CVE-2020-11268 - Vulnerability Details

Description

Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile

Published: 2021-05-07

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon Auto, Snapdragon Mobile

affected

Version	Status	Constraints
APQ8009, APQ8016, APQ8074, APQ8084, APQ8094, AR6003, MDM8215, MDM8215M, MDM8615M, MDM9215, MDM9235M, MDM9310, MDM9609, MDM9615, MDM9615M, MDM9635M, MDM9640, MDM9645, MSM8108, MSM8208, MSM8209, MSM8216, MSM8274, MSM8608, MSM8674, MSM8916, MSM8929, MSM8939, MSM8974, MSM8974P, MSM8994, PM8018, PM8841, PM8909, PM8916, PM8941, PM8994, PMD9635, PMD9645, PMI8994, QCA1990, QCA6174, QCA6174A, QCA6584, QFE1035, QFE1040, QFE1045, QFE1100, QFE1101, QFE1520, QFE1550, QFE2101, QFE2310, QFE2320, QFE2330, QFE2340, QFE2520, QFE2550, QFE2720, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, SD210, SMB1360, WCD9306, WCD9330, WCN3610, WCN3620, WCN3660, WCN3660A, WCN3660B, WCN3680, WCN3680B, WFR1620, WGR7640, WTR1605, WTR1605L, WTR1625, WTR1625L, WTR2605, WTR2955, WTR3925, WTR4605, WTR4905	affected	—

Configuration 1 [-]

OR	cpe:2.3:h:qualcomm:apq8009:-:::::::*
	cpe:2.3:h:qualcomm:apq8016:-:::::::*
	cpe:2.3:h:qualcomm:apq8074:-:::::::*
	cpe:2.3:h:qualcomm:apq8084:-:::::::*
	cpe:2.3:h:qualcomm:apq8094:-:::::::*
	cpe:2.3:h:qualcomm:ar6003:-:::::::*
	cpe:2.3:h:qualcomm:mdm8215:-:::::::*
	cpe:2.3:h:qualcomm:mdm8215m:-:::::::*
	cpe:2.3:h:qualcomm:mdm8615m:-:::::::*
	cpe:2.3:h:qualcomm:mdm9215:-:::::::*
	cpe:2.3:h:qualcomm:mdm9235m:-:::::::*
	cpe:2.3:h:qualcomm:mdm9310:-:::::::*
	cpe:2.3:h:qualcomm:mdm9609:-:::::::*
	cpe:2.3:h:qualcomm:mdm9615:-:::::::*
	cpe:2.3:h:qualcomm:mdm9615m:-:::::::*
	cpe:2.3:h:qualcomm:mdm9635m:-:::::::*
	cpe:2.3:h:qualcomm:mdm9640:-:::::::*
	cpe:2.3:h:qualcomm:mdm9645:-:::::::*
	cpe:2.3:h:qualcomm:msm8108:-:::::::*
	cpe:2.3:h:qualcomm:msm8208:-:::::::*
	cpe:2.3:h:qualcomm:msm8209:-:::::::*
	cpe:2.3:h:qualcomm:msm8216:-:::::::*
	cpe:2.3:h:qualcomm:msm8274:-:::::::*
	cpe:2.3:h:qualcomm:msm8608:-:::::::*
	cpe:2.3:h:qualcomm:msm8674:-:::::::*
	cpe:2.3:h:qualcomm:msm8916:-:::::::*
	cpe:2.3:h:qualcomm:msm8929:-:::::::*
	cpe:2.3:h:qualcomm:msm8939:-:::::::*
	cpe:2.3:h:qualcomm:msm8974:-:::::::*
	cpe:2.3:h:qualcomm:msm8974p:-:::::::*
	cpe:2.3:h:qualcomm:msm8994:-:::::::*
	cpe:2.3:h:qualcomm:pm8018:-:::::::*
	cpe:2.3:h:qualcomm:pm8841:-:::::::*
	cpe:2.3:h:qualcomm:pm8909:-:::::::*
	cpe:2.3:h:qualcomm:pm8916:-:::::::*
	cpe:2.3:h:qualcomm:pm8941:-:::::::*
	cpe:2.3:h:qualcomm:pm8994:-:::::::*
	cpe:2.3:h:qualcomm:pmd9635:-:::::::*
	cpe:2.3:h:qualcomm:pmd9645:-:::::::*
	cpe:2.3:h:qualcomm:pmi8994:-:::::::*
	cpe:2.3:h:qualcomm:qca1990:-:::::::*
	cpe:2.3:h:qualcomm:qca6174:-:::::::*
	cpe:2.3:h:qualcomm:qca6174a:-:::::::*
	cpe:2.3:h:qualcomm:qca6584:-:::::::*
	cpe:2.3:h:qualcomm:qfe1035:-:::::::*
	cpe:2.3:h:qualcomm:qfe1040:-:::::::*
	cpe:2.3:h:qualcomm:qfe1045:-:::::::*
	cpe:2.3:h:qualcomm:qfe1100:-:::::::*
	cpe:2.3:h:qualcomm:qfe1101:-:::::::*
	cpe:2.3:h:qualcomm:qfe1520:-:::::::*
	cpe:2.3:h:qualcomm:qfe1550:-:::::::*
	cpe:2.3:h:qualcomm:qfe2101:-:::::::*
	cpe:2.3:h:qualcomm:qfe2310:-:::::::*
	cpe:2.3:h:qualcomm:qfe2320:-:::::::*
	cpe:2.3:h:qualcomm:qfe2330:-:::::::*
	cpe:2.3:h:qualcomm:qfe2340:-:::::::*
	cpe:2.3:h:qualcomm:qfe2520:-:::::::*
	cpe:2.3:h:qualcomm:qfe2550:-:::::::*
	cpe:2.3:h:qualcomm:qfe2720:-:::::::*
	cpe:2.3:h:qualcomm:qfe3100:-:::::::*
	cpe:2.3:h:qualcomm:qfe3320:-:::::::*
	cpe:2.3:h:qualcomm:qfe3335:-:::::::*
	cpe:2.3:h:qualcomm:qfe3340:-:::::::*
	cpe:2.3:h:qualcomm:qfe3345:-:::::::*
cpe:2.3:h:qualcomm:sd210:-:::::::*
cpe:2.3:h:qualcomm:smb1360:-:::::::*
cpe:2.3:h:qualcomm:wcd9306:-:::::::*
cpe:2.3:h:qualcomm:wcd9330:-:::::::*
cpe:2.3:h:qualcomm:wcn3610:-:::::::*
cpe:2.3:h:qualcomm:wcn3620:-:::::::*
cpe:2.3:h:qualcomm:wcn3660:-:::::::*
cpe:2.3:h:qualcomm:wcn3660a:-:::::::*
cpe:2.3:h:qualcomm:wcn3660b:-:::::::*
cpe:2.3:h:qualcomm:wcn3680:-:::::::*
cpe:2.3:h:qualcomm:wcn3680b:-:::::::*
cpe:2.3:h:qualcomm:wfr1620:-:::::::*
cpe:2.3:h:qualcomm:wgr7640:-:::::::*
cpe:2.3:h:qualcomm:wtr1605:-:::::::*
cpe:2.3:h:qualcomm:wtr1605l:-:::::::*
cpe:2.3:h:qualcomm:wtr1625:-:::::::*
cpe:2.3:h:qualcomm:wtr1625l:-:::::::*
cpe:2.3:h:qualcomm:wtr2605:-:::::::*
cpe:2.3:h:qualcomm:wtr2955:-:::::::*
cpe:2.3:h:qualcomm:wtr3925:-:::::::*
cpe:2.3:h:qualcomm:wtr4605:-:::::::*
cpe:2.3:h:qualcomm:wtr4905:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-3622	Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.0026.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin

History

No history.

Subscriptions

Qualcomm Apq8009 Apq8016 Apq8074 Apq8084 Apq8094 Ar6003 Mdm8215 Mdm8215m Mdm8615m Mdm9215 Mdm9235m Mdm9310 Mdm9609 Mdm9615 Mdm9615m Mdm9635m Mdm9640 Mdm9645 Msm8108 Msm8208 Msm8209 Msm8216 Msm8274 Msm8608 Msm8674 Msm8916 Msm8929 Msm8939 Msm8974 Msm8974p Msm8994 Pm8018 Pm8841 Pm8909 Pm8916 Pm8941 Pm8994 Pmd9635 Pmd9645 Pmi8994 Qca1990 Qca6174 Qca6174a Qca6584 Qfe1035 Qfe1040 Qfe1045 Qfe1100 Qfe1101 Qfe1520 Qfe1550 Qfe2101 Qfe2310 Qfe2320 Qfe2330 Qfe2340 Qfe2520 Qfe2550 Qfe2720 Qfe3100 Qfe3320 Qfe3335 Qfe3340 Qfe3345 Sd210 Smb1360 Wcd9306 Wcd9330 Wcn3610 Wcn3620 Wcn3660 Wcn3660a Wcn3660b Wcn3680 Wcn3680b Wfr1620 Wgr7640 Wtr1605 Wtr1605l Wtr1625 Wtr1625l Wtr2605 Wtr2955 Wtr3925 Wtr4605 Wtr4905

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2021-05-07T09:10:31.000Z

Updated: 2024-08-04T11:28:13.813Z

Reserved: 2020-03-31T00:00:00.000Z

Link: CVE-2020-11268

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-05-07T09:15:07.773

Modified: 2024-11-21T04:57:34.743

Link: CVE-2020-11268

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-20

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object