CVE-2020-11217 - Vulnerability Details

Description

A possible double free or invalid memory access in audio driver while reading Speaker Protection parameters in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Published: 2021-01-21

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

affected

Version	Status	Constraints
PM3003A, PM4125, PM6125, PM6150A, PM6150L, PM6350, PM660, PM660A, PM660L, PM7150A, PM7150L, PM7250, PM7250B, PM7350C, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350BHS, PM8350C, PMI632, PMK7350, PMK8002, PMK8003, PMK8350, PMR525, PMR735A, PMR735B, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT2000, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCM2290, QCM4290, QCS2290, QCS4290, QDM2301, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM3302, QDM4643, QDM4650, QDM5579, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5620, QPM5621, QPM5641, QPM ...[truncated*]	affected	—

Configuration 1 [-]

OR	cpe:2.3:h:qualcomm:pm3003a:-:::::::*
	cpe:2.3:h:qualcomm:pm4125:-:::::::*
	cpe:2.3:h:qualcomm:pm6125:-:::::::*
	cpe:2.3:h:qualcomm:pm6150a:-:::::::*
	cpe:2.3:h:qualcomm:pm6150l:-:::::::*
	cpe:2.3:h:qualcomm:pm6350:-:::::::*
	cpe:2.3:h:qualcomm:pm660:-:::::::*
	cpe:2.3:h:qualcomm:pm660a:-:::::::*
	cpe:2.3:h:qualcomm:pm660l:-:::::::*
	cpe:2.3:h:qualcomm:pm7150a:-:::::::*
	cpe:2.3:h:qualcomm:pm7150l:-:::::::*
	cpe:2.3:h:qualcomm:pm7250:-:::::::*
	cpe:2.3:h:qualcomm:pm7250b:-:::::::*
	cpe:2.3:h:qualcomm:pm7350c:-:::::::*
	cpe:2.3:h:qualcomm:pm8008:-:::::::*
	cpe:2.3:h:qualcomm:pm8009:-:::::::*
	cpe:2.3:h:qualcomm:pm8150a:-:::::::*
	cpe:2.3:h:qualcomm:pm8150b:-:::::::*
	cpe:2.3:h:qualcomm:pm8150c:-:::::::*
	cpe:2.3:h:qualcomm:pm8150l:-:::::::*
	cpe:2.3:h:qualcomm:pm8250:-:::::::*
	cpe:2.3:h:qualcomm:pm8350:-:::::::*
	cpe:2.3:h:qualcomm:pm8350b:-:::::::*
	cpe:2.3:h:qualcomm:pm8350bh:-:::::::*
	cpe:2.3:h:qualcomm:pm8350bhs:-:::::::*
	cpe:2.3:h:qualcomm:pm8350c:-:::::::*
	cpe:2.3:h:qualcomm:pmi632:-:::::::*
	cpe:2.3:h:qualcomm:pmk7350:-:::::::*
	cpe:2.3:h:qualcomm:pmk8002:-:::::::*
	cpe:2.3:h:qualcomm:pmk8003:-:::::::*
	cpe:2.3:h:qualcomm:pmk8350:-:::::::*
	cpe:2.3:h:qualcomm:pmr525:-:::::::*
	cpe:2.3:h:qualcomm:pmr735a:-:::::::*
	cpe:2.3:h:qualcomm:pmr735b:-:::::::*
	cpe:2.3:h:qualcomm:pmx55:-:::::::*
	cpe:2.3:h:qualcomm:qat3514:-:::::::*
	cpe:2.3:h:qualcomm:qat3516:-:::::::*
	cpe:2.3:h:qualcomm:qat3518:-:::::::*
	cpe:2.3:h:qualcomm:qat3519:-:::::::*
	cpe:2.3:h:qualcomm:qat3522:-:::::::*
	cpe:2.3:h:qualcomm:qat3550:-:::::::*
	cpe:2.3:h:qualcomm:qat3555:-:::::::*
	cpe:2.3:h:qualcomm:qat5515:-:::::::*
	cpe:2.3:h:qualcomm:qat5516:-:::::::*
	cpe:2.3:h:qualcomm:qat5522:-:::::::*
	cpe:2.3:h:qualcomm:qat5533:-:::::::*
	cpe:2.3:h:qualcomm:qat5568:-:::::::*
	cpe:2.3:h:qualcomm:qbt2000:-:::::::*
	cpe:2.3:h:qualcomm:qca6390:-:::::::*
	cpe:2.3:h:qualcomm:qca6391:-:::::::*
	cpe:2.3:h:qualcomm:qca6421:-:::::::*
	cpe:2.3:h:qualcomm:qca6426:-:::::::*
	cpe:2.3:h:qualcomm:qca6431:-:::::::*
	cpe:2.3:h:qualcomm:qca6436:-:::::::*
	cpe:2.3:h:qualcomm:qcm2290:-:::::::*
	cpe:2.3:h:qualcomm:qcm4290:-:::::::*
	cpe:2.3:h:qualcomm:qcs2290:-:::::::*
	cpe:2.3:h:qualcomm:qcs4290:-:::::::*
	cpe:2.3:h:qualcomm:qdm2301:-:::::::*
	cpe:2.3:h:qualcomm:qdm2305:-:::::::*
	cpe:2.3:h:qualcomm:qdm2307:-:::::::*
	cpe:2.3:h:qualcomm:qdm2308:-:::::::*
	cpe:2.3:h:qualcomm:qdm2310:-:::::::*
	cpe:2.3:h:qualcomm:qdm3301:-:::::::*
cpe:2.3:h:qualcomm:qdm3302:-:::::::*
cpe:2.3:h:qualcomm:qdm4643:-:::::::*
cpe:2.3:h:qualcomm:qdm4650:-:::::::*
cpe:2.3:h:qualcomm:qdm5579:-:::::::*
cpe:2.3:h:qualcomm:qdm5620:-:::::::*
cpe:2.3:h:qualcomm:qdm5621:-:::::::*
cpe:2.3:h:qualcomm:qdm5650:-:::::::*
cpe:2.3:h:qualcomm:qdm5652:-:::::::*
cpe:2.3:h:qualcomm:qdm5670:-:::::::*
cpe:2.3:h:qualcomm:qdm5671:-:::::::*
cpe:2.3:h:qualcomm:qdm5677:-:::::::*
cpe:2.3:h:qualcomm:qdm5679:-:::::::*
cpe:2.3:h:qualcomm:qet4100:-:::::::*
cpe:2.3:h:qualcomm:qet4101:-:::::::*
cpe:2.3:h:qualcomm:qet5100:-:::::::*
cpe:2.3:h:qualcomm:qet5100m:-:::::::*
cpe:2.3:h:qualcomm:qet6100:-:::::::*
cpe:2.3:h:qualcomm:qet6110:-:::::::*
cpe:2.3:h:qualcomm:qfs2530:-:::::::*
cpe:2.3:h:qualcomm:qfs2580:-:::::::*
cpe:2.3:h:qualcomm:qfs2608:-:::::::*
cpe:2.3:h:qualcomm:qfs2630:-:::::::*
cpe:2.3:h:qualcomm:qln4642:-:::::::*
cpe:2.3:h:qualcomm:qln4650:-:::::::*
cpe:2.3:h:qualcomm:qln5020:-:::::::*
cpe:2.3:h:qualcomm:qln5030:-:::::::*
cpe:2.3:h:qualcomm:qln5040:-:::::::*
cpe:2.3:h:qualcomm:qpa2625:-:::::::*
cpe:2.3:h:qualcomm:qpa4340:-:::::::*
cpe:2.3:h:qualcomm:qpa4360:-:::::::*
cpe:2.3:h:qualcomm:qpa5461:-:::::::*
cpe:2.3:h:qualcomm:qpa5580:-:::::::*
cpe:2.3:h:qualcomm:qpa5581:-:::::::*
cpe:2.3:h:qualcomm:qpa6560:-:::::::*
cpe:2.3:h:qualcomm:qpa8673:-:::::::*
cpe:2.3:h:qualcomm:qpa8686:-:::::::*
cpe:2.3:h:qualcomm:qpa8801:-:::::::*
cpe:2.3:h:qualcomm:qpa8802:-:::::::*
cpe:2.3:h:qualcomm:qpa8803:-:::::::*
cpe:2.3:h:qualcomm:qpa8821:-:::::::*
cpe:2.3:h:qualcomm:qpa8842:-:::::::*
cpe:2.3:h:qualcomm:qpm4621:-:::::::*
cpe:2.3:h:qualcomm:qpm4630:-:::::::*
cpe:2.3:h:qualcomm:qpm4640:-:::::::*
cpe:2.3:h:qualcomm:qpm4641:-:::::::*
cpe:2.3:h:qualcomm:qpm4650:-:::::::*
cpe:2.3:h:qualcomm:qpm5620:-:::::::*
cpe:2.3:h:qualcomm:qpm5621:-:::::::*
cpe:2.3:h:qualcomm:qpm5641:-:::::::*
cpe:2.3:h:qualcomm:qpm5657:-:::::::*
cpe:2.3:h:qualcomm:qpm5658:-:::::::*
cpe:2.3:h:qualcomm:qpm5670:-:::::::*
cpe:2.3:h:qualcomm:qpm5677:-:::::::*
cpe:2.3:h:qualcomm:qpm5679:-:::::::*
cpe:2.3:h:qualcomm:qpm5870:-:::::::*
cpe:2.3:h:qualcomm:qpm5875:-:::::::*
cpe:2.3:h:qualcomm:qpm6582:-:::::::*
cpe:2.3:h:qualcomm:qpm6585:-:::::::*
cpe:2.3:h:qualcomm:qpm6621:-:::::::*
cpe:2.3:h:qualcomm:qpm6670:-:::::::*
cpe:2.3:h:qualcomm:qpm8820:-:::::::*
cpe:2.3:h:qualcomm:qpm8830:-:::::::*
cpe:2.3:h:qualcomm:qpm8870:-:::::::*
cpe:2.3:h:qualcomm:qpm8895:-:::::::*
cpe:2.3:h:qualcomm:qsm7250:-:::::::*
cpe:2.3:h:qualcomm:qtc800h:-:::::::*
cpe:2.3:h:qualcomm:qtc800s:-:::::::*
cpe:2.3:h:qualcomm:qtc801s:-:::::::*
cpe:2.3:h:qualcomm:qtm525:-:::::::*
cpe:2.3:h:qualcomm:rsw8577:-:::::::*
cpe:2.3:h:qualcomm:sd460:-:::::::*
cpe:2.3:h:qualcomm:sd660:-:::::::*
cpe:2.3:h:qualcomm:sd662:-:::::::*
cpe:2.3:h:qualcomm:sd6905g:-:::::::*
cpe:2.3:h:qualcomm:sd750g:-:::::::*
cpe:2.3:h:qualcomm:sd765:-:::::::*
cpe:2.3:h:qualcomm:sd765g:-:::::::*
cpe:2.3:h:qualcomm:sd768g:-:::::::*
cpe:2.3:h:qualcomm:sd8655g:-:::::::*
cpe:2.3:h:qualcomm:sd8885g:-:::::::*
cpe:2.3:h:qualcomm:sdr425:-:::::::*
cpe:2.3:h:qualcomm:sdr660:-:::::::*
cpe:2.3:h:qualcomm:sdr735:-:::::::*
cpe:2.3:h:qualcomm:sdr735g:-:::::::*
cpe:2.3:h:qualcomm:sdr8250:-:::::::*
cpe:2.3:h:qualcomm:sdr865:-:::::::*
cpe:2.3:h:qualcomm:sdx55m:-:::::::*
cpe:2.3:h:qualcomm:sdxr25g:-:::::::*
cpe:2.3:h:qualcomm:sm4125:-:::::::*
cpe:2.3:h:qualcomm:sm4350:-:::::::*
cpe:2.3:h:qualcomm:sm7250p:-:::::::*
cpe:2.3:h:qualcomm:sm7350:-:::::::*
cpe:2.3:h:qualcomm:smb1351:-:::::::*
cpe:2.3:h:qualcomm:smb1354:-:::::::*
cpe:2.3:h:qualcomm:smb1355:-:::::::*
cpe:2.3:h:qualcomm:smb1390:-:::::::*
cpe:2.3:h:qualcomm:smb1394:-:::::::*
cpe:2.3:h:qualcomm:smb1395:-:::::::*
cpe:2.3:h:qualcomm:smb1396:-:::::::*
cpe:2.3:h:qualcomm:smb1398:-:::::::*
cpe:2.3:h:qualcomm:smr525:-:::::::*
cpe:2.3:h:qualcomm:smr526:-:::::::*
cpe:2.3:h:qualcomm:smr545:-:::::::*
cpe:2.3:h:qualcomm:smr546:-:::::::*
cpe:2.3:h:qualcomm:wcd9335:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcd9370:-:::::::*
cpe:2.3:h:qualcomm:wcd9375:-:::::::*
cpe:2.3:h:qualcomm:wcd9380:-:::::::*
cpe:2.3:h:qualcomm:wcd9385:-:::::::*
cpe:2.3:h:qualcomm:wcn3910:-:::::::*
cpe:2.3:h:qualcomm:wcn3950:-:::::::*
cpe:2.3:h:qualcomm:wcn3980:-:::::::*
cpe:2.3:h:qualcomm:wcn3988:-:::::::*
cpe:2.3:h:qualcomm:wcn3990:-:::::::*
cpe:2.3:h:qualcomm:wcn3991:-:::::::*
cpe:2.3:h:qualcomm:wcn3998:-:::::::*
cpe:2.3:h:qualcomm:wcn6740:-:::::::*
cpe:2.3:h:qualcomm:wcn6750:-:::::::*
cpe:2.3:h:qualcomm:wcn6850:-:::::::*
cpe:2.3:h:qualcomm:wcn6851:-:::::::*
cpe:2.3:h:qualcomm:wcn6856:-:::::::*
cpe:2.3:h:qualcomm:wgr7640:-:::::::*
cpe:2.3:h:qualcomm:wsa8810:-:::::::*
cpe:2.3:h:qualcomm:wsa8815:-:::::::*
cpe:2.3:h:qualcomm:wsa8830:-:::::::*
cpe:2.3:h:qualcomm:wsa8835:-:::::::*
cpe:2.3:h:qualcomm:wtr2965:-:::::::*
cpe:2.3:h:qualcomm:wtr3925:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-3571	A possible double free or invalid memory access in audio driver while reading Speaker Protection parameters in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00043.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

History

No history.

Subscriptions

Qualcomm Pm3003a Pm4125 Pm6125 Pm6150a Pm6150l Pm6350 Pm660 Pm660a Pm660l Pm7150a Pm7150l Pm7250 Pm7250b Pm7350c Pm8008 Pm8009 Pm8150a Pm8150b Pm8150c Pm8150l Pm8250 Pm8350 Pm8350b Pm8350bh Pm8350bhs Pm8350c Pmi632 Pmk7350 Pmk8002 Pmk8003 Pmk8350 Pmr525 Pmr735a Pmr735b Pmx55 Qat3514 Qat3516 Qat3518 Qat3519 Qat3522 Qat3550 Qat3555 Qat5515 Qat5516 Qat5522 Qat5533 Qat5568 Qbt2000 Qca6390 Qca6391 Qca6421 Qca6426 Qca6431 Qca6436 Qcm2290 Qcm4290 Qcs2290 Qcs4290 Qdm2301 Qdm2305 Qdm2307 Qdm2308 Qdm2310 Qdm3301 Qdm3302 Qdm4643 Qdm4650 Qdm5579 Qdm5620 Qdm5621 Qdm5650 Qdm5652 Qdm5670 Qdm5671 Qdm5677 Qdm5679 Qet4100 Qet4101 Qet5100 Qet5100m Qet6100 Qet6110 Qfs2530 Qfs2580 Qfs2608 Qfs2630 Qln4642 Qln4650 Qln5020 Qln5030 Qln5040 Qpa2625 Qpa4340 Qpa4360 Qpa5461 Qpa5580 Qpa5581 Qpa6560 Qpa8673 Qpa8686 Qpa8801 Qpa8802 Qpa8803 Qpa8821 Qpa8842 Qpm4621 Qpm4630 Qpm4640 Qpm4641 Qpm4650 Qpm5620 Qpm5621 Qpm5641 Qpm5657 Qpm5658 Qpm5670 Qpm5677 Qpm5679 Qpm5870 Qpm5875 Qpm6582 Qpm6585 Qpm6621 Qpm6670 Qpm8820 Qpm8830 Qpm8870 Qpm8895 Qsm7250 Qtc800h Qtc800s Qtc801s Qtm525 Rsw8577 Sd460 Sd660 Sd662 Sd6905g Sd750g Sd765 Sd765g Sd768g Sd8655g Sd8885g Sdr425 Sdr660 Sdr735 Sdr735g Sdr8250 Sdr865 Sdx55m Sdxr25g Sm4125 Sm4350 Sm7250p Sm7350 Smb1351 Smb1354 Smb1355 Smb1390 Smb1394 Smb1395 Smb1396 Smb1398 Smr525 Smr526 Smr545 Smr546 Wcd9335 Wcd9341 Wcd9370 Wcd9375 Wcd9380 Wcd9385 Wcn3910 Wcn3950 Wcn3980 Wcn3988 Wcn3990 Wcn3991 Wcn3998 Wcn6740 Wcn6750 Wcn6850 Wcn6851 Wcn6856 Wgr7640 Wsa8810 Wsa8815 Wsa8830 Wsa8835 Wtr2965 Wtr3925

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2021-01-21T09:41:28.000Z

Updated: 2024-08-04T11:28:13.356Z

Reserved: 2020-03-31T00:00:00.000Z

Link: CVE-2020-11217

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-01-21T10:15:14.823

Modified: 2024-11-21T04:57:17.133

Link: CVE-2020-11217

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-415

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object