CVE-2020-11180 - Vulnerability Details

Description

Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Published: 2021-01-21

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

affected

Version	Status	Constraints
AQT1000, PM3003A, PM6150, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM855, PM855B, PM855L, PM855P, PMC1000H, PMK8002, PMK8003, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMR525, PMR735B, PMX50, PMX55, QAT3516, QAT3518, QAT3519, QAT3555, QAT5515, QAT5522, QAT5533, QBT1500, QBT2000, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6574, QCA6574A, QCA6574AU, QCA6595AU, QCA6696, QDM2301, QDM2305, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4101, QET5100, QET6110, QFS2530, QFS2580, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA5580, QPA6560, QPA8673, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4650, QPM5620, QPM5621, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM6582, QPM6585, QPM8820, QPM8830, QPM8895, QSM7250, QSM8250, QTC800H, QTC801S, QTM525, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 8C, SD ...[truncated*]	affected	—

Configuration 1 [-]

OR	cpe:2.3:h:qualcomm:aqt1000:-:::::::*
	cpe:2.3:h:qualcomm:pm3003a:-:::::::*
	cpe:2.3:h:qualcomm:pm6150:-:::::::*
	cpe:2.3:h:qualcomm:pm7150a:-:::::::*
	cpe:2.3:h:qualcomm:pm7150l:-:::::::*
	cpe:2.3:h:qualcomm:pm7250:-:::::::*
	cpe:2.3:h:qualcomm:pm7250b:-:::::::*
	cpe:2.3:h:qualcomm:pm8004:-:::::::*
	cpe:2.3:h:qualcomm:pm8008:-:::::::*
	cpe:2.3:h:qualcomm:pm8009:-:::::::*
	cpe:2.3:h:qualcomm:pm8150:-:::::::*
	cpe:2.3:h:qualcomm:pm8150a:-:::::::*
	cpe:2.3:h:qualcomm:pm8150b:-:::::::*
	cpe:2.3:h:qualcomm:pm8150c:-:::::::*
	cpe:2.3:h:qualcomm:pm8150l:-:::::::*
	cpe:2.3:h:qualcomm:pm8250:-:::::::*
	cpe:2.3:h:qualcomm:pm855:-:::::::*
	cpe:2.3:h:qualcomm:pm855b:-:::::::*
	cpe:2.3:h:qualcomm:pm855l:-:::::::*
	cpe:2.3:h:qualcomm:pm855p:-:::::::*
	cpe:2.3:h:qualcomm:pmc1000h:-:::::::*
	cpe:2.3:h:qualcomm:pmk8002:-:::::::*
	cpe:2.3:h:qualcomm:pmk8003:-:::::::*
	cpe:2.3:h:qualcomm:pmm6155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8195au:-:::::::*
	cpe:2.3:h:qualcomm:pmm855au:-:::::::*
	cpe:2.3:h:qualcomm:pmr525:-:::::::*
	cpe:2.3:h:qualcomm:pmr735b:-:::::::*
	cpe:2.3:h:qualcomm:pmx50:-:::::::*
	cpe:2.3:h:qualcomm:pmx55:-:::::::*
	cpe:2.3:h:qualcomm:qat3516:-:::::::*
	cpe:2.3:h:qualcomm:qat3518:-:::::::*
	cpe:2.3:h:qualcomm:qat3519:-:::::::*
	cpe:2.3:h:qualcomm:qat3555:-:::::::*
	cpe:2.3:h:qualcomm:qat5515:-:::::::*
	cpe:2.3:h:qualcomm:qat5522:-:::::::*
	cpe:2.3:h:qualcomm:qat5533:-:::::::*
	cpe:2.3:h:qualcomm:qbt1500:-:::::::*
	cpe:2.3:h:qualcomm:qbt2000:-:::::::*
	cpe:2.3:h:qualcomm:qca6390:-:::::::*
	cpe:2.3:h:qualcomm:qca6391:-:::::::*
	cpe:2.3:h:qualcomm:qca6420:-:::::::*
	cpe:2.3:h:qualcomm:qca6421:-:::::::*
	cpe:2.3:h:qualcomm:qca6426:-:::::::*
	cpe:2.3:h:qualcomm:qca6430:-:::::::*
	cpe:2.3:h:qualcomm:qca6431:-:::::::*
	cpe:2.3:h:qualcomm:qca6436:-:::::::*
	cpe:2.3:h:qualcomm:qca6574:-:::::::*
	cpe:2.3:h:qualcomm:qca6574a:-:::::::*
	cpe:2.3:h:qualcomm:qca6574au:-:::::::*
	cpe:2.3:h:qualcomm:qca6595au:-:::::::*
	cpe:2.3:h:qualcomm:qca6696:-:::::::*
	cpe:2.3:h:qualcomm:qdm2301:-:::::::*
	cpe:2.3:h:qualcomm:qdm2305:-:::::::*
	cpe:2.3:h:qualcomm:qdm3301:-:::::::*
	cpe:2.3:h:qualcomm:qdm5620:-:::::::*
	cpe:2.3:h:qualcomm:qdm5621:-:::::::*
	cpe:2.3:h:qualcomm:qdm5650:-:::::::*
	cpe:2.3:h:qualcomm:qdm5652:-:::::::*
	cpe:2.3:h:qualcomm:qdm5670:-:::::::*
	cpe:2.3:h:qualcomm:qdm5671:-:::::::*
	cpe:2.3:h:qualcomm:qdm5677:-:::::::*
	cpe:2.3:h:qualcomm:qdm5679:-:::::::*
cpe:2.3:h:qualcomm:qet4101:-:::::::*
cpe:2.3:h:qualcomm:qet5100:-:::::::*
cpe:2.3:h:qualcomm:qet6110:-:::::::*
cpe:2.3:h:qualcomm:qfs2530:-:::::::*
cpe:2.3:h:qualcomm:qfs2580:-:::::::*
cpe:2.3:h:qualcomm:qln4642:-:::::::*
cpe:2.3:h:qualcomm:qln4650:-:::::::*
cpe:2.3:h:qualcomm:qln5020:-:::::::*
cpe:2.3:h:qualcomm:qln5030:-:::::::*
cpe:2.3:h:qualcomm:qln5040:-:::::::*
cpe:2.3:h:qualcomm:qpa2625:-:::::::*
cpe:2.3:h:qualcomm:qpa5580:-:::::::*
cpe:2.3:h:qualcomm:qpa6560:-:::::::*
cpe:2.3:h:qualcomm:qpa8673:-:::::::*
cpe:2.3:h:qualcomm:qpa8686:-:::::::*
cpe:2.3:h:qualcomm:qpa8801:-:::::::*
cpe:2.3:h:qualcomm:qpa8802:-:::::::*
cpe:2.3:h:qualcomm:qpa8803:-:::::::*
cpe:2.3:h:qualcomm:qpa8821:-:::::::*
cpe:2.3:h:qualcomm:qpa8842:-:::::::*
cpe:2.3:h:qualcomm:qpm4650:-:::::::*
cpe:2.3:h:qualcomm:qpm5620:-:::::::*
cpe:2.3:h:qualcomm:qpm5621:-:::::::*
cpe:2.3:h:qualcomm:qpm5657:-:::::::*
cpe:2.3:h:qualcomm:qpm5658:-:::::::*
cpe:2.3:h:qualcomm:qpm5670:-:::::::*
cpe:2.3:h:qualcomm:qpm5677:-:::::::*
cpe:2.3:h:qualcomm:qpm5679:-:::::::*
cpe:2.3:h:qualcomm:qpm6582:-:::::::*
cpe:2.3:h:qualcomm:qpm6585:-:::::::*
cpe:2.3:h:qualcomm:qpm8820:-:::::::*
cpe:2.3:h:qualcomm:qpm8830:-:::::::*
cpe:2.3:h:qualcomm:qpm8895:-:::::::*
cpe:2.3:h:qualcomm:qsm7250:-:::::::*
cpe:2.3:h:qualcomm:qsm8250:-:::::::*
cpe:2.3:h:qualcomm:qtc800h:-:::::::*
cpe:2.3:h:qualcomm:qtc801s:-:::::::*
cpe:2.3:h:qualcomm:qtm525:-:::::::*
cpe:2.3:h:qualcomm:sa6145p:-:::::::*
cpe:2.3:h:qualcomm:sa6150p:-:::::::*
cpe:2.3:h:qualcomm:sa6155:-:::::::*
cpe:2.3:h:qualcomm:sa6155p:-:::::::*
cpe:2.3:h:qualcomm:sa8150p:-:::::::*
cpe:2.3:h:qualcomm:sa8155:-:::::::*
cpe:2.3:h:qualcomm:sa8155p:-:::::::*
cpe:2.3:h:qualcomm:sa8195p:-:::::::*
cpe:2.3:h:qualcomm:sc8180x\+sdx55:-:::::::*
cpe:2.3:h:qualcomm:sd730:-:::::::*
cpe:2.3:h:qualcomm:sd765:-:::::::*
cpe:2.3:h:qualcomm:sd765g:-:::::::*
cpe:2.3:h:qualcomm:sd768g:-:::::::*
cpe:2.3:h:qualcomm:sd855:-:::::::*
cpe:2.3:h:qualcomm:sd8655g:-:::::::*
cpe:2.3:h:qualcomm:sd8c:-:::::::*
cpe:2.3:h:qualcomm:sd8cx:-:::::::*
cpe:2.3:h:qualcomm:sdr051:-:::::::*
cpe:2.3:h:qualcomm:sdr052:-:::::::*
cpe:2.3:h:qualcomm:sdr660:-:::::::*
cpe:2.3:h:qualcomm:sdr735:-:::::::*
cpe:2.3:h:qualcomm:sdr8150:-:::::::*
cpe:2.3:h:qualcomm:sdr8250:-:::::::*
cpe:2.3:h:qualcomm:sdr865:-:::::::*
cpe:2.3:h:qualcomm:sdx50m:-:::::::*
cpe:2.3:h:qualcomm:sdx55:-:::::::*
cpe:2.3:h:qualcomm:sdx55m:-:::::::*
cpe:2.3:h:qualcomm:sdxr25g:-:::::::*
cpe:2.3:h:qualcomm:sm7250p:-:::::::*
cpe:2.3:h:qualcomm:smb1355:-:::::::*
cpe:2.3:h:qualcomm:smb1381:-:::::::*
cpe:2.3:h:qualcomm:smb1390:-:::::::*
cpe:2.3:h:qualcomm:smb1395:-:::::::*
cpe:2.3:h:qualcomm:smb2351:-:::::::*
cpe:2.3:h:qualcomm:smr525:-:::::::*
cpe:2.3:h:qualcomm:smr526:-:::::::*
cpe:2.3:h:qualcomm:wcd9340:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcd9370:-:::::::*
cpe:2.3:h:qualcomm:wcd9371:-:::::::*
cpe:2.3:h:qualcomm:wcd9375:-:::::::*
cpe:2.3:h:qualcomm:wcd9380:-:::::::*
cpe:2.3:h:qualcomm:wcd9385:-:::::::*
cpe:2.3:h:qualcomm:wcn3910:-:::::::*
cpe:2.3:h:qualcomm:wcn3980:-:::::::*
cpe:2.3:h:qualcomm:wcn3988:-:::::::*
cpe:2.3:h:qualcomm:wcn3990:-:::::::*
cpe:2.3:h:qualcomm:wcn3991:-:::::::*
cpe:2.3:h:qualcomm:wcn3998:-:::::::*
cpe:2.3:h:qualcomm:wcn6750:-:::::::*
cpe:2.3:h:qualcomm:wcn6850:-:::::::*
cpe:2.3:h:qualcomm:wcn6851:-:::::::*
cpe:2.3:h:qualcomm:wsa8810:-:::::::*
cpe:2.3:h:qualcomm:wsa8815:-:::::::*
cpe:2.3:h:qualcomm:wsa8830:-:::::::*
cpe:2.3:h:qualcomm:wsa8835:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-3534	Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

History

No history.

Subscriptions

Qualcomm Aqt1000 Pm3003a Pm6150 Pm7150a Pm7150l Pm7250 Pm7250b Pm8004 Pm8008 Pm8009 Pm8150 Pm8150a Pm8150b Pm8150c Pm8150l Pm8250 Pm855 Pm855b Pm855l Pm855p Pmc1000h Pmk8002 Pmk8003 Pmm6155au Pmm8155au Pmm8195au Pmm855au Pmr525 Pmr735b Pmx50 Pmx55 Qat3516 Qat3518 Qat3519 Qat3555 Qat5515 Qat5522 Qat5533 Qbt1500 Qbt2000 Qca6390 Qca6391 Qca6420 Qca6421 Qca6426 Qca6430 Qca6431 Qca6436 Qca6574 Qca6574a Qca6574au Qca6595au Qca6696 Qdm2301 Qdm2305 Qdm3301 Qdm5620 Qdm5621 Qdm5650 Qdm5652 Qdm5670 Qdm5671 Qdm5677 Qdm5679 Qet4101 Qet5100 Qet6110 Qfs2530 Qfs2580 Qln4642 Qln4650 Qln5020 Qln5030 Qln5040 Qpa2625 Qpa5580 Qpa6560 Qpa8673 Qpa8686 Qpa8801 Qpa8802 Qpa8803 Qpa8821 Qpa8842 Qpm4650 Qpm5620 Qpm5621 Qpm5657 Qpm5658 Qpm5670 Qpm5677 Qpm5679 Qpm6582 Qpm6585 Qpm8820 Qpm8830 Qpm8895 Qsm7250 Qsm8250 Qtc800h Qtc801s Qtm525 Sa6145p Sa6150p Sa6155 Sa6155p Sa8150p Sa8155 Sa8155p Sa8195p Sc8180x\+sdx55 Sd730 Sd765 Sd765g Sd768g Sd855 Sd8655g Sd8c Sd8cx Sdr051 Sdr052 Sdr660 Sdr735 Sdr8150 Sdr8250 Sdr865 Sdx50m Sdx55 Sdx55m Sdxr25g Sm7250p Smb1355 Smb1381 Smb1390 Smb1395 Smb2351 Smr525 Smr526 Wcd9340 Wcd9341 Wcd9370 Wcd9371 Wcd9375 Wcd9380 Wcd9385 Wcn3910 Wcn3980 Wcn3988 Wcn3990 Wcn3991 Wcn3998 Wcn6750 Wcn6850 Wcn6851 Wsa8810 Wsa8815 Wsa8830 Wsa8835

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2021-01-21T09:41:20.000Z

Updated: 2024-08-04T11:28:13.624Z

Reserved: 2020-03-31T00:00:00.000Z

Link: CVE-2020-11180

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-01-21T10:15:14.150

Modified: 2024-11-21T04:57:07.273

Link: CVE-2020-11180

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object