-:::::::*
cpe:2.3:h:qualcomm:sdr660:-:::::::*
cpe:2.3:h:qualcomm:sdr660g:-:::::::*
cpe:2.3:h:qualcomm:sdr735:-:::::::*
cpe:2.3:h:qualcomm:sdr8250:-:::::::*
cpe:2.3:h:qualcomm:sdr865:-:::::::*
cpe:2.3:h:qualcomm:sdx55:-:::::::*
cpe:2.3:h:qualcomm:sdx55m:-:::::::*
cpe:2.3:h:qualcomm:sdxr25g:-:::::::*
cpe:2.3:h:qualcomm:sm7250p:-:::::::*
cpe:2.3:h:qualcomm:smb1354:-:::::::*
cpe:2.3:h:qualcomm:smb1355:-:::::::*
cpe:2.3:h:qualcomm:smb1390:-:::::::*
cpe:2.3:h:qualcomm:smb1395:-:::::::*
cpe:2.3:h:qualcomm:smb1396:-:::::::*
cpe:2.3:h:qualcomm:smr525:-:::::::*
cpe:2.3:h:qualcomm:smr526:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcd9370:-:::::::*
cpe:2.3:h:qualcomm:wcd9375:-:::::::*
cpe:2.3:h:qualcomm:wcd9380:-:::::::*
cpe:2.3:h:qualcomm:wcd9385:-:::::::*
cpe:2.3:h:qualcomm:wcn3610:-:::::::*
cpe:2.3:h:qualcomm:wcn3620:-:::::::*
cpe:2.3:h:qualcomm:wcn3660b:-:::::::*
cpe:2.3:h:qualcomm:wcn3950:-:::::::*
cpe:2.3:h:qualcomm:wcn3980:-:::::::*
cpe:2.3:h:qualcomm:wcn3988:-:::::::*
cpe:2.3:h:qualcomm:wcn3991:-:::::::*
cpe:2.3:h:qualcomm:wcn3998:-:::::::*
cpe:2.3:h:qualcomm:wcn6750:-:::::::*
cpe:2.3:h:qualcomm:wcn6850:-:::::::*
cpe:2.3:h:qualcomm:wcn6851:-:::::::*
cpe:2.3:h:qualcomm:wgr7640:-:::::::*
cpe:2.3:h:qualcomm:wsa8810:-:::::::*
cpe:2.3:h:qualcomm:wsa8815:-:::::::*
cpe:2.3:h:qualcomm:wsa8830:-:::::::*
cpe:2.3:h:qualcomm:wsa8835:-:::::::*
cpe:2.3:h:qualcomm:wtr2965:-:::::::*
cpe:2.3:h:qualcomm:wtr3925:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Qualcomm Subscribe	Pm3003a Subscribe Pm6125 Subscribe Pm6150 Subscribe Pm6150a Subscribe Pm6150l Subscribe Pm6350 Subscribe Pm640a Subscribe Pm640l Subscribe Pm640p Subscribe Pm7150a Subscribe Pm7150l Subscribe Pm7250 Subscribe Pm7250b Subscribe Pm8008 Subscribe Pm8009 Subscribe Pm8150a Subscribe Pm8150b Subscribe Pm8150c Subscribe Pm8150l Subscribe Pm8250 Subscribe Pmi632 Subscribe Pmk8002 Subscribe Pmk8003 Subscribe Pmm8195au Subscribe Pmm855au Subscribe Pmr525 Subscribe Pmr735a Subscribe Pmr735b Subscribe Pmx55 Subscribe Qat3516 Subscribe Qat3518 Subscribe Qat3519 Subscribe Qat3522 Subscribe Qat3550 Subscribe Qat3555 Subscribe Qat5515 Subscribe Qat5516 Subscribe Qat5522 Subscribe Qat5533 Subscribe Qbt1500 Subscribe Qbt2000 Subscribe Qca6390 Subscribe Qca6391 Subscribe Qca6421 Subscribe Qca6426 Subscribe Qca6431 Subscribe Qca6436 Subscribe Qca6574a Subscribe Qca6574au Subscribe Qca6584au Subscribe Qca6595 Subscribe Qca6595au Subscribe Qca6696 Subscribe Qcm4290 Subscribe Qcs4290 Subscribe Qdm2301 Subscribe Qdm2305 Subscribe Qdm2307 Subscribe Qdm2308 Subscribe Qdm2310 Subscribe Qdm3301 Subscribe Qdm5620 Subscribe Qdm5621 Subscribe Qdm5650 Subscribe Qdm5652 Subscribe Qdm5670 Subscribe Qdm5671 Subscribe Qdm5677 Subscribe Qdm5679 Subscribe Qet4101 Subscribe Qet5100 Subscribe Qet6100 Subscribe Qet6110 Subscribe Qfs2530 Subscribe Qfs2580 Subscribe Qln4642 Subscribe Qln4650 Subscribe Qln5020 Subscribe Qln5030 Subscribe Qln5040 Subscribe Qpa2625 Subscribe Qpa4360 Subscribe Qpa5580 Subscribe Qpa5581 Subscribe Qpa6560 Subscribe Qpa8673 Subscribe Qpa8686 Subscribe Qpa8801 Subscribe Qpa8802 Subscribe Qpa8803 Subscribe Qpa8821 Subscribe Qpa8842 Subscribe Qpm4650 Subscribe Qpm5621 Subscribe Qpm5658 Subscribe Qpm5670 Subscribe Qpm5677 Subscribe Qpm5679 Subscribe Qpm6582 Subscribe Qpm6585 Subscribe Qpm8820 Subscribe Qpm8830 Subscribe Qpm8870 Subscribe Qpm8895 Subscribe Qsm7250 Subscribe Qsw8574 Subscribe Qtc410s Subscribe Qtc800h Subscribe Qtc801s Subscribe Qtm525 Subscribe Sa6155p Subscribe Sa8150p Subscribe Sa8155 Subscribe Sa8195p Subscribe Sd460 Subscribe Sd662 Subscribe Sd665 Subscribe Sd675 Subscribe Sd6905g Subscribe Sd750g Subscribe Sd765 Subscribe Sd765g Subscribe Sd768g Subscribe Sd8655g Subscribe Sda429w Subscribe Sdr425 Subscribe Sdr660 Subscribe Sdr660g Subscribe Sdr735 Subscribe Sdr8250 Subscribe Sdr865 Subscribe Sdx55 Subscribe Sdx55m Subscribe Sdxr25g Subscribe Sm7250p Subscribe Smb1354 Subscribe Smb1355 Subscribe Smb1390 Subscribe Smb1395 Subscribe Smb1396 Subscribe Smr525 Subscribe Smr526 Subscribe Wcd9341 Subscribe Wcd9370 Subscribe Wcd9375 Subscribe Wcd9380 Subscribe Wcd9385 Subscribe Wcn3610 Subscribe Wcn3620 Subscribe Wcn3660b Subscribe Wcn3950 Subscribe Wcn3980 Subscribe Wcn3988 Subscribe Wcn3991 Subscribe Wcn3998 Subscribe Wcn6750 Subscribe Wcn6850 Subscribe Wcn6851 Subscribe Wgr7640 Subscribe Wsa8810 Subscribe Wsa8815 Subscribe Wsa8830 Subscribe Wsa8835 Subscribe Wtr2965 Subscribe Wtr3925 Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2020-3505	Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2021-01-21T09:41:18

Updated: 2024-08-04T11:28:13.138Z

Reserved: 2020-03-31T00:00:00

Link: CVE-2020-11151

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-01-21T10:15:13.870

Modified: 2024-11-21T04:56:56.710

Link: CVE-2020-11151

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object