CVE-2020-11286

An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface & endpoint are made together. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CVSS v3 6.8 MEDIUM
CVSS v2.0 4.6 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:qualcomm:apq8009:-:::::::*
	cpe:2.3:h:qualcomm:apq8009w:-:::::::*
	cpe:2.3:h:qualcomm:apq8017:-:::::::*
	cpe:2.3:h:qualcomm:apq8053:-:::::::*
	cpe:2.3:h:qualcomm:apq8064au:-:::::::*
	cpe:2.3:h:qualcomm:apq8076:-:::::::*
	cpe:2.3:h:qualcomm:apq8096au:-:::::::*
	cpe:2.3:h:qualcomm:ar8151:-:::::::*
	cpe:2.3:h:qualcomm:csr6030:-:::::::*
	cpe:2.3:h:qualcomm:mdm9206:-:::::::*
	cpe:2.3:h:qualcomm:mdm9230:-:::::::*
	cpe:2.3:h:qualcomm:mdm9250:-:::::::*
	cpe:2.3:h:qualcomm:mdm9330:-:::::::*
	cpe:2.3:h:qualcomm:mdm9607:-:::::::*
	cpe:2.3:h:qualcomm:mdm9626:-:::::::*
	cpe:2.3:h:qualcomm:mdm9628:-:::::::*
	cpe:2.3:h:qualcomm:mdm9630:-:::::::*
	cpe:2.3:h:qualcomm:mdm9640:-:::::::*
	cpe:2.3:h:qualcomm:mdm9650:-:::::::*
	cpe:2.3:h:qualcomm:mdm9655:-:::::::*
	cpe:2.3:h:qualcomm:msm8909w:-:::::::*
	cpe:2.3:h:qualcomm:msm8937:-:::::::*
	cpe:2.3:h:qualcomm:msm8996au:-:::::::*
	cpe:2.3:h:qualcomm:pm660:-:::::::*
	cpe:2.3:h:qualcomm:pm660a:-:::::::*
	cpe:2.3:h:qualcomm:pm660l:-:::::::*
	cpe:2.3:h:qualcomm:pm8004:-:::::::*
	cpe:2.3:h:qualcomm:pm8005:-:::::::*
	cpe:2.3:h:qualcomm:pm8909:-:::::::*
	cpe:2.3:h:qualcomm:pm8916:-:::::::*
	cpe:2.3:h:qualcomm:pm8937:-:::::::*
	cpe:2.3:h:qualcomm:pm8952:-:::::::*
	cpe:2.3:h:qualcomm:pm8953:-:::::::*
	cpe:2.3:h:qualcomm:pm8956:-:::::::*
	cpe:2.3:h:qualcomm:pm8996:-:::::::*
	cpe:2.3:h:qualcomm:pm8998:-:::::::*
	cpe:2.3:h:qualcomm:pmd9607:-:::::::*
	cpe:2.3:h:qualcomm:pmd9635:-:::::::*
	cpe:2.3:h:qualcomm:pmd9645:-:::::::*
	cpe:2.3:h:qualcomm:pmd9655:-:::::::*
	cpe:2.3:h:qualcomm:pmi8937:-:::::::*
	cpe:2.3:h:qualcomm:pmi8952:-:::::::*
	cpe:2.3:h:qualcomm:pmi8994:-:::::::*
	cpe:2.3:h:qualcomm:pmi8996:-:::::::*
	cpe:2.3:h:qualcomm:pmi8998:-:::::::*
	cpe:2.3:h:qualcomm:pmk8001:-:::::::*
	cpe:2.3:h:qualcomm:pmm8996au:-:::::::*
	cpe:2.3:h:qualcomm:pmx20:-:::::::*
	cpe:2.3:h:qualcomm:qat3514:-:::::::*
	cpe:2.3:h:qualcomm:qat3522:-:::::::*
	cpe:2.3:h:qualcomm:qat3550:-:::::::*
	cpe:2.3:h:qualcomm:qbt1000:-:::::::*
	cpe:2.3:h:qualcomm:qbt1500:-:::::::*
	cpe:2.3:h:qualcomm:qca6174:-:::::::*
	cpe:2.3:h:qualcomm:qca6174a:-:::::::*
	cpe:2.3:h:qualcomm:qca6310:-:::::::*
	cpe:2.3:h:qualcomm:qca6320:-:::::::*
	cpe:2.3:h:qualcomm:qca6564a:-:::::::*
	cpe:2.3:h:qualcomm:qca6564au:-:::::::*
	cpe:2.3:h:qualcomm:qca6574:-:::::::*
	cpe:2.3:h:qualcomm:qca6574a:-:::::::*
	cpe:2.3:h:qualcomm:qca6574au:-:::::::*
	cpe:2.3:h:qualcomm:qca6584:-:::::::*
	cpe:2.3:h:qualcomm:qca6584au:-:::::::*
cpe:2.3:h:qualcomm:qca9367:-:::::::*
cpe:2.3:h:qualcomm:qca9377:-:::::::*
cpe:2.3:h:qualcomm:qet4100:-:::::::*
cpe:2.3:h:qualcomm:qet4101:-:::::::*
cpe:2.3:h:qualcomm:qet4200aq:-:::::::*
cpe:2.3:h:qualcomm:qfe1035:-:::::::*
cpe:2.3:h:qualcomm:qfe1040:-:::::::*
cpe:2.3:h:qualcomm:qfe1045:-:::::::*
cpe:2.3:h:qualcomm:qfe2340:-:::::::*
cpe:2.3:h:qualcomm:qfe2550:-:::::::*
cpe:2.3:h:qualcomm:qfe3100:-:::::::*
cpe:2.3:h:qualcomm:qfe3320:-:::::::*
cpe:2.3:h:qualcomm:qfe3335:-:::::::*
cpe:2.3:h:qualcomm:qfe3345:-:::::::*
cpe:2.3:h:qualcomm:qln1021aq:-:::::::*
cpe:2.3:h:qualcomm:qln1030:-:::::::*
cpe:2.3:h:qualcomm:qln1031:-:::::::*
cpe:2.3:h:qualcomm:qln1036aq:-:::::::*
cpe:2.3:h:qualcomm:qpa4340:-:::::::*
cpe:2.3:h:qualcomm:qpa4360:-:::::::*
cpe:2.3:h:qualcomm:qpa5460:-:::::::*
cpe:2.3:h:qualcomm:qsw8573:-:::::::*
cpe:2.3:h:qualcomm:qtc800h:-:::::::*
cpe:2.3:h:qualcomm:qtc800s:-:::::::*
cpe:2.3:h:qualcomm:qtc800t:-:::::::*
cpe:2.3:h:qualcomm:rgr7640au:-:::::::*
cpe:2.3:h:qualcomm:rsw8577:-:::::::*
cpe:2.3:h:qualcomm:sd_636:-:::::::*
cpe:2.3:h:qualcomm:sd205:-:::::::*
cpe:2.3:h:qualcomm:sd210:-:::::::*
cpe:2.3:h:qualcomm:sd660:-:::::::*
cpe:2.3:h:qualcomm:sd820:-:::::::*
cpe:2.3:h:qualcomm:sd821:-:::::::*
cpe:2.3:h:qualcomm:sd835:-:::::::*
cpe:2.3:h:qualcomm:sdm630:-:::::::*
cpe:2.3:h:qualcomm:sdr660:-:::::::*
cpe:2.3:h:qualcomm:sdw2500:-:::::::*
cpe:2.3:h:qualcomm:sdw3100:-:::::::*
cpe:2.3:h:qualcomm:sdx20:-:::::::*
cpe:2.3:h:qualcomm:sdx20m:-:::::::*
cpe:2.3:h:qualcomm:smb1350:-:::::::*
cpe:2.3:h:qualcomm:smb1351:-:::::::*
cpe:2.3:h:qualcomm:smb1357:-:::::::*
cpe:2.3:h:qualcomm:smb1358:-:::::::*
cpe:2.3:h:qualcomm:smb1360:-:::::::*
cpe:2.3:h:qualcomm:smb1380:-:::::::*
cpe:2.3:h:qualcomm:smb231:-:::::::*
cpe:2.3:h:qualcomm:smb358s:-:::::::*
cpe:2.3:h:qualcomm:wcd9306:-:::::::*
cpe:2.3:h:qualcomm:wcd9326:-:::::::*
cpe:2.3:h:qualcomm:wcd9330:-:::::::*
cpe:2.3:h:qualcomm:wcd9335:-:::::::*
cpe:2.3:h:qualcomm:wcd9340:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcn3610:-:::::::*
cpe:2.3:h:qualcomm:wcn3615:-:::::::*
cpe:2.3:h:qualcomm:wcn3620:-:::::::*
cpe:2.3:h:qualcomm:wcn3660b:-:::::::*
cpe:2.3:h:qualcomm:wcn3680b:-:::::::*
cpe:2.3:h:qualcomm:wcn3980:-:::::::*
cpe:2.3:h:qualcomm:wcn3990:-:::::::*
cpe:2.3:h:qualcomm:wgr7640:-:::::::*
cpe:2.3:h:qualcomm:wsa8810:-:::::::*
cpe:2.3:h:qualcomm:wsa8815:-:::::::*
cpe:2.3:h:qualcomm:wtr2955:-:::::::*
cpe:2.3:h:qualcomm:wtr2965:-:::::::*
cpe:2.3:h:qualcomm:wtr3905:-:::::::*
cpe:2.3:h:qualcomm:wtr3925:-:::::::*
cpe:2.3:h:qualcomm:wtr3950:-:::::::*
cpe:2.3:h:qualcomm:wtr4905:-:::::::*
cpe:2.3:h:qualcomm:wtr5975:-:::::::*

History

No history.

Information

Published : 2021-02-22 07:15

Updated : 2021-07-21 11:39

NVD link : CVE-2020-11286

Mitre link : CVE-2020-11286

CVE.ORG link : CVE-2020-11286

JSON object : View

Products Affected

qualcomm

qca6574au
pm8916
apq8009w
wtr2955
sd205
qet4200aq
qpa4340
pmi8998
sd820
wcn3620
sdw2500
qfe2550
sdm630
pmm8996au
qca9367
wcd9335
qca6320
qtc800t
apq8096au
qfe1045
qca6584au
sdw3100
qfe1040
qln1036aq
smb1358
mdm9630
qfe1035
pm660
mdm9655
smb1380
pmx20
ar8151
pmd9607
qln1031
wgr7640
pmd9655
qca6564a
qfe2340
pm8996
mdm9250
qln1021aq
sdr660
rgr7640au
apq8064au
qat3550
pmi8952
msm8996au
qat3514
sdx20
mdm9626
smb231
qsw8573
wcn3980
qpa5460
smb358s
qca6174a
qbt1500
pm8998
wtr3905
qet4100
qca6564au
qca6584
qbt1000
mdm9628
mdm9607
pmi8996
sdx20m
msm8937
wtr4905
mdm9650
qat3522
qca6574a
qfe3100
sd835
apq8053
qln1030
pm660a
sd210
wtr2965
pm8956
pmd9635
wtr3925
pm8004
wcn3615
wcn3610
wtr5975
sd821
pm8952
wcd9340
wcd9330
pmi8994
wsa8810
qfe3320
pm8005
wtr3950
qtc800h
csr6030
mdm9230
qca6574
wsa8815
mdm9206
qca6174
wcd9326
qfe3345
sd660
qet4101
sd_636
pm660l
wcd9341
pmd9645
qtc800s
qpa4360
smb1350
pm8937
wcn3680b
wcn3990
pmk8001
mdm9640
apq8009
wcd9306
smb1360
smb1351
apq8076
msm8909w
qca6310
pmi8937
pm8909
rsw8577
wcn3660b
qfe3335
qca9377
pm8953
apq8017
mdm9330
smb1357

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

6.8 /10