CVE-2020-11254 - Vulnerability Details

Description

Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Published: 2021-05-07

Score: 6.2 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

affected

Version	Status	Constraints
PM6150A, PM6150L, PM6350, PM660, PM660L, PM7250B, PM8008, PM8009, PM8350, PM8350B, PM8350BH, PM8350C, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMR735A, PMR735B, QAT3516, QAT3518, QAT3519, QAT3555, QAT5515, QAT5516, QAT5522, QAT5568, QBT1500, QCA6574AU, QCA6696, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5670, QDM5671, QET5100, QET5100M, QET6100, QET6105, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA5461, QPA5580, QPA5581, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5621, QPM5641, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6585, QPM6621, QPM6670, QPM8820, QPM8870, QTC800H, QTC800S, QTC801S, QTM525, SA6145P, SA6150P, SA6155P, SA8150P, SA8155P, SA8195P, SD480, SD670, SD710, SD888, SD888 5G, SDR660, SDR660G, SDR735, SDR735G, SDR865, SDXR1, SMB1351, SMB1355, SMB1396, SMB1398, SMR526, SMR545, SMR546, WCD9326, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3980, WCN3988, WCN3 ...[truncated*]	affected	—

Configuration 1 [-]

OR	cpe:2.3:h:qualcomm:pm6150a:-:::::::*
	cpe:2.3:h:qualcomm:pm6150l:-:::::::*
	cpe:2.3:h:qualcomm:pm6350:-:::::::*
	cpe:2.3:h:qualcomm:pm660:-:::::::*
	cpe:2.3:h:qualcomm:pm660l:-:::::::*
	cpe:2.3:h:qualcomm:pm7250b:-:::::::*
	cpe:2.3:h:qualcomm:pm8008:-:::::::*
	cpe:2.3:h:qualcomm:pm8009:-:::::::*
	cpe:2.3:h:qualcomm:pm8350:-:::::::*
	cpe:2.3:h:qualcomm:pm8350b:-:::::::*
	cpe:2.3:h:qualcomm:pm8350bh:-:::::::*
	cpe:2.3:h:qualcomm:pm8350c:-:::::::*
	cpe:2.3:h:qualcomm:pmk8003:-:::::::*
	cpe:2.3:h:qualcomm:pmk8350:-:::::::*
	cpe:2.3:h:qualcomm:pmm6155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8195au:-:::::::*
	cpe:2.3:h:qualcomm:pmr735a:-:::::::*
	cpe:2.3:h:qualcomm:pmr735b:-:::::::*
	cpe:2.3:h:qualcomm:qat3516:-:::::::*
	cpe:2.3:h:qualcomm:qat3518:-:::::::*
	cpe:2.3:h:qualcomm:qat3519:-:::::::*
	cpe:2.3:h:qualcomm:qat3555:-:::::::*
	cpe:2.3:h:qualcomm:qat5515:-:::::::*
	cpe:2.3:h:qualcomm:qat5516:-:::::::*
	cpe:2.3:h:qualcomm:qat5522:-:::::::*
	cpe:2.3:h:qualcomm:qat5568:-:::::::*
	cpe:2.3:h:qualcomm:qbt1500:-:::::::*
	cpe:2.3:h:qualcomm:qca6574au:-:::::::*
	cpe:2.3:h:qualcomm:qca6696:-:::::::*
	cpe:2.3:h:qualcomm:qdm3301:-:::::::*
	cpe:2.3:h:qualcomm:qdm4643:-:::::::*
	cpe:2.3:h:qualcomm:qdm4650:-:::::::*
	cpe:2.3:h:qualcomm:qdm5620:-:::::::*
	cpe:2.3:h:qualcomm:qdm5621:-:::::::*
	cpe:2.3:h:qualcomm:qdm5670:-:::::::*
	cpe:2.3:h:qualcomm:qdm5671:-:::::::*
	cpe:2.3:h:qualcomm:qet5100:-:::::::*
	cpe:2.3:h:qualcomm:qet5100m:-:::::::*
	cpe:2.3:h:qualcomm:qet6100:-:::::::*
	cpe:2.3:h:qualcomm:qet6105:-:::::::*
	cpe:2.3:h:qualcomm:qet6110:-:::::::*
	cpe:2.3:h:qualcomm:qfs2530:-:::::::*
	cpe:2.3:h:qualcomm:qfs2580:-:::::::*
	cpe:2.3:h:qualcomm:qfs2608:-:::::::*
	cpe:2.3:h:qualcomm:qfs2630:-:::::::*
	cpe:2.3:h:qualcomm:qln4642:-:::::::*
	cpe:2.3:h:qualcomm:qln4650:-:::::::*
	cpe:2.3:h:qualcomm:qln5020:-:::::::*
	cpe:2.3:h:qualcomm:qln5030:-:::::::*
	cpe:2.3:h:qualcomm:qln5040:-:::::::*
	cpe:2.3:h:qualcomm:qpa2625:-:::::::*
	cpe:2.3:h:qualcomm:qpa5461:-:::::::*
	cpe:2.3:h:qualcomm:qpa5580:-:::::::*
	cpe:2.3:h:qualcomm:qpa5581:-:::::::*
	cpe:2.3:h:qualcomm:qpa8801:-:::::::*
	cpe:2.3:h:qualcomm:qpa8802:-:::::::*
	cpe:2.3:h:qualcomm:qpa8803:-:::::::*
	cpe:2.3:h:qualcomm:qpa8821:-:::::::*
	cpe:2.3:h:qualcomm:qpa8842:-:::::::*
	cpe:2.3:h:qualcomm:qpm4621:-:::::::*
	cpe:2.3:h:qualcomm:qpm4630:-:::::::*
	cpe:2.3:h:qualcomm:qpm4640:-:::::::*
	cpe:2.3:h:qualcomm:qpm4641:-:::::::*
cpe:2.3:h:qualcomm:qpm4650:-:::::::*
cpe:2.3:h:qualcomm:qpm5621:-:::::::*
cpe:2.3:h:qualcomm:qpm5641:-:::::::*
cpe:2.3:h:qualcomm:qpm5670:-:::::::*
cpe:2.3:h:qualcomm:qpm5677:-:::::::*
cpe:2.3:h:qualcomm:qpm5679:-:::::::*
cpe:2.3:h:qualcomm:qpm5870:-:::::::*
cpe:2.3:h:qualcomm:qpm5875:-:::::::*
cpe:2.3:h:qualcomm:qpm6585:-:::::::*
cpe:2.3:h:qualcomm:qpm6621:-:::::::*
cpe:2.3:h:qualcomm:qpm6670:-:::::::*
cpe:2.3:h:qualcomm:qpm8820:-:::::::*
cpe:2.3:h:qualcomm:qpm8870:-:::::::*
cpe:2.3:h:qualcomm:qtc800h:-:::::::*
cpe:2.3:h:qualcomm:qtc800s:-:::::::*
cpe:2.3:h:qualcomm:qtc801s:-:::::::*
cpe:2.3:h:qualcomm:qtm525:-:::::::*
cpe:2.3:h:qualcomm:sa6145p:-:::::::*
cpe:2.3:h:qualcomm:sa6150p:-:::::::*
cpe:2.3:h:qualcomm:sa6155p:-:::::::*
cpe:2.3:h:qualcomm:sa8150p:-:::::::*
cpe:2.3:h:qualcomm:sa8155p:-:::::::*
cpe:2.3:h:qualcomm:sa8195p:-:::::::*
cpe:2.3:h:qualcomm:sd480:-:::::::*
cpe:2.3:h:qualcomm:sd670:-:::::::*
cpe:2.3:h:qualcomm:sd710:-:::::::*
cpe:2.3:h:qualcomm:sd888:-:::::::*
cpe:2.3:h:qualcomm:sd888_5g:-:::::::*
cpe:2.3:h:qualcomm:sdr660:-:::::::*
cpe:2.3:h:qualcomm:sdr660g:-:::::::*
cpe:2.3:h:qualcomm:sdr735:-:::::::*
cpe:2.3:h:qualcomm:sdr735g:-:::::::*
cpe:2.3:h:qualcomm:sdr865:-:::::::*
cpe:2.3:h:qualcomm:sdxr1:-:::::::*
cpe:2.3:h:qualcomm:smb1351:-:::::::*
cpe:2.3:h:qualcomm:smb1355:-:::::::*
cpe:2.3:h:qualcomm:smb1396:-:::::::*
cpe:2.3:h:qualcomm:smb1398:-:::::::*
cpe:2.3:h:qualcomm:smr526:-:::::::*
cpe:2.3:h:qualcomm:smr545:-:::::::*
cpe:2.3:h:qualcomm:smr546:-:::::::*
cpe:2.3:h:qualcomm:wcd9326:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcd9370:-:::::::*
cpe:2.3:h:qualcomm:wcd9375:-:::::::*
cpe:2.3:h:qualcomm:wcd9380:-:::::::*
cpe:2.3:h:qualcomm:wcd9385:-:::::::*
cpe:2.3:h:qualcomm:wcn3980:-:::::::*
cpe:2.3:h:qualcomm:wcn3988:-:::::::*
cpe:2.3:h:qualcomm:wcn3990:-:::::::*
cpe:2.3:h:qualcomm:wcn3991:-:::::::*
cpe:2.3:h:qualcomm:wcn6850:-:::::::*
cpe:2.3:h:qualcomm:wcn6851:-:::::::*
cpe:2.3:h:qualcomm:wcn6855:-:::::::*
cpe:2.3:h:qualcomm:wcn6856:-:::::::*
cpe:2.3:h:qualcomm:wsa8830:-:::::::*
cpe:2.3:h:qualcomm:wsa8835:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-3608	Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00052.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin

History

No history.

Subscriptions

Qualcomm Pm6150a Pm6150l Pm6350 Pm660 Pm660l Pm7250b Pm8008 Pm8009 Pm8350 Pm8350b Pm8350bh Pm8350c Pmk8003 Pmk8350 Pmm6155au Pmm8155au Pmm8195au Pmr735a Pmr735b Qat3516 Qat3518 Qat3519 Qat3555 Qat5515 Qat5516 Qat5522 Qat5568 Qbt1500 Qca6574au Qca6696 Qdm3301 Qdm4643 Qdm4650 Qdm5620 Qdm5621 Qdm5670 Qdm5671 Qet5100 Qet5100m Qet6100 Qet6105 Qet6110 Qfs2530 Qfs2580 Qfs2608 Qfs2630 Qln4642 Qln4650 Qln5020 Qln5030 Qln5040 Qpa2625 Qpa5461 Qpa5580 Qpa5581 Qpa8801 Qpa8802 Qpa8803 Qpa8821 Qpa8842 Qpm4621 Qpm4630 Qpm4640 Qpm4641 Qpm4650 Qpm5621 Qpm5641 Qpm5670 Qpm5677 Qpm5679 Qpm5870 Qpm5875 Qpm6585 Qpm6621 Qpm6670 Qpm8820 Qpm8870 Qtc800h Qtc800s Qtc801s Qtm525 Sa6145p Sa6150p Sa6155p Sa8150p Sa8155p Sa8195p Sd480 Sd670 Sd710 Sd888 Sd888 5g Sdr660 Sdr660g Sdr735 Sdr735g Sdr865 Sdxr1 Smb1351 Smb1355 Smb1396 Smb1398 Smr526 Smr545 Smr546 Wcd9326 Wcd9341 Wcd9370 Wcd9375 Wcd9380 Wcd9385 Wcn3980 Wcn3988 Wcn3990 Wcn3991 Wcn6850 Wcn6851 Wcn6855 Wcn6856 Wsa8830 Wsa8835

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2021-05-07T09:10:30.000Z

Updated: 2024-08-04T11:28:13.799Z

Reserved: 2020-03-31T00:00:00.000Z

Link: CVE-2020-11254

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-07T09:15:07.730

Modified: 2024-11-21T04:57:30.563

Link: CVE-2020-11254

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object