CVE-2020-11201

Exploit

EPSS 0.05%
Veröffentlicht 12.11.2020 10:15:12
Zuletzt bearbeitet 21.11.2024 04:57:14
Quelle product-security@qualcomm.com
Teams Watchlist Login
Unerledigt Login

Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Qualcomm ≫ Qcm6125 Firmware Version-

Qualcomm ≫ Qcm6125 Version-

Qualcomm ≫ Qcs410 Firmware Version-

Qualcomm ≫ Qcs410 Version-

Qualcomm ≫ Qcs603 Firmware Version-

Qualcomm ≫ Qcs603 Version-

Qualcomm ≫ Qcs605 Firmware Version-

Qualcomm ≫ Qcs605 Version-

Qualcomm ≫ Qcs610 Firmware Version-

Qualcomm ≫ Qcs610 Version-

Qualcomm ≫ Qcs6125 Firmware Version-

Qualcomm ≫ Qcs6125 Version-

Qualcomm ≫ Sa6145p Firmware Version-

Qualcomm ≫ Sa6145p Version-

Qualcomm ≫ Sa6155 Firmware Version-

Qualcomm ≫ Sa6155 Version-

Qualcomm ≫ Sa6155p Firmware Version-

Qualcomm ≫ Sa6155p Version-

Qualcomm ≫ Sa8155 Firmware Version-

Qualcomm ≫ Sa8155 Version-

Qualcomm ≫ Sa8155p Firmware Version-

Qualcomm ≫ Sa8155p Version-

Qualcomm ≫ Sda640 Firmware Version-

Qualcomm ≫ Sda640 Version-

Qualcomm ≫ Sda845 Firmware Version-

Qualcomm ≫ Sda845 Version-

Qualcomm ≫ Sdm640 Firmware Version-

Qualcomm ≫ Sdm640 Version-

Qualcomm ≫ Sdm830 Firmware Version-

Qualcomm ≫ Sdm830 Version-

Qualcomm ≫ Sdm845 Firmware Version-

Qualcomm ≫ Sdm845 Version-

Qualcomm ≫ Sdx50m Firmware Version-

Qualcomm ≫ Sdx50m Version-

Qualcomm ≫ Sdx55 Firmware Version-

Qualcomm ≫ Sdx55 Version-

Qualcomm ≫ Sdx55m Firmware Version-

Qualcomm ≫ Sdx55m Version-

Qualcomm ≫ Sm6125 Firmware Version-

Qualcomm ≫ Sm6125 Version-

Qualcomm ≫ Sm6150 Firmware Version-

Qualcomm ≫ Sm6150 Version-

Qualcomm ≫ Sm6250 Firmware Version-

Qualcomm ≫ Sm6250 Version-

Qualcomm ≫ Sm6250p Firmware Version-

Qualcomm ≫ Sm6250p Version-

Qualcomm ≫ Sm7125 Firmware Version-

Qualcomm ≫ Sm7125 Version-

Qualcomm ≫ Sm7150 Firmware Version-

Qualcomm ≫ Sm7150 Version-

Qualcomm ≫ Sm7150p Firmware Version-

Qualcomm ≫ Sm7150p Version-

Qualcomm ≫ Sm8150 Firmware Version-

Qualcomm ≫ Sm8150 Version-

Qualcomm ≫ Sm8150p Firmware Version-

Qualcomm ≫ Sm8150p Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.162

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Vendor Advisory

Broken Link

https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/

Third Party Advisory

https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-11201

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11201

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11201

EUVD