CVE-2020-11121

EUVD-2020-3475
u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Affected Products (NVD)
VendorProductVersion
qualcommqcm4290_firmware
-
qualcommqcs4290_firmware
-
qualcommqm215_firmware
-
qualcommqsm8350_firmware
-
qualcommsa6145p_firmware
-
qualcommsa6155_firmware
-
qualcommsa6155p_firmware
-
qualcommsa8155_firmware
-
qualcommsa8155p_firmware
-
qualcommsc8180x_firmware
-
qualcommsc8180xp_firmware
-
qualcommsdx55_firmware
-
qualcommsdx55m_firmware
-
qualcommsm4250_firmware
-
qualcommsm4250p_firmware
-
qualcommsm6115_firmware
-
qualcommsm6115p_firmware
-
qualcommsm6125_firmware
-
qualcommsm6250_firmware
-
qualcommsm6350_firmware
-
qualcommsm7125_firmware
-
qualcommsm7225_firmware
-
qualcommsm7250_firmware
-
qualcommsm7250p_firmware
-
qualcommsm8150_firmware
-
qualcommsm8150p_firmware
-
qualcommsm8250_firmware
-
qualcommsm8350_firmware
-
qualcommsm8350p_firmware
-
qualcommsxr2130_firmware
-
qualcommsxr2130p_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin