7.8

CVE-2020-11202

Exploit

EPSS 0.06%
Published 12.11.2020 10:15:12
Last modified 21.11.2024 04:57:14
Source product-security@qualcomm.com
Teams watchlist Login
Open Login

Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA845, SDM640, SDM670, SDM710, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Qualcomm ≫ Qcm6125 Firmware Version-

Qualcomm ≫ Qcm6125 Version-

Qualcomm ≫ Qcs410 Firmware Version-

Qualcomm ≫ Qcs410 Version-

Qualcomm ≫ Qcs603 Firmware Version-

Qualcomm ≫ Qcs603 Version-

Qualcomm ≫ Qcs605 Firmware Version-

Qualcomm ≫ Qcs605 Version-

Qualcomm ≫ Qcs610 Firmware Version-

Qualcomm ≫ Qcs610 Version-

Qualcomm ≫ Qcs6125 Firmware Version-

Qualcomm ≫ Qcs6125 Version-

Qualcomm ≫ Sa6145p Firmware Version-

Qualcomm ≫ Sa6145p Version-

Qualcomm ≫ Sa6155 Firmware Version-

Qualcomm ≫ Sa6155 Version-

Qualcomm ≫ Sa6155p Firmware Version-

Qualcomm ≫ Sa6155p Version-

Qualcomm ≫ Sa8155 Firmware Version-

Qualcomm ≫ Sa8155 Version-

Qualcomm ≫ Sa8155p Firmware Version-

Qualcomm ≫ Sa8155p Version-

Qualcomm ≫ Sda640 Firmware Version-

Qualcomm ≫ Sda640 Version-

Qualcomm ≫ Sda670 Firmware Version-

Qualcomm ≫ Sda670 Version-

Qualcomm ≫ Sda845 Firmware Version-

Qualcomm ≫ Sda845 Version-

Qualcomm ≫ Sdm640 Firmware Version-

Qualcomm ≫ Sdm640 Version-

Qualcomm ≫ Sdm670 Firmware Version-

Qualcomm ≫ Sdm670 Version-

Qualcomm ≫ Sdm710 Firmware Version-

Qualcomm ≫ Sdm710 Version-

Qualcomm ≫ Sdm830 Firmware Version-

Qualcomm ≫ Sdm830 Version-

Qualcomm ≫ Sdm845 Firmware Version-

Qualcomm ≫ Sdm845 Version-

Qualcomm ≫ Sdx50m Firmware Version-

Qualcomm ≫ Sdx50m Version-

Qualcomm ≫ Sdx55 Firmware Version-

Qualcomm ≫ Sdx55 Version-

Qualcomm ≫ Sdx55m Firmware Version-

Qualcomm ≫ Sdx55m Version-

Qualcomm ≫ Sm6125 Firmware Version-

Qualcomm ≫ Sm6125 Version-

Qualcomm ≫ Sm6150 Firmware Version-

Qualcomm ≫ Sm6150 Version-

Qualcomm ≫ Sm6150p Firmware Version-

Qualcomm ≫ Sm6150p Version-

Qualcomm ≫ Sm6250 Firmware Version-

Qualcomm ≫ Sm6250 Version-

Qualcomm ≫ Sm6250p Firmware Version-

Qualcomm ≫ Sm6250p Version-

Qualcomm ≫ Sm7125 Firmware Version-

Qualcomm ≫ Sm7125 Version-

Qualcomm ≫ Sm7150 Firmware Version-

Qualcomm ≫ Sm7150 Version-

Qualcomm ≫ Sm7150p Firmware Version-

Qualcomm ≫ Sm7150p Version-

Qualcomm ≫ Sm8150 Firmware Version-

Qualcomm ≫ Sm8150 Version-

Qualcomm ≫ Sm8150p Firmware Version-

Qualcomm ≫ Sm8150p Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.19

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Vendor Advisory

Broken Link

https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/

Third Party Advisory

https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2020-11202

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11202

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11202

EUVD