ID

VAR-202106-0149


CVE

CVE-2020-11233


TITLE

plural  Qualcomm  In the product  Time-of-check Time-of-use (TOCTOU)  Race condition vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-007698

DESCRIPTION

Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. plural Qualcomm The product has Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-11233 // JVNDB: JVNDB-2021-007698

AFFECTED PRODUCTS

vendor:qualcommmodel:qfe1045scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pmd9635scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pmd9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:smb358sscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qsw8573scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qfe1040scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9367scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8810scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qln1021aqscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:smb1358scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:smb231scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qfe3335scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:smb1360scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3680bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3615scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8053scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qfe3320scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:smb1350scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9335scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pmd9645scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wsa8815scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wtr2955scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcc1110scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pm439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qet4200aqscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:rgr7640auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3620scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pm8953scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9230scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qfe1035scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pm8996scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wtr5975scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9628scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9377scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qfe2340scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdw2500scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qtc801sscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9326scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pm8916scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:smb1357scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pmi8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pm8937scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qln1036aqscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3680scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wtr2965scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pm8952scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pm8956scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pmk8001scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qet4100scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:smb1355scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pmi632scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3660bscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:csr6030scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd439scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qfe3100scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9330scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pmi8994scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6564auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pm8004scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcn3610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd820scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9330scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca4020scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wtr3905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6574auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wcd9306scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pmm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qualcomm215scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:smb1351scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wgr7640scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wtr4905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6584scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9655scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8076scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdw3100scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qet4101scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca6174ascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8017scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pmx20scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qca9379scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcc112scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pmd9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qln1031scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pmi8952scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:pmi8996scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:wtr3925scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9626scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qfe3345scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qfe2550scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qln1030scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:mdm9250scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8009scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8076scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8053scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:csr6030scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8017scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8009wscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9230scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8096auscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-007698 // NVD: CVE-2020-11233

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-11233
value: HIGH

Trust: 1.0

NVD: CVE-2020-11233
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202101-069
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-11233
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-11233
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.0
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-11233
baseSeverity: HIGH
baseScore: 7.0
vectorString: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-007698 // CNNVD: CNNVD-202101-069 // NVD: CVE-2020-11233

PROBLEMTYPE DATA

problemtype:CWE-367

Trust: 1.0

problemtype:Time-of-check Time-of-use (TOCTOU) Race condition (CWE-367) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-007698 // NVD: CVE-2020-11233

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202101-069

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202101-069

PATCH

title:January 2021 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

Trust: 0.8

title:Qualcomm Automotive Telematics Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=138332

Trust: 0.6

sources: JVNDB: JVNDB-2021-007698 // CNNVD: CNNVD-202101-069

EXTERNAL IDS

db:NVDid:CVE-2020-11233

Trust: 3.2

db:JVNDBid:JVNDB-2021-007698

Trust: 0.8

db:CNNVDid:CNNVD-202101-069

Trust: 0.6

sources: JVNDB: JVNDB-2021-007698 // CNNVD: CNNVD-202101-069 // NVD: CVE-2020-11233

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-11233

Trust: 0.8

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-january-2021-34240

Trust: 0.6

sources: JVNDB: JVNDB-2021-007698 // CNNVD: CNNVD-202101-069 // NVD: CVE-2020-11233

SOURCES

db:JVNDBid:JVNDB-2021-007698
db:CNNVDid:CNNVD-202101-069
db:NVDid:CVE-2020-11233

LAST UPDATE DATE

2024-08-14T13:43:32.519000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2021-007698date:2022-02-21T08:17:00
db:CNNVDid:CNNVD-202101-069date:2021-08-12T00:00:00
db:NVDid:CVE-2020-11233date:2021-06-11T17:04:23.877

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2021-007698date:2022-02-21T00:00:00
db:CNNVDid:CNNVD-202101-069date:2021-01-04T00:00:00
db:NVDid:CVE-2020-11233date:2021-06-09T05:15:07.280