CVE-2020-11254 - Vulnerability Details

Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00052.

Key SSVC decision points have not yet been added.

Vendors	Products
Qualcomm Subscribe	Pm6150a Subscribe Pm6150l Subscribe Pm6350 Subscribe Pm660 Subscribe Pm660l Subscribe Pm7250b Subscribe Pm8008 Subscribe Pm8009 Subscribe Pm8350 Subscribe Pm8350b Subscribe Pm8350bh Subscribe Pm8350c Subscribe Pmk8003 Subscribe Pmk8350 Subscribe Pmm6155au Subscribe Pmm8155au Subscribe Pmm8195au Subscribe Pmr735a Subscribe Pmr735b Subscribe Qat3516 Subscribe Qat3518 Subscribe Qat3519 Subscribe Qat3555 Subscribe Qat5515 Subscribe Qat5516 Subscribe Qat5522 Subscribe Qat5568 Subscribe Qbt1500 Subscribe Qca6574au Subscribe Qca6696 Subscribe Qdm3301 Subscribe Qdm4643 Subscribe Qdm4650 Subscribe Qdm5620 Subscribe Qdm5621 Subscribe Qdm5670 Subscribe Qdm5671 Subscribe Qet5100 Subscribe Qet5100m Subscribe Qet6100 Subscribe Qet6105 Subscribe Qet6110 Subscribe Qfs2530 Subscribe Qfs2580 Subscribe Qfs2608 Subscribe Qfs2630 Subscribe Qln4642 Subscribe Qln4650 Subscribe Qln5020 Subscribe Qln5030 Subscribe Qln5040 Subscribe Qpa2625 Subscribe Qpa5461 Subscribe Qpa5580 Subscribe Qpa5581 Subscribe Qpa8801 Subscribe Qpa8802 Subscribe Qpa8803 Subscribe Qpa8821 Subscribe Qpa8842 Subscribe Qpm4621 Subscribe Qpm4630 Subscribe Qpm4640 Subscribe Qpm4641 Subscribe Qpm4650 Subscribe Qpm5621 Subscribe Qpm5641 Subscribe Qpm5670 Subscribe Qpm5677 Subscribe Qpm5679 Subscribe Qpm5870 Subscribe Qpm5875 Subscribe Qpm6585 Subscribe Qpm6621 Subscribe Qpm6670 Subscribe Qpm8820 Subscribe Qpm8870 Subscribe Qtc800h Subscribe Qtc800s Subscribe Qtc801s Subscribe Qtm525 Subscribe Sa6145p Subscribe Sa6150p Subscribe Sa6155p Subscribe Sa8150p Subscribe Sa8155p Subscribe Sa8195p Subscribe Sd480 Subscribe Sd670 Subscribe Sd710 Subscribe Sd888 Subscribe Sd888 5g Subscribe Sdr660 Subscribe Sdr660g Subscribe Sdr735 Subscribe Sdr735g Subscribe Sdr865 Subscribe Sdxr1 Subscribe Smb1351 Subscribe Smb1355 Subscribe Smb1396 Subscribe Smb1398 Subscribe Smr526 Subscribe Smr545 Subscribe Smr546 Subscribe Wcd9326 Subscribe Wcd9341 Subscribe Wcd9370 Subscribe Wcd9375 Subscribe Wcd9380 Subscribe Wcd9385 Subscribe Wcn3980 Subscribe Wcn3988 Subscribe Wcn3990 Subscribe Wcn3991 Subscribe Wcn6850 Subscribe Wcn6851 Subscribe Wcn6855 Subscribe Wcn6856 Subscribe Wsa8830 Subscribe Wsa8835 Subscribe

Configuration 1 [-]

OR	cpe:2.3:h:qualcomm:pm6150a:-:::::::*
	cpe:2.3:h:qualcomm:pm6150l:-:::::::*
	cpe:2.3:h:qualcomm:pm6350:-:::::::*
	cpe:2.3:h:qualcomm:pm660:-:::::::*
	cpe:2.3:h:qualcomm:pm660l:-:::::::*
	cpe:2.3:h:qualcomm:pm7250b:-:::::::*
	cpe:2.3:h:qualcomm:pm8008:-:::::::*
	cpe:2.3:h:qualcomm:pm8009:-:::::::*
	cpe:2.3:h:qualcomm:pm8350:-:::::::*
	cpe:2.3:h:qualcomm:pm8350b:-:::::::*
	cpe:2.3:h:qualcomm:pm8350bh:-:::::::*
	cpe:2.3:h:qualcomm:pm8350c:-:::::::*
	cpe:2.3:h:qualcomm:pmk8003:-:::::::*
	cpe:2.3:h:qualcomm:pmk8350:-:::::::*
	cpe:2.3:h:qualcomm:pmm6155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8195au:-:::::::*
	cpe:2.3:h:qualcomm:pmr735a:-:::::::*
	cpe:2.3:h:qualcomm:pmr735b:-:::::::*
	cpe:2.3:h:qualcomm:qat3516:-:::::::*
	cpe:2.3:h:qualcomm:qat3518:-:::::::*
	cpe:2.3:h:qualcomm:qat3519:-:::::::*
	cpe:2.3:h:qualcomm:qat3555:-:::::::*
	cpe:2.3:h:qualcomm:qat5515:-:::::::*
	cpe:2.3:h:qualcomm:qat5516:-:::::::*
	cpe:2.3:h:qualcomm:qat5522:-:::::::*
	cpe:2.3:h:qualcomm:qat5568:-:::::::*
	cpe:2.3:h:qualcomm:qbt1500:-:::::::*
	cpe:2.3:h:qualcomm:qca6574au:-:::::::*
	cpe:2.3:h:qualcomm:qca6696:-:::::::*
	cpe:2.3:h:qualcomm:qdm3301:-:::::::*
	cpe:2.3:h:qualcomm:qdm4643:-:::::::*
	cpe:2.3:h:qualcomm:qdm4650:-:::::::*
	cpe:2.3:h:qualcomm:qdm5620:-:::::::*
	cpe:2.3:h:qualcomm:qdm5621:-:::::::*
	cpe:2.3:h:qualcomm:qdm5670:-:::::::*
	cpe:2.3:h:qualcomm:qdm5671:-:::::::*
	cpe:2.3:h:qualcomm:qet5100:-:::::::*
	cpe:2.3:h:qualcomm:qet5100m:-:::::::*
	cpe:2.3:h:qualcomm:qet6100:-:::::::*
	cpe:2.3:h:qualcomm:qet6105:-:::::::*
	cpe:2.3:h:qualcomm:qet6110:-:::::::*
	cpe:2.3:h:qualcomm:qfs2530:-:::::::*
	cpe:2.3:h:qualcomm:qfs2580:-:::::::*
	cpe:2.3:h:qualcomm:qfs2608:-:::::::*
	cpe:2.3:h:qualcomm:qfs2630:-:::::::*
	cpe:2.3:h:qualcomm:qln4642:-:::::::*
	cpe:2.3:h:qualcomm:qln4650:-:::::::*
	cpe:2.3:h:qualcomm:qln5020:-:::::::*
	cpe:2.3:h:qualcomm:qln5030:-:::::::*
	cpe:2.3:h:qualcomm:qln5040:-:::::::*
	cpe:2.3:h:qualcomm:qpa2625:-:::::::*
	cpe:2.3:h:qualcomm:qpa5461:-:::::::*
	cpe:2.3:h:qualcomm:qpa5580:-:::::::*
	cpe:2.3:h:qualcomm:qpa5581:-:::::::*
	cpe:2.3:h:qualcomm:qpa8801:-:::::::*
	cpe:2.3:h:qualcomm:qpa8802:-:::::::*
	cpe:2.3:h:qualcomm:qpa8803:-:::::::*
	cpe:2.3:h:qualcomm:qpa8821:-:::::::*
	cpe:2.3:h:qualcomm:qpa8842:-:::::::*
	cpe:2.3:h:qualcomm:qpm4621:-:::::::*
	cpe:2.3:h:qualcomm:qpm4630:-:::::::*
	cpe:2.3:h:qualcomm:qpm4640:-:::::::*
	cpe:2.3:h:qualcomm:qpm4641:-:::::::*
cpe:2.3:h:qualcomm:qpm4650:-:::::::*
cpe:2.3:h:qualcomm:qpm5621:-:::::::*
cpe:2.3:h:qualcomm:qpm5641:-:::::::*
cpe:2.3:h:qualcomm:qpm5670:-:::::::*
cpe:2.3:h:qualcomm:qpm5677:-:::::::*
cpe:2.3:h:qualcomm:qpm5679:-:::::::*
cpe:2.3:h:qualcomm:qpm5870:-:::::::*
cpe:2.3:h:qualcomm:qpm5875:-:::::::*
cpe:2.3:h:qualcomm:qpm6585:-:::::::*
cpe:2.3:h:qualcomm:qpm6621:-:::::::*
cpe:2.3:h:qualcomm:qpm6670:-:::::::*
cpe:2.3:h:qualcomm:qpm8820:-:::::::*
cpe:2.3:h:qualcomm:qpm8870:-:::::::*
cpe:2.3:h:qualcomm:qtc800h:-:::::::*
cpe:2.3:h:qualcomm:qtc800s:-:::::::*
cpe:2.3:h:qualcomm:qtc801s:-:::::::*
cpe:2.3:h:qualcomm:qtm525:-:::::::*
cpe:2.3:h:qualcomm:sa6145p:-:::::::*
cpe:2.3:h:qualcomm:sa6150p:-:::::::*
cpe:2.3:h:qualcomm:sa6155p:-:::::::*
cpe:2.3:h:qualcomm:sa8150p:-:::::::*
cpe:2.3:h:qualcomm:sa8155p:-:::::::*
cpe:2.3:h:qualcomm:sa8195p:-:::::::*
cpe:2.3:h:qualcomm:sd480:-:::::::*
cpe:2.3:h:qualcomm:sd670:-:::::::*
cpe:2.3:h:qualcomm:sd710:-:::::::*
cpe:2.3:h:qualcomm:sd888:-:::::::*
cpe:2.3:h:qualcomm:sd888_5g:-:::::::*
cpe:2.3:h:qualcomm:sdr660:-:::::::*
cpe:2.3:h:qualcomm:sdr660g:-:::::::*
cpe:2.3:h:qualcomm:sdr735:-:::::::*
cpe:2.3:h:qualcomm:sdr735g:-:::::::*
cpe:2.3:h:qualcomm:sdr865:-:::::::*
cpe:2.3:h:qualcomm:sdxr1:-:::::::*
cpe:2.3:h:qualcomm:smb1351:-:::::::*
cpe:2.3:h:qualcomm:smb1355:-:::::::*
cpe:2.3:h:qualcomm:smb1396:-:::::::*
cpe:2.3:h:qualcomm:smb1398:-:::::::*
cpe:2.3:h:qualcomm:smr526:-:::::::*
cpe:2.3:h:qualcomm:smr545:-:::::::*
cpe:2.3:h:qualcomm:smr546:-:::::::*
cpe:2.3:h:qualcomm:wcd9326:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcd9370:-:::::::*
cpe:2.3:h:qualcomm:wcd9375:-:::::::*
cpe:2.3:h:qualcomm:wcd9380:-:::::::*
cpe:2.3:h:qualcomm:wcd9385:-:::::::*
cpe:2.3:h:qualcomm:wcn3980:-:::::::*
cpe:2.3:h:qualcomm:wcn3988:-:::::::*
cpe:2.3:h:qualcomm:wcn3990:-:::::::*
cpe:2.3:h:qualcomm:wcn3991:-:::::::*
cpe:2.3:h:qualcomm:wcn6850:-:::::::*
cpe:2.3:h:qualcomm:wcn6851:-:::::::*
cpe:2.3:h:qualcomm:wcn6855:-:::::::*
cpe:2.3:h:qualcomm:wcn6856:-:::::::*
cpe:2.3:h:qualcomm:wsa8830:-:::::::*
cpe:2.3:h:qualcomm:wsa8835:-:::::::*

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2020-3608	Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2021-05-07T09:10:30

Updated: 2024-08-04T11:28:13.799Z

Reserved: 2020-03-31T00:00:00

Link: CVE-2020-11254

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-07T09:15:07.730

Modified: 2024-11-21T04:57:30.563

Link: CVE-2020-11254

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-476

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Projects

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object