CVE-2020-11185 - Vulnerability Details

Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

affected

Version	Status	Constraints
AR9380, CSR8811, IPQ4018, IPQ4019, IPQ4028, IPQ4029, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8064, IPQ8065, IPQ8068, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, PM3003A, PM7350C, PM8008, PM8009, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PMK7350, PMK8002, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMR525, PMR735A, PMR735B, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3555, QAT5515, QAT5516, QAT5522, QAT5568, QCA4024, QCA6175A, QCA6390, QCA6391, QCA6428, QCA6438, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA7500, QCA8072, QCA8075, QCA8081, QCA9880, QCA9886, QCA9888, QCA9889, QCA9898, QCA9980, QCA9984, QCA9985, QCA9990, QCA9992, QCA9994, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN7605, QCN7606, QCN9000, QCN9074, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643 ...[truncated*]	affected	—

Configuration 1 [-]

OR	cpe:2.3:h:qualcomm:ar9380:-:::::::*
	cpe:2.3:h:qualcomm:csr8811:-:::::::*
	cpe:2.3:h:qualcomm:ipq4018:-:::::::*
	cpe:2.3:h:qualcomm:ipq4019:-:::::::*
	cpe:2.3:h:qualcomm:ipq4028:-:::::::*
	cpe:2.3:h:qualcomm:ipq4029:-:::::::*
	cpe:2.3:h:qualcomm:ipq6000:-:::::::*
	cpe:2.3:h:qualcomm:ipq6005:-:::::::*
	cpe:2.3:h:qualcomm:ipq6010:-:::::::*
	cpe:2.3:h:qualcomm:ipq6018:-:::::::*
	cpe:2.3:h:qualcomm:ipq6028:-:::::::*
	cpe:2.3:h:qualcomm:ipq8064:-:::::::*
	cpe:2.3:h:qualcomm:ipq8065:-:::::::*
	cpe:2.3:h:qualcomm:ipq8068:-:::::::*
	cpe:2.3:h:qualcomm:ipq8070:-:::::::*
	cpe:2.3:h:qualcomm:ipq8070a:-:::::::*
	cpe:2.3:h:qualcomm:ipq8071:-:::::::*
	cpe:2.3:h:qualcomm:ipq8071a:-:::::::*
	cpe:2.3:h:qualcomm:ipq8072:-:::::::*
	cpe:2.3:h:qualcomm:ipq8072a:-:::::::*
	cpe:2.3:h:qualcomm:ipq8074:-:::::::*
	cpe:2.3:h:qualcomm:ipq8074a:-:::::::*
	cpe:2.3:h:qualcomm:ipq8076:-:::::::*
	cpe:2.3:h:qualcomm:ipq8076a:-:::::::*
	cpe:2.3:h:qualcomm:ipq8078:-:::::::*
	cpe:2.3:h:qualcomm:ipq8078a:-:::::::*
	cpe:2.3:h:qualcomm:ipq8173:-:::::::*
	cpe:2.3:h:qualcomm:ipq8174:-:::::::*
	cpe:2.3:h:qualcomm:pm3003a:-:::::::*
	cpe:2.3:h:qualcomm:pm7350c:-:::::::*
	cpe:2.3:h:qualcomm:pm8008:-:::::::*
	cpe:2.3:h:qualcomm:pm8009:-:::::::*
	cpe:2.3:h:qualcomm:pm8350:-:::::::*
	cpe:2.3:h:qualcomm:pm8350b:-:::::::*
	cpe:2.3:h:qualcomm:pm8350bh:-:::::::*
	cpe:2.3:h:qualcomm:pm8350bhs:-:::::::*
	cpe:2.3:h:qualcomm:pm8350c:-:::::::*
	cpe:2.3:h:qualcomm:pmk7350:-:::::::*
	cpe:2.3:h:qualcomm:pmk8002:-:::::::*
	cpe:2.3:h:qualcomm:pmk8350:-:::::::*
	cpe:2.3:h:qualcomm:pmm6155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8195au:-:::::::*
	cpe:2.3:h:qualcomm:pmm855au:-:::::::*
	cpe:2.3:h:qualcomm:pmr525:-:::::::*
	cpe:2.3:h:qualcomm:pmr735a:-:::::::*
	cpe:2.3:h:qualcomm:pmr735b:-:::::::*
	cpe:2.3:h:qualcomm:pmx55:-:::::::*
	cpe:2.3:h:qualcomm:qat3514:-:::::::*
	cpe:2.3:h:qualcomm:qat3516:-:::::::*
	cpe:2.3:h:qualcomm:qat3518:-:::::::*
	cpe:2.3:h:qualcomm:qat3519:-:::::::*
	cpe:2.3:h:qualcomm:qat3555:-:::::::*
	cpe:2.3:h:qualcomm:qat5515:-:::::::*
	cpe:2.3:h:qualcomm:qat5516:-:::::::*
	cpe:2.3:h:qualcomm:qat5522:-:::::::*
	cpe:2.3:h:qualcomm:qat5568:-:::::::*
	cpe:2.3:h:qualcomm:qca4024:-:::::::*
	cpe:2.3:h:qualcomm:qca6175a:-:::::::*
	cpe:2.3:h:qualcomm:qca6390:-:::::::*
	cpe:2.3:h:qualcomm:qca6391:-:::::::*
	cpe:2.3:h:qualcomm:qca6428:-:::::::*
	cpe:2.3:h:qualcomm:qca6438:-:::::::*
	cpe:2.3:h:qualcomm:qca6564a:-:::::::*
cpe:2.3:h:qualcomm:qca6564au:-:::::::*
cpe:2.3:h:qualcomm:qca6574:-:::::::*
cpe:2.3:h:qualcomm:qca6574a:-:::::::*
cpe:2.3:h:qualcomm:qca6574au:-:::::::*
cpe:2.3:h:qualcomm:qca6584au:-:::::::*
cpe:2.3:h:qualcomm:qca6595:-:::::::*
cpe:2.3:h:qualcomm:qca6595au:-:::::::*
cpe:2.3:h:qualcomm:qca6696:-:::::::*
cpe:2.3:h:qualcomm:qca7500:-:::::::*
cpe:2.3:h:qualcomm:qca8072:-:::::::*
cpe:2.3:h:qualcomm:qca8075:-:::::::*
cpe:2.3:h:qualcomm:qca8081:-:::::::*
cpe:2.3:h:qualcomm:qca9880:-:::::::*
cpe:2.3:h:qualcomm:qca9886:-:::::::*
cpe:2.3:h:qualcomm:qca9888:-:::::::*
cpe:2.3:h:qualcomm:qca9889:-:::::::*
cpe:2.3:h:qualcomm:qca9898:-:::::::*
cpe:2.3:h:qualcomm:qca9980:-:::::::*
cpe:2.3:h:qualcomm:qca9984:-:::::::*
cpe:2.3:h:qualcomm:qca9985:-:::::::*
cpe:2.3:h:qualcomm:qca9990:-:::::::*
cpe:2.3:h:qualcomm:qca9992:-:::::::*
cpe:2.3:h:qualcomm:qca9994:-:::::::*
cpe:2.3:h:qualcomm:qcn5021:-:::::::*
cpe:2.3:h:qualcomm:qcn5022:-:::::::*
cpe:2.3:h:qualcomm:qcn5024:-:::::::*
cpe:2.3:h:qualcomm:qcn5052:-:::::::*
cpe:2.3:h:qualcomm:qcn5054:-:::::::*
cpe:2.3:h:qualcomm:qcn5064:-:::::::*
cpe:2.3:h:qualcomm:qcn5121:-:::::::*
cpe:2.3:h:qualcomm:qcn5122:-:::::::*
cpe:2.3:h:qualcomm:qcn5124:-:::::::*
cpe:2.3:h:qualcomm:qcn5152:-:::::::*
cpe:2.3:h:qualcomm:qcn5154:-:::::::*
cpe:2.3:h:qualcomm:qcn5164:-:::::::*
cpe:2.3:h:qualcomm:qcn5550:-:::::::*
cpe:2.3:h:qualcomm:qcn7605:-:::::::*
cpe:2.3:h:qualcomm:qcn7606:-:::::::*
cpe:2.3:h:qualcomm:qcn9000:-:::::::*
cpe:2.3:h:qualcomm:qcn9074:-:::::::*
cpe:2.3:h:qualcomm:qdm2307:-:::::::*
cpe:2.3:h:qualcomm:qdm2308:-:::::::*
cpe:2.3:h:qualcomm:qdm2310:-:::::::*
cpe:2.3:h:qualcomm:qdm3301:-:::::::*
cpe:2.3:h:qualcomm:qdm3302:-:::::::*
cpe:2.3:h:qualcomm:qdm4643:-:::::::*
cpe:2.3:h:qualcomm:qdm4650:-:::::::*
cpe:2.3:h:qualcomm:qdm5579:-:::::::*
cpe:2.3:h:qualcomm:qdm5620:-:::::::*
cpe:2.3:h:qualcomm:qdm5621:-:::::::*
cpe:2.3:h:qualcomm:qdm5670:-:::::::*
cpe:2.3:h:qualcomm:qdm5671:-:::::::*
cpe:2.3:h:qualcomm:qdm5677:-:::::::*
cpe:2.3:h:qualcomm:qdm5679:-:::::::*
cpe:2.3:h:qualcomm:qet5100:-:::::::*
cpe:2.3:h:qualcomm:qet5100m:-:::::::*
cpe:2.3:h:qualcomm:qet6100:-:::::::*
cpe:2.3:h:qualcomm:qet6110:-:::::::*
cpe:2.3:h:qualcomm:qfs2530:-:::::::*
cpe:2.3:h:qualcomm:qfs2580:-:::::::*
cpe:2.3:h:qualcomm:qfs2608:-:::::::*
cpe:2.3:h:qualcomm:qfs2630:-:::::::*
cpe:2.3:h:qualcomm:qln4642:-:::::::*
cpe:2.3:h:qualcomm:qln4650:-:::::::*
cpe:2.3:h:qualcomm:qln5020:-:::::::*
cpe:2.3:h:qualcomm:qln5030:-:::::::*
cpe:2.3:h:qualcomm:qln5040:-:::::::*
cpe:2.3:h:qualcomm:qpa2625:-:::::::*
cpe:2.3:h:qualcomm:qpa5461:-:::::::*
cpe:2.3:h:qualcomm:qpa5580:-:::::::*
cpe:2.3:h:qualcomm:qpa5581:-:::::::*
cpe:2.3:h:qualcomm:qpa6560:-:::::::*
cpe:2.3:h:qualcomm:qpa8801:-:::::::*
cpe:2.3:h:qualcomm:qpa8802:-:::::::*
cpe:2.3:h:qualcomm:qpa8803:-:::::::*
cpe:2.3:h:qualcomm:qpa8821:-:::::::*
cpe:2.3:h:qualcomm:qpa8842:-:::::::*
cpe:2.3:h:qualcomm:qpm4621:-:::::::*
cpe:2.3:h:qualcomm:qpm4630:-:::::::*
cpe:2.3:h:qualcomm:qpm4640:-:::::::*
cpe:2.3:h:qualcomm:qpm4641:-:::::::*
cpe:2.3:h:qualcomm:qpm4650:-:::::::*
cpe:2.3:h:qualcomm:qpm5621:-:::::::*
cpe:2.3:h:qualcomm:qpm5641:-:::::::*
cpe:2.3:h:qualcomm:qpm5670:-:::::::*
cpe:2.3:h:qualcomm:qpm5677:-:::::::*
cpe:2.3:h:qualcomm:qpm5679:-:::::::*
cpe:2.3:h:qualcomm:qpm5870:-:::::::*
cpe:2.3:h:qualcomm:qpm5875:-:::::::*
cpe:2.3:h:qualcomm:qpm6585:-:::::::*
cpe:2.3:h:qualcomm:qpm6621:-:::::::*
cpe:2.3:h:qualcomm:qpm6670:-:::::::*
cpe:2.3:h:qualcomm:qpm8820:-:::::::*
cpe:2.3:h:qualcomm:qpm8870:-:::::::*
cpe:2.3:h:qualcomm:qtm525:-:::::::*
cpe:2.3:h:qualcomm:sa6145p:-:::::::*
cpe:2.3:h:qualcomm:sa6155p:-:::::::*
cpe:2.3:h:qualcomm:sa8150p:-:::::::*
cpe:2.3:h:qualcomm:sa8155:-:::::::*
cpe:2.3:h:qualcomm:sa8155p:-:::::::*
cpe:2.3:h:qualcomm:sa8195p:-:::::::*
cpe:2.3:h:qualcomm:sd8885g:-:::::::*
cpe:2.3:h:qualcomm:sdr660g:-:::::::*
cpe:2.3:h:qualcomm:sdr735:-:::::::*
cpe:2.3:h:qualcomm:sdr735g:-:::::::*
cpe:2.3:h:qualcomm:sdr8250:-:::::::*
cpe:2.3:h:qualcomm:sdr865:-:::::::*
cpe:2.3:h:qualcomm:sdx55:-:::::::*
cpe:2.3:h:qualcomm:sdx55m:-:::::::*
cpe:2.3:h:qualcomm:sm7350:-:::::::*
cpe:2.3:h:qualcomm:smb1394:-:::::::*
cpe:2.3:h:qualcomm:smb1395:-:::::::*
cpe:2.3:h:qualcomm:smb1396:-:::::::*
cpe:2.3:h:qualcomm:smb1398:-:::::::*
cpe:2.3:h:qualcomm:smr525:-:::::::*
cpe:2.3:h:qualcomm:smr526:-:::::::*
cpe:2.3:h:qualcomm:smr545:-:::::::*
cpe:2.3:h:qualcomm:smr546:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcd9380:-:::::::*
cpe:2.3:h:qualcomm:wcd9385:-:::::::*
cpe:2.3:h:qualcomm:wcn3910:-:::::::*
cpe:2.3:h:qualcomm:wcn3991:-:::::::*
cpe:2.3:h:qualcomm:wcn3998:-:::::::*
cpe:2.3:h:qualcomm:wcn6740:-:::::::*
cpe:2.3:h:qualcomm:wcn6750:-:::::::*
cpe:2.3:h:qualcomm:wcn6850:-:::::::*
cpe:2.3:h:qualcomm:wcn6851:-:::::::*
cpe:2.3:h:qualcomm:wcn6856:-:::::::*
cpe:2.3:h:qualcomm:wsa8830:-:::::::*
cpe:2.3:h:qualcomm:wsa8835:-:::::::*

No data.

Project Subscriptions

Vendors	Products
Qualcomm Subscribe	Ar9380 Subscribe Csr8811 Subscribe Ipq4018 Subscribe Ipq4019 Subscribe Ipq4028 Subscribe Ipq4029 Subscribe Ipq6000 Subscribe Ipq6005 Subscribe Ipq6010 Subscribe Ipq6018 Subscribe Ipq6028 Subscribe Ipq8064 Subscribe Ipq8065 Subscribe Ipq8068 Subscribe Ipq8070 Subscribe Ipq8070a Subscribe Ipq8071 Subscribe Ipq8071a Subscribe Ipq8072 Subscribe Ipq8072a Subscribe Ipq8074 Subscribe Ipq8074a Subscribe Ipq8076 Subscribe Ipq8076a Subscribe Ipq8078 Subscribe Ipq8078a Subscribe Ipq8173 Subscribe Ipq8174 Subscribe Pm3003a Subscribe Pm7350c Subscribe Pm8008 Subscribe Pm8009 Subscribe Pm8350 Subscribe Pm8350b Subscribe Pm8350bh Subscribe Pm8350bhs Subscribe Pm8350c Subscribe Pmk7350 Subscribe Pmk8002 Subscribe Pmk8350 Subscribe Pmm6155au Subscribe Pmm8155au Subscribe Pmm8195au Subscribe Pmm855au Subscribe Pmr525 Subscribe Pmr735a Subscribe Pmr735b Subscribe Pmx55 Subscribe Qat3514 Subscribe Qat3516 Subscribe Qat3518 Subscribe Qat3519 Subscribe Qat3555 Subscribe Qat5515 Subscribe Qat5516 Subscribe Qat5522 Subscribe Qat5568 Subscribe Qca4024 Subscribe Qca6175a Subscribe Qca6390 Subscribe Qca6391 Subscribe Qca6428 Subscribe Qca6438 Subscribe Qca6564a Subscribe Qca6564au Subscribe Qca6574 Subscribe Qca6574a Subscribe Qca6574au Subscribe Qca6584au Subscribe Qca6595 Subscribe Qca6595au Subscribe Qca6696 Subscribe Qca7500 Subscribe Qca8072 Subscribe Qca8075 Subscribe Qca8081 Subscribe Qca9880 Subscribe Qca9886 Subscribe Qca9888 Subscribe Qca9889 Subscribe Qca9898 Subscribe Qca9980 Subscribe Qca9984 Subscribe Qca9985 Subscribe Qca9990 Subscribe Qca9992 Subscribe Qca9994 Subscribe Qcn5021 Subscribe Qcn5022 Subscribe Qcn5024 Subscribe Qcn5052 Subscribe Qcn5054 Subscribe Qcn5064 Subscribe Qcn5121 Subscribe Qcn5122 Subscribe Qcn5124 Subscribe Qcn5152 Subscribe Qcn5154 Subscribe Qcn5164 Subscribe Qcn5550 Subscribe Qcn7605 Subscribe Qcn7606 Subscribe Qcn9000 Subscribe Qcn9074 Subscribe Qdm2307 Subscribe Qdm2308 Subscribe Qdm2310 Subscribe Qdm3301 Subscribe Qdm3302 Subscribe Qdm4643 Subscribe Qdm4650 Subscribe Qdm5579 Subscribe Qdm5620 Subscribe Qdm5621 Subscribe Qdm5670 Subscribe Qdm5671 Subscribe Qdm5677 Subscribe Qdm5679 Subscribe Qet5100 Subscribe Qet5100m Subscribe Qet6100 Subscribe Qet6110 Subscribe Qfs2530 Subscribe Qfs2580 Subscribe Qfs2608 Subscribe Qfs2630 Subscribe Qln4642 Subscribe Qln4650 Subscribe Qln5020 Subscribe Qln5030 Subscribe Qln5040 Subscribe Qpa2625 Subscribe Qpa5461 Subscribe Qpa5580 Subscribe Qpa5581 Subscribe Qpa6560 Subscribe Qpa8801 Subscribe Qpa8802 Subscribe Qpa8803 Subscribe Qpa8821 Subscribe Qpa8842 Subscribe Qpm4621 Subscribe Qpm4630 Subscribe Qpm4640 Subscribe Qpm4641 Subscribe Qpm4650 Subscribe Qpm5621 Subscribe Qpm5641 Subscribe Qpm5670 Subscribe Qpm5677 Subscribe Qpm5679 Subscribe Qpm5870 Subscribe Qpm5875 Subscribe Qpm6585 Subscribe Qpm6621 Subscribe Qpm6670 Subscribe Qpm8820 Subscribe Qpm8870 Subscribe Qtm525 Subscribe Sa6145p Subscribe Sa6155p Subscribe Sa8150p Subscribe Sa8155 Subscribe Sa8155p Subscribe Sa8195p Subscribe Sd8885g Subscribe Sdr660g Subscribe Sdr735 Subscribe Sdr735g Subscribe Sdr8250 Subscribe Sdr865 Subscribe Sdx55 Subscribe Sdx55m Subscribe Sm7350 Subscribe Smb1394 Subscribe Smb1395 Subscribe Smb1396 Subscribe Smb1398 Subscribe Smr525 Subscribe Smr526 Subscribe Smr545 Subscribe Smr546 Subscribe Wcd9341 Subscribe Wcd9380 Subscribe Wcd9385 Subscribe Wcn3910 Subscribe Wcn3991 Subscribe Wcn3998 Subscribe Wcn6740 Subscribe Wcn6750 Subscribe Wcn6850 Subscribe Wcn6851 Subscribe Wcn6856 Subscribe Wsa8830 Subscribe Wsa8835 Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2020-3539	Out of bound issue in WLAN driver while processing vdev responses from firmware due to lack of validation of data received from firmware in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2021-01-21T09:41:22

Updated: 2024-08-04T11:28:13.403Z

Reserved: 2020-03-31T00:00:00

Link: CVE-2020-11185

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-01-21T10:15:14.307

Modified: 2024-11-21T04:57:08.130

Link: CVE-2020-11185

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-787

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object