CVE-2020-11254

Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

CVSS v3.0 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:qualcomm:qca6574au:-:::::::*
	cpe:2.3:h:qualcomm:sa6155p:-:::::::*
	cpe:2.3:h:qualcomm:sa8155p:-:::::::*
	cpe:2.3:h:qualcomm:sa6145p:-:::::::*
	cpe:2.3:h:qualcomm:sa6150p:-:::::::*
	cpe:2.3:h:qualcomm:sa8150p:-:::::::*
	cpe:2.3:h:qualcomm:sa8195p:-:::::::*
	cpe:2.3:h:qualcomm:pm6150a:-:::::::*
	cpe:2.3:h:qualcomm:pm6150l:-:::::::*
	cpe:2.3:h:qualcomm:pm6350:-:::::::*
	cpe:2.3:h:qualcomm:pm660:-:::::::*
	cpe:2.3:h:qualcomm:pm660l:-:::::::*
	cpe:2.3:h:qualcomm:pm7250b:-:::::::*
	cpe:2.3:h:qualcomm:pm8008:-:::::::*
	cpe:2.3:h:qualcomm:pm8009:-:::::::*
	cpe:2.3:h:qualcomm:pm8350:-:::::::*
	cpe:2.3:h:qualcomm:pm8350b:-:::::::*
	cpe:2.3:h:qualcomm:pm8350bh:-:::::::*
	cpe:2.3:h:qualcomm:pm8350c:-:::::::*
	cpe:2.3:h:qualcomm:pmk8003:-:::::::*
	cpe:2.3:h:qualcomm:pmk8350:-:::::::*
	cpe:2.3:h:qualcomm:pmm6155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8195au:-:::::::*
	cpe:2.3:h:qualcomm:pmr735a:-:::::::*
	cpe:2.3:h:qualcomm:pmr735b:-:::::::*
	cpe:2.3:h:qualcomm:qat3516:-:::::::*
	cpe:2.3:h:qualcomm:qat3518:-:::::::*
	cpe:2.3:h:qualcomm:qat3519:-:::::::*
	cpe:2.3:h:qualcomm:qat3555:-:::::::*
	cpe:2.3:h:qualcomm:qat5515:-:::::::*
	cpe:2.3:h:qualcomm:qat5516:-:::::::*
	cpe:2.3:h:qualcomm:qat5522:-:::::::*
	cpe:2.3:h:qualcomm:qat5568:-:::::::*
	cpe:2.3:h:qualcomm:qbt1500:-:::::::*
	cpe:2.3:h:qualcomm:qca6696:-:::::::*
	cpe:2.3:h:qualcomm:qdm3301:-:::::::*
	cpe:2.3:h:qualcomm:qdm4643:-:::::::*
	cpe:2.3:h:qualcomm:qdm4650:-:::::::*
	cpe:2.3:h:qualcomm:qdm5620:-:::::::*
	cpe:2.3:h:qualcomm:qdm5621:-:::::::*
	cpe:2.3:h:qualcomm:qdm5670:-:::::::*
	cpe:2.3:h:qualcomm:qdm5671:-:::::::*
	cpe:2.3:h:qualcomm:qet5100:-:::::::*
	cpe:2.3:h:qualcomm:qet5100m:-:::::::*
	cpe:2.3:h:qualcomm:qet6100:-:::::::*
	cpe:2.3:h:qualcomm:qet6110:-:::::::*
	cpe:2.3:h:qualcomm:qfs2530:-:::::::*
	cpe:2.3:h:qualcomm:qfs2580:-:::::::*
	cpe:2.3:h:qualcomm:qfs2608:-:::::::*
	cpe:2.3:h:qualcomm:qfs2630:-:::::::*
	cpe:2.3:h:qualcomm:qln4642:-:::::::*
	cpe:2.3:h:qualcomm:qln4650:-:::::::*
	cpe:2.3:h:qualcomm:qln5020:-:::::::*
	cpe:2.3:h:qualcomm:qln5030:-:::::::*
	cpe:2.3:h:qualcomm:qln5040:-:::::::*
	cpe:2.3:h:qualcomm:qpa2625:-:::::::*
	cpe:2.3:h:qualcomm:qpa5461:-:::::::*
	cpe:2.3:h:qualcomm:qpa5580:-:::::::*
	cpe:2.3:h:qualcomm:qpa5581:-:::::::*
	cpe:2.3:h:qualcomm:qpa8801:-:::::::*
	cpe:2.3:h:qualcomm:qpa8802:-:::::::*
	cpe:2.3:h:qualcomm:qpa8803:-:::::::*
	cpe:2.3:h:qualcomm:qpa8821:-:::::::*
cpe:2.3:h:qualcomm:qpa8842:-:::::::*
cpe:2.3:h:qualcomm:qpm4621:-:::::::*
cpe:2.3:h:qualcomm:qpm4630:-:::::::*
cpe:2.3:h:qualcomm:qpm4640:-:::::::*
cpe:2.3:h:qualcomm:qpm4641:-:::::::*
cpe:2.3:h:qualcomm:qpm4650:-:::::::*
cpe:2.3:h:qualcomm:qpm5621:-:::::::*
cpe:2.3:h:qualcomm:qpm5641:-:::::::*
cpe:2.3:h:qualcomm:qpm5670:-:::::::*
cpe:2.3:h:qualcomm:qpm5677:-:::::::*
cpe:2.3:h:qualcomm:qpm5679:-:::::::*
cpe:2.3:h:qualcomm:qpm5870:-:::::::*
cpe:2.3:h:qualcomm:qpm5875:-:::::::*
cpe:2.3:h:qualcomm:qpm6585:-:::::::*
cpe:2.3:h:qualcomm:qpm6621:-:::::::*
cpe:2.3:h:qualcomm:qpm6670:-:::::::*
cpe:2.3:h:qualcomm:qpm8820:-:::::::*
cpe:2.3:h:qualcomm:qpm8870:-:::::::*
cpe:2.3:h:qualcomm:qtc800h:-:::::::*
cpe:2.3:h:qualcomm:qtc800s:-:::::::*
cpe:2.3:h:qualcomm:qtc801s:-:::::::*
cpe:2.3:h:qualcomm:qtm525:-:::::::*
cpe:2.3:h:qualcomm:sd670:-:::::::*
cpe:2.3:h:qualcomm:sd710:-:::::::*
cpe:2.3:h:qualcomm:sd888_5g:-:::::::*
cpe:2.3:h:qualcomm:sdr660:-:::::::*
cpe:2.3:h:qualcomm:sdr660g:-:::::::*
cpe:2.3:h:qualcomm:sdr735:-:::::::*
cpe:2.3:h:qualcomm:sdr735g:-:::::::*
cpe:2.3:h:qualcomm:sdr865:-:::::::*
cpe:2.3:h:qualcomm:sdxr1:-:::::::*
cpe:2.3:h:qualcomm:smb1351:-:::::::*
cpe:2.3:h:qualcomm:smb1355:-:::::::*
cpe:2.3:h:qualcomm:smb1396:-:::::::*
cpe:2.3:h:qualcomm:smb1398:-:::::::*
cpe:2.3:h:qualcomm:smr526:-:::::::*
cpe:2.3:h:qualcomm:smr545:-:::::::*
cpe:2.3:h:qualcomm:smr546:-:::::::*
cpe:2.3:h:qualcomm:wcd9326:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcd9370:-:::::::*
cpe:2.3:h:qualcomm:wcd9375:-:::::::*
cpe:2.3:h:qualcomm:wcd9380:-:::::::*
cpe:2.3:h:qualcomm:wcd9385:-:::::::*
cpe:2.3:h:qualcomm:wcn3980:-:::::::*
cpe:2.3:h:qualcomm:wcn3988:-:::::::*
cpe:2.3:h:qualcomm:wcn3990:-:::::::*
cpe:2.3:h:qualcomm:wcn3991:-:::::::*
cpe:2.3:h:qualcomm:wcn6850:-:::::::*
cpe:2.3:h:qualcomm:wcn6851:-:::::::*
cpe:2.3:h:qualcomm:wcn6855:-:::::::*
cpe:2.3:h:qualcomm:wcn6856:-:::::::*
cpe:2.3:h:qualcomm:wsa8830:-:::::::*
cpe:2.3:h:qualcomm:wsa8835:-:::::::*
cpe:2.3:h:qualcomm:sd480:-:::::::*
cpe:2.3:h:qualcomm:qet6105:-:::::::*
cpe:2.3:h:qualcomm:sd888:-:::::::*

History

No history.

Information

Published : 2021-05-07 09:15

Updated : 2021-05-14 16:14

NVD link : CVE-2020-11254

Mitre link : CVE-2020-11254

JSON object : View

Products Affected

qualcomm

wcd9385
wcn6856
qpa5461
wcd9375
qdm5671
smb1396
qpm4641
sdr735g
qpm6585
pmk8003
sdr735
qtc800h
qpa8803
sa6155p
qpm5677
pmk8350
qpm5875
qat3519
qpm6621
sdr660g
qln5030
smb1398
smb1355
smr526
wcd9370
qet6100
smr545
wcn3990
qpm5870
qpm4640
smb1351
wcn6855
qdm4643
wcn3991
sa8195p
sdr660
wsa8830
wcd9380
pmm6155au
sa8150p
pm6150l
sd480
qet6110
pmr735a
sdxr1
qpa8802
qdm4650
qpa8821
pm8350bh
pmr735b
pmm8195au
qfs2530
pm6150a
qpa5581
qat3555
pm660
qat5522
qfs2580
sdr865
qln4650
qbt1500
qca6574au
wcn6850
qca6696
qpm5621
sd888
qtc800s
sd710
sa6145p
qat5516
pm8350b
qpm4621
wcn3988
qdm3301
qpm5641
qpm4630
sd888_5g
qat5515
sd670
qat3516
qtc801s
sa6150p
pm7250b
qdm5620
qln5040
wcn6851
qln4642
qpa8842
wcn3980
qpa5580
qdm5621
qpa8801
qet5100
pm8350c
qpa2625
qpm8820
qfs2608
pm660l
qpm5670
pm8008
wcd9341
qet5100m
pm6350
qtm525
wsa8835
pm8009
qln5020
qfs2630
pm8350
qpm4650
wcd9326
smr546
qpm6670
pmm8155au
qdm5670
qpm8870
qat5568
qat3518
sa8155p
qpm5679
qet6105

CWE

CWE-476

NULL Pointer Dereference

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-11254

5.5^/10

2.1^/10

Attach tags to `CVE-2020-11254`