CVE-2020-11305

Published: Mar 17, 2021Modified: Nov 21, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

Integer overflow in boot due to improper length check on arguments received in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music

Affected (20)

Products: Qualcomm: Apq8009 Firmware, Apq8053 Firmware, Mdm9206 Firmware, Pm8909 Firmware, Pm8916 Firmware, Pm8953 Firmware, Pmd9607 Firmware, Pmi8952 Firmware, Qca9367 Firmware, Qca9377 Firmware, Smb1358 Firmware, Smb1360 Firmware, Smb231 Firmware, Wcd9326 Firmware, Wcd9330 Firmware, Wcn3660b Firmware, Wcn3680b Firmware, Wsa8810 Firmware, Wsa8815 Firmware, Wtr2965 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8009 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8009	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8053 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8053	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Pm8909 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Pm8909	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Pm8916 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Pm8916	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Pm8953 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Pm8953	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Pmd9607 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Pmd9607	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Pmi8952 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Pmi8952	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9367 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9367	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9377 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9377	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Smb1358 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Smb1358	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Smb1360 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Smb1360	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Smb231 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Smb231	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9326 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9326	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcd9330 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcd9330	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3660b Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3660b	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wcn3680b Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wcn3680b	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8810 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8810	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wsa8815 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wsa8815	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Wtr2965 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Wtr2965	All versions

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (2)

https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin

Source: product-security@qualcomm.com

PatchVendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.