CVE-2020-11165

Description

Memory corruption due to buffer overflow while copying the message provided by HLOS into buffer without validating the length of buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Related CPE's

oqualcommaqt1000_firmware-*******

vulnerable

hqualcommaqt1000-*******

oqualcommar8035_firmware-*******

vulnerable

hqualcommar8035-*******

oqualcommpm3003a_firmware-*******

vulnerable

hqualcommpm3003a-*******

oqualcommpm4125_firmware-*******

vulnerable

hqualcommpm4125-*******

oqualcommpm456_firmware-*******

vulnerable

hqualcommpm456-*******

References

https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

Vendor Advisory

CvssV3 impact

BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

UNCHANGED

AttackVector

LOCAL

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

7.8

VectorString

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

COMPLETE

AvailabilityImpact

COMPLETE

IntegrityImpact

COMPLETE

BaseScore

7.2

VectorString

AV:L/AC:L/Au:N/C:C/I:C/A:C

Version

2.0

AccessVector

LOCAL

Authentication

NONE

Created by Yello
About Severity.io