CVE-2020-11180 - Vulnerability Details

Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

affected

Version	Status	Constraints
AQT1000, PM3003A, PM6150, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM855, PM855B, PM855L, PM855P, PMC1000H, PMK8002, PMK8003, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMR525, PMR735B, PMX50, PMX55, QAT3516, QAT3518, QAT3519, QAT3555, QAT5515, QAT5522, QAT5533, QBT1500, QBT2000, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QDM2301, QDM2305, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4101, QET5100, QET6110, QFS2530, QFS2580, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA5580, QPA6560, QPA8673, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4650, QPM5620, QPM5621, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM6582, QPM6585, QPM8820, QPM8830, QPM8895, QSM7250, QSM8250, QTC800H, QTC801S, QTM525, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 8C, SD ...[truncated*]	affected	—

Configuration 1 [-]

OR	cpe:2.3:h:qualcomm:aqt1000:-:::::::*
	cpe:2.3:h:qualcomm:pm3003a:-:::::::*
	cpe:2.3:h:qualcomm:pm6150:-:::::::*
	cpe:2.3:h:qualcomm:pm7150a:-:::::::*
	cpe:2.3:h:qualcomm:pm7150l:-:::::::*
	cpe:2.3:h:qualcomm:pm7250:-:::::::*
	cpe:2.3:h:qualcomm:pm7250b:-:::::::*
	cpe:2.3:h:qualcomm:pm8004:-:::::::*
	cpe:2.3:h:qualcomm:pm8008:-:::::::*
	cpe:2.3:h:qualcomm:pm8009:-:::::::*
	cpe:2.3:h:qualcomm:pm8150:-:::::::*
	cpe:2.3:h:qualcomm:pm8150a:-:::::::*
	cpe:2.3:h:qualcomm:pm8150b:-:::::::*
	cpe:2.3:h:qualcomm:pm8150c:-:::::::*
	cpe:2.3:h:qualcomm:pm8150l:-:::::::*
	cpe:2.3:h:qualcomm:pm8250:-:::::::*
	cpe:2.3:h:qualcomm:pm855:-:::::::*
	cpe:2.3:h:qualcomm:pm855b:-:::::::*
	cpe:2.3:h:qualcomm:pm855l:-:::::::*
	cpe:2.3:h:qualcomm:pm855p:-:::::::*
	cpe:2.3:h:qualcomm:pmc1000h:-:::::::*
	cpe:2.3:h:qualcomm:pmk8002:-:::::::*
	cpe:2.3:h:qualcomm:pmk8003:-:::::::*
	cpe:2.3:h:qualcomm:pmm6155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8195au:-:::::::*
	cpe:2.3:h:qualcomm:pmm855au:-:::::::*
	cpe:2.3:h:qualcomm:pmr525:-:::::::*
	cpe:2.3:h:qualcomm:pmr735b:-:::::::*
	cpe:2.3:h:qualcomm:pmx50:-:::::::*
	cpe:2.3:h:qualcomm:pmx55:-:::::::*
	cpe:2.3:h:qualcomm:qat3516:-:::::::*
	cpe:2.3:h:qualcomm:qat3518:-:::::::*
	cpe:2.3:h:qualcomm:qat3519:-:::::::*
	cpe:2.3:h:qualcomm:qat3555:-:::::::*
	cpe:2.3:h:qualcomm:qat5515:-:::::::*
	cpe:2.3:h:qualcomm:qat5522:-:::::::*
	cpe:2.3:h:qualcomm:qat5533:-:::::::*
	cpe:2.3:h:qualcomm:qbt1500:-:::::::*
	cpe:2.3:h:qualcomm:qbt2000:-:::::::*
	cpe:2.3:h:qualcomm:qca6390:-:::::::*
	cpe:2.3:h:qualcomm:qca6391:-:::::::*
	cpe:2.3:h:qualcomm:qca6420:-:::::::*
	cpe:2.3:h:qualcomm:qca6421:-:::::::*
	cpe:2.3:h:qualcomm:qca6426:-:::::::*
	cpe:2.3:h:qualcomm:qca6430:-:::::::*
	cpe:2.3:h:qualcomm:qca6431:-:::::::*
	cpe:2.3:h:qualcomm:qca6436:-:::::::*
	cpe:2.3:h:qualcomm:qca6574:-:::::::*
	cpe:2.3:h:qualcomm:qca6574a:-:::::::*
	cpe:2.3:h:qualcomm:qca6574au:-:::::::*
	cpe:2.3:h:qualcomm:qca6595au:-:::::::*
	cpe:2.3:h:qualcomm:qca6696:-:::::::*
	cpe:2.3:h:qualcomm:qdm2301:-:::::::*
	cpe:2.3:h:qualcomm:qdm2305:-:::::::*
	cpe:2.3:h:qualcomm:qdm3301:-:::::::*
	cpe:2.3:h:qualcomm:qdm5620:-:::::::*
	cpe:2.3:h:qualcomm:qdm5621:-:::::::*
	cpe:2.3:h:qualcomm:qdm5650:-:::::::*
	cpe:2.3:h:qualcomm:qdm5652:-:::::::*
	cpe:2.3:h:qualcomm:qdm5670:-:::::::*
	cpe:2.3:h:qualcomm:qdm5671:-:::::::*
	cpe:2.3:h:qualcomm:qdm5677:-:::::::*
	cpe:2.3:h:qualcomm:qdm5679:-:::::::*
cpe:2.3:h:qualcomm:qet4101:-:::::::*
cpe:2.3:h:qualcomm:qet5100:-:::::::*
cpe:2.3:h:qualcomm:qet6110:-:::::::*
cpe:2.3:h:qualcomm:qfs2530:-:::::::*
cpe:2.3:h:qualcomm:qfs2580:-:::::::*
cpe:2.3:h:qualcomm:qln4642:-:::::::*
cpe:2.3:h:qualcomm:qln4650:-:::::::*
cpe:2.3:h:qualcomm:qln5020:-:::::::*
cpe:2.3:h:qualcomm:qln5030:-:::::::*
cpe:2.3:h:qualcomm:qln5040:-:::::::*
cpe:2.3:h:qualcomm:qpa2625:-:::::::*
cpe:2.3:h:qualcomm:qpa5580:-:::::::*
cpe:2.3:h:qualcomm:qpa6560:-:::::::*
cpe:2.3:h:qualcomm:qpa8673:-:::::::*
cpe:2.3:h:qualcomm:qpa8686:-:::::::*
cpe:2.3:h:qualcomm:qpa8801:-:::::::*
cpe:2.3:h:qualcomm:qpa8802:-:::::::*
cpe:2.3:h:qualcomm:qpa8803:-:::::::*
cpe:2.3:h:qualcomm:qpa8821:-:::::::*
cpe:2.3:h:qualcomm:qpa8842:-:::::::*
cpe:2.3:h:qualcomm:qpm4650:-:::::::*
cpe:2.3:h:qualcomm:qpm5620:-:::::::*
cpe:2.3:h:qualcomm:qpm5621:-:::::::*
cpe:2.3:h:qualcomm:qpm5657:-:::::::*
cpe:2.3:h:qualcomm:qpm5658:-:::::::*
cpe:2.3:h:qualcomm:qpm5670:-:::::::*
cpe:2.3:h:qualcomm:qpm5677:-:::::::*
cpe:2.3:h:qualcomm:qpm5679:-:::::::*
cpe:2.3:h:qualcomm:qpm6582:-:::::::*
cpe:2.3:h:qualcomm:qpm6585:-:::::::*
cpe:2.3:h:qualcomm:qpm8820:-:::::::*
cpe:2.3:h:qualcomm:qpm8830:-:::::::*
cpe:2.3:h:qualcomm:qpm8895:-:::::::*
cpe:2.3:h:qualcomm:qsm7250:-:::::::*
cpe:2.3:h:qualcomm:qsm8250:-:::::::*
cpe:2.3:h:qualcomm:qtc800h:-:::::::*
cpe:2.3:h:qualcomm:qtc801s:-:::::::*
cpe:2.3:h:qualcomm:qtm525:-:::::::*
cpe:2.3:h:qualcomm:sa6145p:-:::::::*
cpe:2.3:h:qualcomm:sa6150p:-:::::::*
cpe:2.3:h:qualcomm:sa6155:-:::::::*
cpe:2.3:h:qualcomm:sa6155p:-:::::::*
cpe:2.3:h:qualcomm:sa8150p:-:::::::*
cpe:2.3:h:qualcomm:sa8155:-:::::::*
cpe:2.3:h:qualcomm:sa8155p:-:::::::*
cpe:2.3:h:qualcomm:sa8195p:-:::::::*
cpe:2.3:h:qualcomm:sc8180x\+sdx55:-:::::::*
cpe:2.3:h:qualcomm:sd730:-:::::::*
cpe:2.3:h:qualcomm:sd765:-:::::::*
cpe:2.3:h:qualcomm:sd765g:-:::::::*
cpe:2.3:h:qualcomm:sd768g:-:::::::*
cpe:2.3:h:qualcomm:sd855:-:::::::*
cpe:2.3:h:qualcomm:sd8655g:-:::::::*
cpe:2.3:h:qualcomm:sd8c:-:::::::*
cpe:2.3:h:qualcomm:sd8cx:-:::::::*
cpe:2.3:h:qualcomm:sdr051:-:::::::*
cpe:2.3:h:qualcomm:sdr052:-:::::::*
cpe:2.3:h:qualcomm:sdr660:-:::::::*
cpe:2.3:h:qualcomm:sdr735:-:::::::*
cpe:2.3:h:qualcomm:sdr8150:-:::::::*
cpe:2.3:h:qualcomm:sdr8250:-:::::::*
cpe:2.3:h:qualcomm:sdr865:-:::::::*
cpe:2.3:h:qualcomm:sdx50m:-:::::::*
cpe:2.3:h:qualcomm:sdx55:-:::::::*
cpe:2.3:h:qualcomm:sdx55m:-:::::::*
cpe:2.3:h:qualcomm:sdxr25g:-:::::::*
cpe:2.3:h:qualcomm:sm7250p:-:::::::*
cpe:2.3:h:qualcomm:smb1355:-:::::::*
cpe:2.3:h:qualcomm:smb1381:-:::::::*
cpe:2.3:h:qualcomm:smb1390:-:::::::*
cpe:2.3:h:qualcomm:smb1395:-:::::::*
cpe:2.3:h:qualcomm:smb2351:-:::::::*
cpe:2.3:h:qualcomm:smr525:-:::::::*
cpe:2.3:h:qualcomm:smr526:-:::::::*
cpe:2.3:h:qualcomm:wcd9340:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcd9370:-:::::::*
cpe:2.3:h:qualcomm:wcd9371:-:::::::*
cpe:2.3:h:qualcomm:wcd9375:-:::::::*
cpe:2.3:h:qualcomm:wcd9380:-:::::::*
cpe:2.3:h:qualcomm:wcd9385:-:::::::*
cpe:2.3:h:qualcomm:wcn3910:-:::::::*
cpe:2.3:h:qualcomm:wcn3980:-:::::::*
cpe:2.3:h:qualcomm:wcn3988:-:::::::*
cpe:2.3:h:qualcomm:wcn3990:-:::::::*
cpe:2.3:h:qualcomm:wcn3991:-:::::::*
cpe:2.3:h:qualcomm:wcn3998:-:::::::*
cpe:2.3:h:qualcomm:wcn6750:-:::::::*
cpe:2.3:h:qualcomm:wcn6850:-:::::::*
cpe:2.3:h:qualcomm:wcn6851:-:::::::*
cpe:2.3:h:qualcomm:wsa8810:-:::::::*
cpe:2.3:h:qualcomm:wsa8815:-:::::::*
cpe:2.3:h:qualcomm:wsa8830:-:::::::*
cpe:2.3:h:qualcomm:wsa8835:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Qualcomm Subscribe	Aqt1000 Subscribe Pm3003a Subscribe Pm6150 Subscribe Pm7150a Subscribe Pm7150l Subscribe Pm7250 Subscribe Pm7250b Subscribe Pm8004 Subscribe Pm8008 Subscribe Pm8009 Subscribe Pm8150 Subscribe Pm8150a Subscribe Pm8150b Subscribe Pm8150c Subscribe Pm8150l Subscribe Pm8250 Subscribe Pm855 Subscribe Pm855b Subscribe Pm855l Subscribe Pm855p Subscribe Pmc1000h Subscribe Pmk8002 Subscribe Pmk8003 Subscribe Pmm6155au Subscribe Pmm8155au Subscribe Pmm8195au Subscribe Pmm855au Subscribe Pmr525 Subscribe Pmr735b Subscribe Pmx50 Subscribe Pmx55 Subscribe Qat3516 Subscribe Qat3518 Subscribe Qat3519 Subscribe Qat3555 Subscribe Qat5515 Subscribe Qat5522 Subscribe Qat5533 Subscribe Qbt1500 Subscribe Qbt2000 Subscribe Qca6390 Subscribe Qca6391 Subscribe Qca6420 Subscribe Qca6421 Subscribe Qca6426 Subscribe Qca6430 Subscribe Qca6431 Subscribe Qca6436 Subscribe Qca6574 Subscribe Qca6574a Subscribe Qca6574au Subscribe Qca6595au Subscribe Qca6696 Subscribe Qdm2301 Subscribe Qdm2305 Subscribe Qdm3301 Subscribe Qdm5620 Subscribe Qdm5621 Subscribe Qdm5650 Subscribe Qdm5652 Subscribe Qdm5670 Subscribe Qdm5671 Subscribe Qdm5677 Subscribe Qdm5679 Subscribe Qet4101 Subscribe Qet5100 Subscribe Qet6110 Subscribe Qfs2530 Subscribe Qfs2580 Subscribe Qln4642 Subscribe Qln4650 Subscribe Qln5020 Subscribe Qln5030 Subscribe Qln5040 Subscribe Qpa2625 Subscribe Qpa5580 Subscribe Qpa6560 Subscribe Qpa8673 Subscribe Qpa8686 Subscribe Qpa8801 Subscribe Qpa8802 Subscribe Qpa8803 Subscribe Qpa8821 Subscribe Qpa8842 Subscribe Qpm4650 Subscribe Qpm5620 Subscribe Qpm5621 Subscribe Qpm5657 Subscribe Qpm5658 Subscribe Qpm5670 Subscribe Qpm5677 Subscribe Qpm5679 Subscribe Qpm6582 Subscribe Qpm6585 Subscribe Qpm8820 Subscribe Qpm8830 Subscribe Qpm8895 Subscribe Qsm7250 Subscribe Qsm8250 Subscribe Qtc800h Subscribe Qtc801s Subscribe Qtm525 Subscribe Sa6145p Subscribe Sa6150p Subscribe Sa6155 Subscribe Sa6155p Subscribe Sa8150p Subscribe Sa8155 Subscribe Sa8155p Subscribe Sa8195p Subscribe Sc8180x\+sdx55 Subscribe Sd730 Subscribe Sd765 Subscribe Sd765g Subscribe Sd768g Subscribe Sd855 Subscribe Sd8655g Subscribe Sd8c Subscribe Sd8cx Subscribe Sdr051 Subscribe Sdr052 Subscribe Sdr660 Subscribe Sdr735 Subscribe Sdr8150 Subscribe Sdr8250 Subscribe Sdr865 Subscribe Sdx50m Subscribe Sdx55 Subscribe Sdx55m Subscribe Sdxr25g Subscribe Sm7250p Subscribe Smb1355 Subscribe Smb1381 Subscribe Smb1390 Subscribe Smb1395 Subscribe Smb2351 Subscribe Smr525 Subscribe Smr526 Subscribe Wcd9340 Subscribe Wcd9341 Subscribe Wcd9370 Subscribe Wcd9371 Subscribe Wcd9375 Subscribe Wcd9380 Subscribe Wcd9385 Subscribe Wcn3910 Subscribe Wcn3980 Subscribe Wcn3988 Subscribe Wcn3990 Subscribe Wcn3991 Subscribe Wcn3998 Subscribe Wcn6750 Subscribe Wcn6850 Subscribe Wcn6851 Subscribe Wsa8810 Subscribe Wsa8815 Subscribe Wsa8830 Subscribe Wsa8835 Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2020-3534	Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2021-01-21T09:41:20

Updated: 2024-08-04T11:28:13.624Z

Reserved: 2020-03-31T00:00:00

Link: CVE-2020-11180

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-01-21T10:15:14.150

Modified: 2024-11-21T04:57:07.273

Link: CVE-2020-11180

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object