ID
VAR-202011-0210
CVE
CVE-2020-11162
TITLE
plural Qualcomm Classic buffer overflow vulnerability in the product
Trust: 0.8
DESCRIPTION
u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCA6390, QCM2150, QCS404, QCS405, QCS605, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130. plural Qualcomm The product contains a classic buffer overflow vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | msm8953 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sc8180x | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8917 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm429 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | ipq6018 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs405 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | kamorta | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sa8155p | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | agatti | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sm8250 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qrb5165 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm450 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm710 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | ipq4019 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sxr2130 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | ipq8074 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm845 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs404 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sa515m | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcm2150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sm8150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx55 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | saipan | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sm7150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8009 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qcs605 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sm6150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sa415m | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm632 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm429w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca6390 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | ipq8064 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | bitra | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sa6155p | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qm215 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | nicobar | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | ipq5018 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | rennell | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | クアルコム | model: | bitra | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | agatti | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | apq8009 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | ipq5018 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | ipq6018 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | ipq4019 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | ipq8064 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | ipq8074 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | クアルコム | model: | kamorta | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-120 | Trust: 1.0 |
| problemtype: | Classic buffer overflow (CWE-120) [NVD Evaluation ] | Trust: 0.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
other
Trust: 0.6
PATCH
| title: | October 2020 Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin | Trust: 0.8 |
| title: | Google Android Security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129909 | Trust: 0.6 |
| title: | Threatpost | url: | https://threatpost.com/google-android-system-flaws/159948/ | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-11162 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2020-012937 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2020.3453 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202010-308 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2020-11162 | Trust: 0.1 |
REFERENCES
| url: | https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin | Trust: 1.7 |
| url: | https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-11162 | Trust: 1.4 |
| url: | https://www.auscert.org.au/bulletins/esb-2020.3453/ | Trust: 0.6 |
| url: | https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-october-2020-33491 | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://threatpost.com/google-android-system-flaws/159948/ | Trust: 0.1 |
SOURCES
| db: | VULMON | id: | CVE-2020-11162 |
| db: | JVNDB | id: | JVNDB-2020-012937 |
| db: | CNNVD | id: | CNNVD-202010-308 |
| db: | NVD | id: | CVE-2020-11162 |
LAST UPDATE DATE
2024-11-23T21:06:36.824000+00:00
SOURCES UPDATE DATE
| db: | VULMON | id: | CVE-2020-11162 | date: | 2020-11-09T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-012937 | date: | 2021-06-15T06:01:00 |
| db: | CNNVD | id: | CNNVD-202010-308 | date: | 2021-08-16T00:00:00 |
| db: | NVD | id: | CVE-2020-11162 | date: | 2024-11-21T04:56:59.210 |
SOURCES RELEASE DATE
| db: | VULMON | id: | CVE-2020-11162 | date: | 2020-11-02T00:00:00 |
| db: | JVNDB | id: | JVNDB-2020-012937 | date: | 2021-06-15T00:00:00 |
| db: | CNNVD | id: | CNNVD-202010-308 | date: | 2020-10-06T00:00:00 |
| db: | NVD | id: | CVE-2020-11162 | date: | 2020-11-02T07:15:13.873 |