CVE-2020-11265

Published: Jun 9, 2021Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Information disclosure issue due to lack of validation of pointer arguments passed to TZ BSP in Snapdragon Wired Infrastructure and Networking

Affected (26)

Products: Qualcomm: Ar7420 Firmware, Ar9580 Firmware, Csr8811 Firmware, Ipq4018 Firmware, Ipq4019 Firmware, Ipq4028 Firmware, Ipq4029 Firmware, Qca10901 Firmware, Qca4024 Firmware, Qca7500 Firmware, Qca7520 Firmware, Qca7550 Firmware, Qca8075 Firmware, Qca9880 Firmware, Qca9886 Firmware, Qca9888 Firmware, Qca9889 Firmware, Qca9898 Firmware, Qca9984 Firmware, Qca9992 Firmware, Qca9994 Firmware, Qcn3018 Firmware, Qfe1922 Firmware, Qfe1952 Firmware, Wcd9340 Firmware, Wsa8810 Firmware

26 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ar7420 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ar7420	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ar9580 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ar9580	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Csr8811 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Csr8811	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq4018 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq4018	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq4019 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq4019	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq4028 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq4028	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq4029 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq4029	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca10901 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca10901	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca4024 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca4024	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca7500 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca7500	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca7520 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca7520	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca7550 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca7550	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca8075 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca8075	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9880 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9880	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9886 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9886	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9888 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9888	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9889 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9889	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9898 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9898	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9984 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9984	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9992 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9992	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9994 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9994	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcn3018 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcn3018	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qfe1922 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qfe1922	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qfe1952 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qfe1952	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9340 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9340	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8810 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8810	All versions

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

Source: product-security@qualcomm.com

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.