CVE-2020-11169

EUVD-2020-3523

02.11.2020, 07:15

u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Affected Products (NVD)

Vendor	Product	Version
qualcomm	apq8009_firmware	-
qualcomm	apq8053_firmware	-
qualcomm	qca6390_firmware	-
qualcomm	qcn7605_firmware	-
qualcomm	qcn7606_firmware	-
qualcomm	sa415m_firmware	-
qualcomm	sa515m_firmware	-
qualcomm	sa6155p_firmware	-
qualcomm	sa8155p_firmware	-
qualcomm	sc8180x_firmware	-
qualcomm	sdx55_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin