CVE-2020-11175

EPSS 0.04%
Published 12.11.2020 10:15:12
Last modified 21.11.2024 04:57:03
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009W, MSM8909W, QCS605, QM215, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6350, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Apq8009w Firmware Version-

Qualcomm ≫ Apq8009w Version-

Qualcomm ≫ Msm8909w Firmware Version-

Qualcomm ≫ Msm8909w Version-

Qualcomm ≫ Qcs605 Firmware Version-

Qualcomm ≫ Qcs605 Version-

Qualcomm ≫ Qm215 Firmware Version-

Qualcomm ≫ Qm215 Version-

Qualcomm ≫ Sa6155 Firmware Version-

Qualcomm ≫ Sa6155 Version-

Qualcomm ≫ Sa6155p Firmware Version-

Qualcomm ≫ Sa6155p Version-

Qualcomm ≫ Sa8155 Firmware Version-

Qualcomm ≫ Sa8155 Version-

Qualcomm ≫ Sa8155p Firmware Version-

Qualcomm ≫ Sa8155p Version-

Qualcomm ≫ Sda640 Firmware Version-

Qualcomm ≫ Sda640 Version-

Qualcomm ≫ Sda670 Firmware Version-

Qualcomm ≫ Sda670 Version-

Qualcomm ≫ Sda855 Firmware Version-

Qualcomm ≫ Sda855 Version-

Qualcomm ≫ Sdm1000 Firmware Version-

Qualcomm ≫ Sdm1000 Version-

Qualcomm ≫ Sdm640 Firmware Version-

Qualcomm ≫ Sdm640 Version-

Qualcomm ≫ Sdm670 Firmware Version-

Qualcomm ≫ Sdm670 Version-

Qualcomm ≫ Sdm710 Firmware Version-

Qualcomm ≫ Sdm710 Version-

Qualcomm ≫ Sdm845 Firmware Version-

Qualcomm ≫ Sdm845 Version-

Qualcomm ≫ Sdx50m Firmware Version-

Qualcomm ≫ Sdx50m Version-

Qualcomm ≫ Sdx55 Firmware Version-

Qualcomm ≫ Sdx55 Version-

Qualcomm ≫ Sdx55m Firmware Version-

Qualcomm ≫ Sdx55m Version-

Qualcomm ≫ Sm6125 Firmware Version-

Qualcomm ≫ Sm6125 Version-

Qualcomm ≫ Sm6350 Firmware Version-

Qualcomm ≫ Sm6350 Version-

Qualcomm ≫ Sm7225 Firmware Version-

Qualcomm ≫ Sm7225 Version-

Qualcomm ≫ Sm7250 Firmware Version-

Qualcomm ≫ Sm7250 Version-

Qualcomm ≫ Sm7250p Firmware Version-

Qualcomm ≫ Sm7250p Version-

Qualcomm ≫ Sm8150 Firmware Version-

Qualcomm ≫ Sm8150 Version-

Qualcomm ≫ Sm8150p Firmware Version-

Qualcomm ≫ Sm8150p Version-

Qualcomm ≫ Sm8250 Firmware Version-

Qualcomm ≫ Sm8250 Version-

Qualcomm ≫ Sxr1120 Firmware Version-

Qualcomm ≫ Sxr1120 Version-

Qualcomm ≫ Sxr1130 Firmware Version-

Qualcomm ≫ Sxr1130 Version-

Qualcomm ≫ Sxr2130 Firmware Version-

Qualcomm ≫ Sxr2130 Version-

Qualcomm ≫ Sxr2130p Firmware Version-

Qualcomm ≫ Sxr2130p Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.077

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-11175

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11175

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11175

EUVD