CVE-2020-11254

Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

CVSS v3.0 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:qualcomm:pm6150a:-:::::::*
	cpe:2.3:h:qualcomm:pm6150l:-:::::::*
	cpe:2.3:h:qualcomm:pm6350:-:::::::*
	cpe:2.3:h:qualcomm:pm660:-:::::::*
	cpe:2.3:h:qualcomm:pm660l:-:::::::*
	cpe:2.3:h:qualcomm:pm7250b:-:::::::*
	cpe:2.3:h:qualcomm:pm8008:-:::::::*
	cpe:2.3:h:qualcomm:pm8009:-:::::::*
	cpe:2.3:h:qualcomm:pm8350:-:::::::*
	cpe:2.3:h:qualcomm:pm8350b:-:::::::*
	cpe:2.3:h:qualcomm:pm8350bh:-:::::::*
	cpe:2.3:h:qualcomm:qca6574au:-:::::::*
	cpe:2.3:h:qualcomm:pm8350c:-:::::::*
	cpe:2.3:h:qualcomm:pmk8003:-:::::::*
	cpe:2.3:h:qualcomm:pmk8350:-:::::::*
	cpe:2.3:h:qualcomm:pmm6155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8155au:-:::::::*
	cpe:2.3:h:qualcomm:pmm8195au:-:::::::*
	cpe:2.3:h:qualcomm:pmr735a:-:::::::*
	cpe:2.3:h:qualcomm:pmr735b:-:::::::*
	cpe:2.3:h:qualcomm:qat3516:-:::::::*
	cpe:2.3:h:qualcomm:qat3518:-:::::::*
	cpe:2.3:h:qualcomm:qat3519:-:::::::*
	cpe:2.3:h:qualcomm:qat3555:-:::::::*
	cpe:2.3:h:qualcomm:qat5515:-:::::::*
	cpe:2.3:h:qualcomm:qat5516:-:::::::*
	cpe:2.3:h:qualcomm:qat5522:-:::::::*
	cpe:2.3:h:qualcomm:qat5568:-:::::::*
	cpe:2.3:h:qualcomm:qbt1500:-:::::::*
	cpe:2.3:h:qualcomm:qca6696:-:::::::*
	cpe:2.3:h:qualcomm:qdm3301:-:::::::*
	cpe:2.3:h:qualcomm:qdm4643:-:::::::*
	cpe:2.3:h:qualcomm:qdm4650:-:::::::*
	cpe:2.3:h:qualcomm:qdm5620:-:::::::*
	cpe:2.3:h:qualcomm:qdm5621:-:::::::*
	cpe:2.3:h:qualcomm:qdm5670:-:::::::*
	cpe:2.3:h:qualcomm:qdm5671:-:::::::*
	cpe:2.3:h:qualcomm:qet5100:-:::::::*
	cpe:2.3:h:qualcomm:qet5100m:-:::::::*
	cpe:2.3:h:qualcomm:qet6100:-:::::::*
	cpe:2.3:h:qualcomm:qet6110:-:::::::*
	cpe:2.3:h:qualcomm:qfs2530:-:::::::*
	cpe:2.3:h:qualcomm:qfs2580:-:::::::*
	cpe:2.3:h:qualcomm:qfs2608:-:::::::*
	cpe:2.3:h:qualcomm:qfs2630:-:::::::*
	cpe:2.3:h:qualcomm:qln4642:-:::::::*
	cpe:2.3:h:qualcomm:qln4650:-:::::::*
	cpe:2.3:h:qualcomm:qln5020:-:::::::*
	cpe:2.3:h:qualcomm:qln5030:-:::::::*
	cpe:2.3:h:qualcomm:qln5040:-:::::::*
	cpe:2.3:h:qualcomm:qpa2625:-:::::::*
	cpe:2.3:h:qualcomm:qpa5461:-:::::::*
	cpe:2.3:h:qualcomm:qpa5580:-:::::::*
	cpe:2.3:h:qualcomm:qpa5581:-:::::::*
	cpe:2.3:h:qualcomm:qpa8801:-:::::::*
	cpe:2.3:h:qualcomm:qpa8802:-:::::::*
	cpe:2.3:h:qualcomm:qpa8803:-:::::::*
	cpe:2.3:h:qualcomm:qpa8821:-:::::::*
	cpe:2.3:h:qualcomm:qpa8842:-:::::::*
	cpe:2.3:h:qualcomm:qpm4621:-:::::::*
	cpe:2.3:h:qualcomm:qpm4630:-:::::::*
	cpe:2.3:h:qualcomm:qpm4640:-:::::::*
	cpe:2.3:h:qualcomm:qpm4641:-:::::::*
	cpe:2.3:h:qualcomm:qpm4650:-:::::::*
cpe:2.3:h:qualcomm:qpm5621:-:::::::*
cpe:2.3:h:qualcomm:qpm5641:-:::::::*
cpe:2.3:h:qualcomm:qpm5670:-:::::::*
cpe:2.3:h:qualcomm:qpm5677:-:::::::*
cpe:2.3:h:qualcomm:qpm5679:-:::::::*
cpe:2.3:h:qualcomm:qpm5870:-:::::::*
cpe:2.3:h:qualcomm:qpm5875:-:::::::*
cpe:2.3:h:qualcomm:qpm6585:-:::::::*
cpe:2.3:h:qualcomm:qpm6621:-:::::::*
cpe:2.3:h:qualcomm:qpm6670:-:::::::*
cpe:2.3:h:qualcomm:qpm8820:-:::::::*
cpe:2.3:h:qualcomm:qpm8870:-:::::::*
cpe:2.3:h:qualcomm:qet6105:-:::::::*
cpe:2.3:h:qualcomm:sa6155p:-:::::::*
cpe:2.3:h:qualcomm:sa8155p:-:::::::*
cpe:2.3:h:qualcomm:sa6145p:-:::::::*
cpe:2.3:h:qualcomm:sa6150p:-:::::::*
cpe:2.3:h:qualcomm:sa8150p:-:::::::*
cpe:2.3:h:qualcomm:sa8195p:-:::::::*
cpe:2.3:h:qualcomm:qtc800h:-:::::::*
cpe:2.3:h:qualcomm:qtc800s:-:::::::*
cpe:2.3:h:qualcomm:qtc801s:-:::::::*
cpe:2.3:h:qualcomm:qtm525:-:::::::*
cpe:2.3:h:qualcomm:sd670:-:::::::*
cpe:2.3:h:qualcomm:sd710:-:::::::*
cpe:2.3:h:qualcomm:sd888_5g:-:::::::*
cpe:2.3:h:qualcomm:sdr660:-:::::::*
cpe:2.3:h:qualcomm:sdr660g:-:::::::*
cpe:2.3:h:qualcomm:sdr735:-:::::::*
cpe:2.3:h:qualcomm:sdr735g:-:::::::*
cpe:2.3:h:qualcomm:sdr865:-:::::::*
cpe:2.3:h:qualcomm:sdxr1:-:::::::*
cpe:2.3:h:qualcomm:smb1351:-:::::::*
cpe:2.3:h:qualcomm:smb1355:-:::::::*
cpe:2.3:h:qualcomm:smb1396:-:::::::*
cpe:2.3:h:qualcomm:smb1398:-:::::::*
cpe:2.3:h:qualcomm:smr526:-:::::::*
cpe:2.3:h:qualcomm:smr545:-:::::::*
cpe:2.3:h:qualcomm:smr546:-:::::::*
cpe:2.3:h:qualcomm:wcd9326:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcd9370:-:::::::*
cpe:2.3:h:qualcomm:wcd9375:-:::::::*
cpe:2.3:h:qualcomm:wcd9380:-:::::::*
cpe:2.3:h:qualcomm:wcd9385:-:::::::*
cpe:2.3:h:qualcomm:wcn3980:-:::::::*
cpe:2.3:h:qualcomm:wcn3988:-:::::::*
cpe:2.3:h:qualcomm:wcn3990:-:::::::*
cpe:2.3:h:qualcomm:wcn3991:-:::::::*
cpe:2.3:h:qualcomm:wcn6850:-:::::::*
cpe:2.3:h:qualcomm:wcn6851:-:::::::*
cpe:2.3:h:qualcomm:wcn6855:-:::::::*
cpe:2.3:h:qualcomm:wcn6856:-:::::::*
cpe:2.3:h:qualcomm:wsa8830:-:::::::*
cpe:2.3:h:qualcomm:wsa8835:-:::::::*
cpe:2.3:h:qualcomm:sd480:-:::::::*
cpe:2.3:h:qualcomm:sd888:-:::::::*

Information

Published : 2021-05-07 02:15

Updated : 2021-05-14 09:14

NVD link : CVE-2020-11254

Mitre link : CVE-2020-11254

JSON object : View

CWE

CWE-476

NULL Pointer Dereference

Products Affected

qualcomm

qpm4650
pmk8003
smb1396
wcn6850
qat3519
sa8155p
sd670
qdm5671
wcd9370
qfs2630
qpm5677
qat5515
pm8350bh
wcd9380
pm660l
pm6150l
qpm6621
wcn3991
wsa8835
qln5040
sdr660
pmm8155au
sd480
qet6100
qet6105
qdm5621
qpa8801
pmr735a
qpa5580
qpa5581
pmr735b
qpm5679
qpm4640
sd888_5g
wcn6856
wcn3990
qpm4641
qtc801s
pm6150a
qln4650
sa6155p
qdm5670
qat3555
sa8150p
pm660
pmm8195au
qdm4643
qpm5621
qfs2530
qpm6585
sa6150p
sdr735g
wcd9341
qfs2580
wcd9375
qtc800h
wcn3980
qpa8803
qat3516
sdr735
qca6574au
qpm4630
smb1398
sdxr1
sdr865
wcd9326
smr546
qpa8842
qat5522
qfs2608
smb1351
pmk8350
wcn6851
qbt1500
pm8008
qdm4650
qat3518
sa8195p
qln4642
smr526
qln5030
qpm8870
pm6350
qca6696
sd710
qdm3301
qpa8821
qpa5461
qtm525
qpm4621
pm8350b
sa6145p
qpm5670
pmm6155au
qet6110
qpm5641
smb1355
qat5568
qpa2625
wcn3988
pm8350
smr545
qln5020
qtc800s
qpm6670
wcd9385
pm8350c
qdm5620
qpm5870
sdr660g
qat5516
pm7250b
qpm8820
sd888
qpm5875
wcn6855
qet5100
wsa8830
qpa8802
qet5100m
pm8009

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2020-11254

5.5^/10

2.1^/10

Attach tags to `CVE-2020-11254`