CVE-2020-11185 - Vulnerability Details

Description

Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Published: 2021-01-21

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

affected

Version	Status	Constraints
AR9380, CSR8811, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, PM3003A, PM7350C, PM8008, PM8009, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PMK7350, PMK8002, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMR525, PMR735A, PMR735B, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3555, QAT5515, QAT5516, QAT5522, QAT5568, QCA4024, QCA6175A, QCA6390, QCA6391, QCA6428, QCA6438, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA7500, QCA8072, QCA8075, QCA8081, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN7605, QCN7606, QCN9000, QCN9074, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643 ...[truncated*]	affected	—

Configuration 1 [-]

OR	cpe:2.3:h:qualcomm:ar9380:-:::::::*
	cpe:2.3:h:qualcomm:csr8811:-:::::::*
	cpe:2.3:h:qualcomm:ipq4018:-:::::::*
	cpe:2.3:h:qualcomm:ipq4019:-:::::::*
	cpe:2.3:h:qualcomm:ipq4028:-:::::::*
	cpe:2.3:h:qualcomm:ipq4029:-:::::::*
	cpe:2.3:h:qualcomm:ipq6000:-:::::::*
	cpe:2.3:h:qualcomm:ipq6005:-:::::::*
	cpe:2.3:h:qualcomm:ipq6010:-:::::::*
	cpe:2.3:h:qualcomm:ipq6018:-:::::::*
	cpe:2.3:h:qualcomm:ipq6028:-:::::::*
	cpe:2.3:h:qualcomm:ipq8064:-:::::::*
	cpe:2.3:h:qualcomm:ipq8065:-:::::::*
	cpe:2.3:h:qualcomm:ipq8068:-:::::::*
	cpe:2.3:h:qualcomm:ipq8070:-:::::::*
	cpe:2.3:h:qualcomm:ipq8070a:-:::::::*
	cpe:2.3:h:qualcomm:ipq8071:-:::::::*
	cpe:2.3:h:qualcomm:ipq8071a:-:::::::*
	cpe:2.3:h:qualcomm:ipq8072:-:::::::*
	cpe:2.3:h:qualcomm:ipq8072a:-:::::::*
	cpe:2.3:h:qualcomm:ipq8074:-:::::::*
	cpe:2.3:h:qualcomm:ipq8074a:-:::::::*
	cpe:2.3:h:qualcomm:ipq8076:-:::::::*
	cpe:2.3:h:qualcomm:ipq8076a:-:::::::*
	cpe:2.3:h:qualcomm:ipq8078:-:::::::*
	cpe:2.3:h:qualcomm:ipq8078a:-:::::::*
	cpe:2.3:h:qualcomm:ipq8173:-:::::::*
	cpe:2.3:h:qualcomm:ipq8174:-:::::::*
	cpe:2.3:h:qualcomm:pm3003a:-:::::::*
	cpe:2.3:h:qualcomm:pm7350c:-:::::::*
	cpe:2.3:h:qualcomm:pm8008:-:::::::*
	cpe:2.3:h:qualcomm:pm8009:-:::::::*
	cpe:2.3:h:qualcomm:pm8350:-:::::::*
	cpe:2.3:h:qualcomm:pm8350b:-:::::::*
	cpe:2.3:h:qualcomm:pm8350bh:-:::::::*
	cpe:2.3:h:qualcomm:pm8350bhs:-:::::::*
	cpe:2.3:h:qualcomm:pm8350c:-:::::::*
	cpe:2.3:h:qualcomm:pmk7350:-:::::::*
	cpe:2.3:h:qualcomm:pmk8002:-:::::::*
	cpe:2.3:h:qualcomm:pmk8350:-:::::::*
	cpe:2.3:h:qualcomm:pmm6155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8195au:-:::::::*
	cpe:2.3:h:qualcomm:pmm855au:-:::::::*
	cpe:2.3:h:qualcomm:pmr525:-:::::::*
	cpe:2.3:h:qualcomm:pmr735a:-:::::::*
	cpe:2.3:h:qualcomm:pmr735b:-:::::::*
	cpe:2.3:h:qualcomm:pmx55:-:::::::*
	cpe:2.3:h:qualcomm:qat3514:-:::::::*
	cpe:2.3:h:qualcomm:qat3516:-:::::::*
	cpe:2.3:h:qualcomm:qat3518:-:::::::*
	cpe:2.3:h:qualcomm:qat3519:-:::::::*
	cpe:2.3:h:qualcomm:qat3555:-:::::::*
	cpe:2.3:h:qualcomm:qat5515:-:::::::*
	cpe:2.3:h:qualcomm:qat5516:-:::::::*
	cpe:2.3:h:qualcomm:qat5522:-:::::::*
	cpe:2.3:h:qualcomm:qat5568:-:::::::*
	cpe:2.3:h:qualcomm:qca4024:-:::::::*
	cpe:2.3:h:qualcomm:qca6175a:-:::::::*
	cpe:2.3:h:qualcomm:qca6390:-:::::::*
	cpe:2.3:h:qualcomm:qca6391:-:::::::*
	cpe:2.3:h:qualcomm:qca6428:-:::::::*
	cpe:2.3:h:qualcomm:qca6438:-:::::::*
	cpe:2.3:h:qualcomm:qca6564a:-:::::::*
cpe:2.3:h:qualcomm:qca6564au:-:::::::*
cpe:2.3:h:qualcomm:qca6574:-:::::::*
cpe:2.3:h:qualcomm:qca6574a:-:::::::*
cpe:2.3:h:qualcomm:qca6574au:-:::::::*
cpe:2.3:h:qualcomm:qca6584au:-:::::::*
cpe:2.3:h:qualcomm:qca6595:-:::::::*
cpe:2.3:h:qualcomm:qca6595au:-:::::::*
cpe:2.3:h:qualcomm:qca6696:-:::::::*
cpe:2.3:h:qualcomm:qca7500:-:::::::*
cpe:2.3:h:qualcomm:qca8072:-:::::::*
cpe:2.3:h:qualcomm:qca8075:-:::::::*
cpe:2.3:h:qualcomm:qca8081:-:::::::*
cpe:2.3:h:qualcomm:qca9880:-:::::::*
cpe:2.3:h:qualcomm:qca9886:-:::::::*
cpe:2.3:h:qualcomm:qca9888:-:::::::*
cpe:2.3:h:qualcomm:qca9889:-:::::::*
cpe:2.3:h:qualcomm:qca9898:-:::::::*
cpe:2.3:h:qualcomm:qca9980:-:::::::*
cpe:2.3:h:qualcomm:qca9984:-:::::::*
cpe:2.3:h:qualcomm:qca9985:-:::::::*
cpe:2.3:h:qualcomm:qca9990:-:::::::*
cpe:2.3:h:qualcomm:qca9992:-:::::::*
cpe:2.3:h:qualcomm:qca9994:-:::::::*
cpe:2.3:h:qualcomm:qcn5021:-:::::::*
cpe:2.3:h:qualcomm:qcn5022:-:::::::*
cpe:2.3:h:qualcomm:qcn5024:-:::::::*
cpe:2.3:h:qualcomm:qcn5052:-:::::::*
cpe:2.3:h:qualcomm:qcn5054:-:::::::*
cpe:2.3:h:qualcomm:qcn5064:-:::::::*
cpe:2.3:h:qualcomm:qcn5121:-:::::::*
cpe:2.3:h:qualcomm:qcn5122:-:::::::*
cpe:2.3:h:qualcomm:qcn5124:-:::::::*
cpe:2.3:h:qualcomm:qcn5152:-:::::::*
cpe:2.3:h:qualcomm:qcn5154:-:::::::*
cpe:2.3:h:qualcomm:qcn5164:-:::::::*
cpe:2.3:h:qualcomm:qcn5550:-:::::::*
cpe:2.3:h:qualcomm:qcn7605:-:::::::*
cpe:2.3:h:qualcomm:qcn7606:-:::::::*
cpe:2.3:h:qualcomm:qcn9000:-:::::::*
cpe:2.3:h:qualcomm:qcn9074:-:::::::*
cpe:2.3:h:qualcomm:qdm2307:-:::::::*
cpe:2.3:h:qualcomm:qdm2308:-:::::::*
cpe:2.3:h:qualcomm:qdm2310:-:::::::*
cpe:2.3:h:qualcomm:qdm3301:-:::::::*
cpe:2.3:h:qualcomm:qdm3302:-:::::::*
cpe:2.3:h:qualcomm:qdm4643:-:::::::*
cpe:2.3:h:qualcomm:qdm4650:-:::::::*
cpe:2.3:h:qualcomm:qdm5579:-:::::::*
cpe:2.3:h:qualcomm:qdm5620:-:::::::*
cpe:2.3:h:qualcomm:qdm5621:-:::::::*
cpe:2.3:h:qualcomm:qdm5670:-:::::::*
cpe:2.3:h:qualcomm:qdm5671:-:::::::*
cpe:2.3:h:qualcomm:qdm5677:-:::::::*
cpe:2.3:h:qualcomm:qdm5679:-:::::::*
cpe:2.3:h:qualcomm:qet5100:-:::::::*
cpe:2.3:h:qualcomm:qet5100m:-:::::::*
cpe:2.3:h:qualcomm:qet6100:-:::::::*
cpe:2.3:h:qualcomm:qet6110:-:::::::*
cpe:2.3:h:qualcomm:qfs2530:-:::::::*
cpe:2.3:h:qualcomm:qfs2580:-:::::::*
cpe:2.3:h:qualcomm:qfs2608:-:::::::*
cpe:2.3:h:qualcomm:qfs2630:-:::::::*
cpe:2.3:h:qualcomm:qln4642:-:::::::*
cpe:2.3:h:qualcomm:qln4650:-:::::::*
cpe:2.3:h:qualcomm:qln5020:-:::::::*
cpe:2.3:h:qualcomm:qln5030:-:::::::*
cpe:2.3:h:qualcomm:qln5040:-:::::::*
cpe:2.3:h:qualcomm:qpa2625:-:::::::*
cpe:2.3:h:qualcomm:qpa5461:-:::::::*
cpe:2.3:h:qualcomm:qpa5580:-:::::::*
cpe:2.3:h:qualcomm:qpa5581:-:::::::*
cpe:2.3:h:qualcomm:qpa6560:-:::::::*
cpe:2.3:h:qualcomm:qpa8801:-:::::::*
cpe:2.3:h:qualcomm:qpa8802:-:::::::*
cpe:2.3:h:qualcomm:qpa8803:-:::::::*
cpe:2.3:h:qualcomm:qpa8821:-:::::::*
cpe:2.3:h:qualcomm:qpa8842:-:::::::*
cpe:2.3:h:qualcomm:qpm4621:-:::::::*
cpe:2.3:h:qualcomm:qpm4630:-:::::::*
cpe:2.3:h:qualcomm:qpm4640:-:::::::*
cpe:2.3:h:qualcomm:qpm4641:-:::::::*
cpe:2.3:h:qualcomm:qpm4650:-:::::::*
cpe:2.3:h:qualcomm:qpm5621:-:::::::*
cpe:2.3:h:qualcomm:qpm5641:-:::::::*
cpe:2.3:h:qualcomm:qpm5670:-:::::::*
cpe:2.3:h:qualcomm:qpm5677:-:::::::*
cpe:2.3:h:qualcomm:qpm5679:-:::::::*
cpe:2.3:h:qualcomm:qpm5870:-:::::::*
cpe:2.3:h:qualcomm:qpm5875:-:::::::*
cpe:2.3:h:qualcomm:qpm6585:-:::::::*
cpe:2.3:h:qualcomm:qpm6621:-:::::::*
cpe:2.3:h:qualcomm:qpm6670:-:::::::*
cpe:2.3:h:qualcomm:qpm8820:-:::::::*
cpe:2.3:h:qualcomm:qpm8870:-:::::::*
cpe:2.3:h:qualcomm:qtm525:-:::::::*
cpe:2.3:h:qualcomm:sa6145p:-:::::::*
cpe:2.3:h:qualcomm:sa6155p:-:::::::*
cpe:2.3:h:qualcomm:sa8150p:-:::::::*
cpe:2.3:h:qualcomm:sa8155:-:::::::*
cpe:2.3:h:qualcomm:sa8155p:-:::::::*
cpe:2.3:h:qualcomm:sa8195p:-:::::::*
cpe:2.3:h:qualcomm:sd8885g:-:::::::*
cpe:2.3:h:qualcomm:sdr660g:-:::::::*
cpe:2.3:h:qualcomm:sdr735:-:::::::*
cpe:2.3:h:qualcomm:sdr735g:-:::::::*
cpe:2.3:h:qualcomm:sdr8250:-:::::::*
cpe:2.3:h:qualcomm:sdr865:-:::::::*
cpe:2.3:h:qualcomm:sdx55:-:::::::*
cpe:2.3:h:qualcomm:sdx55m:-:::::::*
cpe:2.3:h:qualcomm:sm7350:-:::::::*
cpe:2.3:h:qualcomm:smb1394:-:::::::*
cpe:2.3:h:qualcomm:smb1395:-:::::::*
cpe:2.3:h:qualcomm:smb1396:-:::::::*
cpe:2.3:h:qualcomm:smb1398:-:::::::*
cpe:2.3:h:qualcomm:smr525:-:::::::*
cpe:2.3:h:qualcomm:smr526:-:::::::*
cpe:2.3:h:qualcomm:smr545:-:::::::*
cpe:2.3:h:qualcomm:smr546:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcd9380:-:::::::*
cpe:2.3:h:qualcomm:wcd9385:-:::::::*
cpe:2.3:h:qualcomm:wcn3910:-:::::::*
cpe:2.3:h:qualcomm:wcn3991:-:::::::*
cpe:2.3:h:qualcomm:wcn3998:-:::::::*
cpe:2.3:h:qualcomm:wcn6740:-:::::::*
cpe:2.3:h:qualcomm:wcn6750:-:::::::*
cpe:2.3:h:qualcomm:wcn6850:-:::::::*
cpe:2.3:h:qualcomm:wcn6851:-:::::::*
cpe:2.3:h:qualcomm:wcn6856:-:::::::*
cpe:2.3:h:qualcomm:wsa8830:-:::::::*
cpe:2.3:h:qualcomm:wsa8835:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-3539	Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

History

No history.

Subscriptions

Qualcomm Ar9380 Csr8811 Ipq4018 Ipq4019 Ipq4028 Ipq4029 Ipq6000 Ipq6005 Ipq6010 Ipq6018 Ipq6028 Ipq8064 Ipq8065 Ipq8068 Ipq8070 Ipq8070a Ipq8071 Ipq8071a Ipq8072 Ipq8072a Ipq8074 Ipq8074a Ipq8076 Ipq8076a Ipq8078 Ipq8078a Ipq8173 Ipq8174 Pm3003a Pm7350c Pm8008 Pm8009 Pm8350 Pm8350b Pm8350bh Pm8350bhs Pm8350c Pmk7350 Pmk8002 Pmk8350 Pmm6155au Pmm8155au Pmm8195au Pmm855au Pmr525 Pmr735a Pmr735b Pmx55 Qat3514 Qat3516 Qat3518 Qat3519 Qat3555 Qat5515 Qat5516 Qat5522 Qat5568 Qca4024 Qca6175a Qca6390 Qca6391 Qca6428 Qca6438 Qca6564a Qca6564au Qca6574 Qca6574a Qca6574au Qca6584au Qca6595 Qca6595au Qca6696 Qca7500 Qca8072 Qca8075 Qca8081 Qca9880 Qca9886 Qca9888 Qca9889 Qca9898 Qca9980 Qca9984 Qca9985 Qca9990 Qca9992 Qca9994 Qcn5021 Qcn5022 Qcn5024 Qcn5052 Qcn5054 Qcn5064 Qcn5121 Qcn5122 Qcn5124 Qcn5152 Qcn5154 Qcn5164 Qcn5550 Qcn7605 Qcn7606 Qcn9000 Qcn9074 Qdm2307 Qdm2308 Qdm2310 Qdm3301 Qdm3302 Qdm4643 Qdm4650 Qdm5579 Qdm5620 Qdm5621 Qdm5670 Qdm5671 Qdm5677 Qdm5679 Qet5100 Qet5100m Qet6100 Qet6110 Qfs2530 Qfs2580 Qfs2608 Qfs2630 Qln4642 Qln4650 Qln5020 Qln5030 Qln5040 Qpa2625 Qpa5461 Qpa5580 Qpa5581 Qpa6560 Qpa8801 Qpa8802 Qpa8803 Qpa8821 Qpa8842 Qpm4621 Qpm4630 Qpm4640 Qpm4641 Qpm4650 Qpm5621 Qpm5641 Qpm5670 Qpm5677 Qpm5679 Qpm5870 Qpm5875 Qpm6585 Qpm6621 Qpm6670 Qpm8820 Qpm8870 Qtm525 Sa6145p Sa6155p Sa8150p Sa8155 Sa8155p Sa8195p Sd8885g Sdr660g Sdr735 Sdr735g Sdr8250 Sdr865 Sdx55 Sdx55m Sm7350 Smb1394 Smb1395 Smb1396 Smb1398 Smr525 Smr526 Smr545 Smr546 Wcd9341 Wcd9380 Wcd9385 Wcn3910 Wcn3991 Wcn3998 Wcn6740 Wcn6750 Wcn6850 Wcn6851 Wcn6856 Wsa8830 Wsa8835

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2021-01-21T09:41:22.000Z

Updated: 2024-08-04T11:28:13.403Z

Reserved: 2020-03-31T00:00:00.000Z

Link: CVE-2020-11185

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-01-21T10:15:14.307

Modified: 2024-11-21T04:57:08.130

Link: CVE-2020-11185

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-787

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object