CVE-2020-11286 - Vulnerability Details

Description

An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface & endpoint are made together. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Published: 2021-02-22

Score: 6.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Qualcomm, Inc.

Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

affected

Version	Status	Constraints
APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8076, APQ8096AU, AR8151, CSR6030, MDM9206, MDM9230, MDM9250, MDM9330, MDM9607, MDM9626, MDM9628, MDM9630, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8937, MSM8996AU, PM660, PM660A, PM660L, PM8004, PM8005, PM8909, PM8916, PM8937, PM8952, PM8953, PM8956, PM8996, PM8998, PMD9607, PMD9635, PMD9645, PMD9655, PMI8937, PMI8952, PMI8994, PMI8996, PMI8998, PMK8001, PMM8996AU, PMX20, QAT3514, QAT3522, QAT3550, QBT1000, QBT1500, QCA6174, QCA6174A, QCA6310, QCA6320, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA9367, QCA9377, QET4100, QET4101, QET4200AQ, QFE1035, QFE1040, QFE1045, QFE2340, QFE2550, QFE3100, QFE3320, QFE3335, QFE3345, QLN1021AQ, QLN1030, QLN1031, QLN1036AQ, QPA4340, QPA4360, QPA5460, QSW8573, QTC800H, QTC800S, QTC800T, RGR7640AU, RSW8577, SD 636, SD205, SD210, SD660, SD820, SD821, SD835, SDM630, SDR660, SDW2500, SDW3100, SDX20, SDX20M, SMB1350, SMB1351, SMB1357, SMB1358, SMB1360, SMB1380, SMB231, SMB358S, WCD9306, ...[truncated*]	affected	—

Configuration 1 [-]

OR	cpe:2.3:h:qualcomm:apq8009:-:::::::*
	cpe:2.3:h:qualcomm:apq8009w:-:::::::*
	cpe:2.3:h:qualcomm:apq8017:-:::::::*
	cpe:2.3:h:qualcomm:apq8053:-:::::::*
	cpe:2.3:h:qualcomm:apq8064au:-:::::::*
	cpe:2.3:h:qualcomm:apq8076:-:::::::*
	cpe:2.3:h:qualcomm:apq8096au:-:::::::*
	cpe:2.3:h:qualcomm:ar8151:-:::::::*
	cpe:2.3:h:qualcomm:csr6030:-:::::::*
	cpe:2.3:h:qualcomm:mdm9206:-:::::::*
	cpe:2.3:h:qualcomm:mdm9230:-:::::::*
	cpe:2.3:h:qualcomm:mdm9250:-:::::::*
	cpe:2.3:h:qualcomm:mdm9330:-:::::::*
	cpe:2.3:h:qualcomm:mdm9607:-:::::::*
	cpe:2.3:h:qualcomm:mdm9626:-:::::::*
	cpe:2.3:h:qualcomm:mdm9628:-:::::::*
	cpe:2.3:h:qualcomm:mdm9630:-:::::::*
	cpe:2.3:h:qualcomm:mdm9640:-:::::::*
	cpe:2.3:h:qualcomm:mdm9650:-:::::::*
	cpe:2.3:h:qualcomm:mdm9655:-:::::::*
	cpe:2.3:h:qualcomm:msm8909w:-:::::::*
	cpe:2.3:h:qualcomm:msm8937:-:::::::*
	cpe:2.3:h:qualcomm:msm8996au:-:::::::*
	cpe:2.3:h:qualcomm:pm660:-:::::::*
	cpe:2.3:h:qualcomm:pm660a:-:::::::*
	cpe:2.3:h:qualcomm:pm660l:-:::::::*
	cpe:2.3:h:qualcomm:pm8004:-:::::::*
	cpe:2.3:h:qualcomm:pm8005:-:::::::*
	cpe:2.3:h:qualcomm:pm8909:-:::::::*
	cpe:2.3:h:qualcomm:pm8916:-:::::::*
	cpe:2.3:h:qualcomm:pm8937:-:::::::*
	cpe:2.3:h:qualcomm:pm8952:-:::::::*
	cpe:2.3:h:qualcomm:pm8953:-:::::::*
	cpe:2.3:h:qualcomm:pm8956:-:::::::*
	cpe:2.3:h:qualcomm:pm8996:-:::::::*
	cpe:2.3:h:qualcomm:pm8998:-:::::::*
	cpe:2.3:h:qualcomm:pmd9607:-:::::::*
	cpe:2.3:h:qualcomm:pmd9635:-:::::::*
	cpe:2.3:h:qualcomm:pmd9645:-:::::::*
	cpe:2.3:h:qualcomm:pmd9655:-:::::::*
	cpe:2.3:h:qualcomm:pmi8937:-:::::::*
	cpe:2.3:h:qualcomm:pmi8952:-:::::::*
	cpe:2.3:h:qualcomm:pmi8994:-:::::::*
	cpe:2.3:h:qualcomm:pmi8996:-:::::::*
	cpe:2.3:h:qualcomm:pmi8998:-:::::::*
	cpe:2.3:h:qualcomm:pmk8001:-:::::::*
	cpe:2.3:h:qualcomm:pmm8996au:-:::::::*
	cpe:2.3:h:qualcomm:pmx20:-:::::::*
	cpe:2.3:h:qualcomm:qat3514:-:::::::*
	cpe:2.3:h:qualcomm:qat3522:-:::::::*
	cpe:2.3:h:qualcomm:qat3550:-:::::::*
	cpe:2.3:h:qualcomm:qbt1000:-:::::::*
	cpe:2.3:h:qualcomm:qbt1500:-:::::::*
	cpe:2.3:h:qualcomm:qca6174:-:::::::*
	cpe:2.3:h:qualcomm:qca6174a:-:::::::*
	cpe:2.3:h:qualcomm:qca6310:-:::::::*
	cpe:2.3:h:qualcomm:qca6320:-:::::::*
	cpe:2.3:h:qualcomm:qca6564a:-:::::::*
	cpe:2.3:h:qualcomm:qca6564au:-:::::::*
	cpe:2.3:h:qualcomm:qca6574:-:::::::*
	cpe:2.3:h:qualcomm:qca6574a:-:::::::*
	cpe:2.3:h:qualcomm:qca6574au:-:::::::*
	cpe:2.3:h:qualcomm:qca6584:-:::::::*
	cpe:2.3:h:qualcomm:qca6584au:-:::::::*
cpe:2.3:h:qualcomm:qca9367:-:::::::*
cpe:2.3:h:qualcomm:qca9377:-:::::::*
cpe:2.3:h:qualcomm:qet4100:-:::::::*
cpe:2.3:h:qualcomm:qet4101:-:::::::*
cpe:2.3:h:qualcomm:qet4200aq:-:::::::*
cpe:2.3:h:qualcomm:qfe1035:-:::::::*
cpe:2.3:h:qualcomm:qfe1040:-:::::::*
cpe:2.3:h:qualcomm:qfe1045:-:::::::*
cpe:2.3:h:qualcomm:qfe2340:-:::::::*
cpe:2.3:h:qualcomm:qfe2550:-:::::::*
cpe:2.3:h:qualcomm:qfe3100:-:::::::*
cpe:2.3:h:qualcomm:qfe3320:-:::::::*
cpe:2.3:h:qualcomm:qfe3335:-:::::::*
cpe:2.3:h:qualcomm:qfe3345:-:::::::*
cpe:2.3:h:qualcomm:qln1021aq:-:::::::*
cpe:2.3:h:qualcomm:qln1030:-:::::::*
cpe:2.3:h:qualcomm:qln1031:-:::::::*
cpe:2.3:h:qualcomm:qln1036aq:-:::::::*
cpe:2.3:h:qualcomm:qpa4340:-:::::::*
cpe:2.3:h:qualcomm:qpa4360:-:::::::*
cpe:2.3:h:qualcomm:qpa5460:-:::::::*
cpe:2.3:h:qualcomm:qsw8573:-:::::::*
cpe:2.3:h:qualcomm:qtc800h:-:::::::*
cpe:2.3:h:qualcomm:qtc800s:-:::::::*
cpe:2.3:h:qualcomm:qtc800t:-:::::::*
cpe:2.3:h:qualcomm:rgr7640au:-:::::::*
cpe:2.3:h:qualcomm:rsw8577:-:::::::*
cpe:2.3:h:qualcomm:sd_636:-:::::::*
cpe:2.3:h:qualcomm:sd205:-:::::::*
cpe:2.3:h:qualcomm:sd210:-:::::::*
cpe:2.3:h:qualcomm:sd660:-:::::::*
cpe:2.3:h:qualcomm:sd820:-:::::::*
cpe:2.3:h:qualcomm:sd821:-:::::::*
cpe:2.3:h:qualcomm:sd835:-:::::::*
cpe:2.3:h:qualcomm:sdm630:-:::::::*
cpe:2.3:h:qualcomm:sdr660:-:::::::*
cpe:2.3:h:qualcomm:sdw2500:-:::::::*
cpe:2.3:h:qualcomm:sdw3100:-:::::::*
cpe:2.3:h:qualcomm:sdx20:-:::::::*
cpe:2.3:h:qualcomm:sdx20m:-:::::::*
cpe:2.3:h:qualcomm:smb1350:-:::::::*
cpe:2.3:h:qualcomm:smb1351:-:::::::*
cpe:2.3:h:qualcomm:smb1357:-:::::::*
cpe:2.3:h:qualcomm:smb1358:-:::::::*
cpe:2.3:h:qualcomm:smb1360:-:::::::*
cpe:2.3:h:qualcomm:smb1380:-:::::::*
cpe:2.3:h:qualcomm:smb231:-:::::::*
cpe:2.3:h:qualcomm:smb358s:-:::::::*
cpe:2.3:h:qualcomm:wcd9306:-:::::::*
cpe:2.3:h:qualcomm:wcd9326:-:::::::*
cpe:2.3:h:qualcomm:wcd9330:-:::::::*
cpe:2.3:h:qualcomm:wcd9335:-:::::::*
cpe:2.3:h:qualcomm:wcd9340:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcn3610:-:::::::*
cpe:2.3:h:qualcomm:wcn3615:-:::::::*
cpe:2.3:h:qualcomm:wcn3620:-:::::::*
cpe:2.3:h:qualcomm:wcn3660b:-:::::::*
cpe:2.3:h:qualcomm:wcn3680b:-:::::::*
cpe:2.3:h:qualcomm:wcn3980:-:::::::*
cpe:2.3:h:qualcomm:wcn3990:-:::::::*
cpe:2.3:h:qualcomm:wgr7640:-:::::::*
cpe:2.3:h:qualcomm:wsa8810:-:::::::*
cpe:2.3:h:qualcomm:wsa8815:-:::::::*
cpe:2.3:h:qualcomm:wtr2955:-:::::::*
cpe:2.3:h:qualcomm:wtr2965:-:::::::*
cpe:2.3:h:qualcomm:wtr3905:-:::::::*
cpe:2.3:h:qualcomm:wtr3925:-:::::::*
cpe:2.3:h:qualcomm:wtr3950:-:::::::*
cpe:2.3:h:qualcomm:wtr4905:-:::::::*
cpe:2.3:h:qualcomm:wtr5975:-:::::::*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-3640	An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface & endpoint are made together. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00045.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin

History

No history.

Subscriptions

Qualcomm Apq8009 Apq8009w Apq8017 Apq8053 Apq8064au Apq8076 Apq8096au Ar8151 Csr6030 Mdm9206 Mdm9230 Mdm9250 Mdm9330 Mdm9607 Mdm9626 Mdm9628 Mdm9630 Mdm9640 Mdm9650 Mdm9655 Msm8909w Msm8937 Msm8996au Pm660 Pm660a Pm660l Pm8004 Pm8005 Pm8909 Pm8916 Pm8937 Pm8952 Pm8953 Pm8956 Pm8996 Pm8998 Pmd9607 Pmd9635 Pmd9645 Pmd9655 Pmi8937 Pmi8952 Pmi8994 Pmi8996 Pmi8998 Pmk8001 Pmm8996au Pmx20 Qat3514 Qat3522 Qat3550 Qbt1000 Qbt1500 Qca6174 Qca6174a Qca6310 Qca6320 Qca6564a Qca6564au Qca6574 Qca6574a Qca6574au Qca6584 Qca6584au Qca9367 Qca9377 Qet4100 Qet4101 Qet4200aq Qfe1035 Qfe1040 Qfe1045 Qfe2340 Qfe2550 Qfe3100 Qfe3320 Qfe3335 Qfe3345 Qln1021aq Qln1030 Qln1031 Qln1036aq Qpa4340 Qpa4360 Qpa5460 Qsw8573 Qtc800h Qtc800s Qtc800t Rgr7640au Rsw8577 Sd205 Sd210 Sd660 Sd820 Sd821 Sd835 Sd 636 Sdm630 Sdr660 Sdw2500 Sdw3100 Sdx20 Sdx20m Smb1350 Smb1351 Smb1357 Smb1358 Smb1360 Smb1380 Smb231 Smb358s Wcd9306 Wcd9326 Wcd9330 Wcd9335 Wcd9340 Wcd9341 Wcn3610 Wcn3615 Wcn3620 Wcn3660b Wcn3680b Wcn3980 Wcn3990 Wgr7640 Wsa8810 Wsa8815 Wtr2955 Wtr2965 Wtr3905 Wtr3925 Wtr3950 Wtr4905 Wtr5975

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2021-02-22T06:26:05.000Z

Updated: 2024-08-04T11:28:13.808Z

Reserved: 2020-03-31T00:00:00.000Z

Link: CVE-2020-11286

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-02-22T07:15:15.143

Modified: 2024-11-21T04:57:44.147

Link: CVE-2020-11286

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-119

Tracking

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object