CVE-2020-11154

Published: Nov 2, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

u'Buffer overflow while processing a crafted PDU data packet in bluetooth due to lack of check of buffer size before copying' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55

Affected (11)

Products: Qualcomm: Apq8009 Firmware, Apq8053 Firmware, Qca6390 Firmware, Qcn7605 Firmware, Qcn7606 Firmware, Sa415m Firmware, Sa515m Firmware, Sa6155p Firmware, Sa8155p Firmware, Sc8180x Firmware, Sdx55 Firmware

11 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8009 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8009	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8053 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8053	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6390 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6390	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcn7605 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcn7605	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcn7606 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcn7606	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa415m Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa415m	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa515m Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa515m	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa6155p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa6155p	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sa8155p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sa8155p	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sc8180x Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sc8180x	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx55 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx55	All versions

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (3)

https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Source: product-security@qualcomm.com

Broken Link

https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Source: nvd@nist.gov

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.