Sign-up

ID

VAR-202011-0216


CVE

CVE-2020-11174


TITLE

plural  Qualcomm  Product index validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012922

DESCRIPTION

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8953, MSM8996AU, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM8150, SM8250, SXR1130, SXR2130. plural Qualcomm The product contains a vulnerability in array index validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. The Qualcomm chip is a chip of Qualcomm (Qualcomm). A way to miniaturize circuits (mainly including semiconductor equipment, but also passive components, etc.) and often manufactured on the surface of semiconductor wafers. A number of Qualcomm products have an input validation error vulnerability, which stems from improper check of the channel id before using the array index in the adsp driver

Trust: 2.25

sources: NVD: CVE-2020-11174 // JVNDB: JVNDB-2020-012922 // CNNVD: CNNVD-202010-309 // VULMON: CVE-2020-11174

AFFECTED PRODUCTS

vendor:qualcommmodel:msm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sc8180xscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq6018scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:kamortascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa8155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:agattiscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq4019scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8074scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs404scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9531scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa515mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcm2150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:saipanscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa415mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm429wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6390scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq8064scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:bitrascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:ipq5018scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:bitrascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8017scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:agattiscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8009scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq5018scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8053scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq6018scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:ipq4019scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8098scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-012922 // NVD: CVE-2020-11174

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11174
value: HIGH

Trust: 1.0

NVD: CVE-2020-11174
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202010-309
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-11174
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-11174
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-11174
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-012922 // CNNVD: CNNVD-202010-309 // NVD: CVE-2020-11174

PROBLEMTYPE DATA

problemtype:CWE-129

Trust: 1.0

problemtype:Improper validation of array indexes (CWE-129) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-012922 // NVD: CVE-2020-11174

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-309

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202010-309

PATCH

title:October 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Trust: 0.8

title:Google Android Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129910

Trust: 0.6

title:Threatposturl:https://threatpost.com/google-android-system-flaws/159948/

Trust: 0.1

sources: VULMON: CVE-2020-11174 // JVNDB: JVNDB-2020-012922 // CNNVD: CNNVD-202010-309

EXTERNAL IDS

db:NVDid:CVE-2020-11174

Trust: 2.5

db:JVNDBid:JVNDB-2020-012922

Trust: 0.8

db:AUSCERTid:ESB-2020.3453

Trust: 0.6

db:CNNVDid:CNNVD-202010-309

Trust: 0.6

db:VULMONid:CVE-2020-11174

Trust: 0.1

sources: VULMON: CVE-2020-11174 // JVNDB: JVNDB-2020-012922 // CNNVD: CNNVD-202010-309 // NVD: CVE-2020-11174

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Trust: 1.7

url:https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-11174

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.3453/

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-october-2020-33491

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

url:https://threatpost.com/google-android-system-flaws/159948/

Trust: 0.1

sources: VULMON: CVE-2020-11174 // JVNDB: JVNDB-2020-012922 // CNNVD: CNNVD-202010-309 // NVD: CVE-2020-11174

SOURCES

db:VULMONid:CVE-2020-11174
db:JVNDBid:JVNDB-2020-012922
db:CNNVDid:CNNVD-202010-309
db:NVDid:CVE-2020-11174

LAST UPDATE DATE

2024-11-23T20:02:07.139000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-11174date:2020-11-06T00:00:00
db:JVNDBid:JVNDB-2020-012922date:2021-06-15T03:03:00
db:CNNVDid:CNNVD-202010-309date:2021-08-16T00:00:00
db:NVDid:CVE-2020-11174date:2024-11-21T04:57:03.540

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-11174date:2020-11-02T00:00:00
db:JVNDBid:JVNDB-2020-012922date:2021-06-15T00:00:00
db:CNNVDid:CNNVD-202010-309date:2020-10-06T00:00:00
db:NVDid:CVE-2020-11174date:2020-11-02T07:15:14.233