Search criteria
5 vulnerabilities found for msm8974 by qualcomm
VAR-201702-0012
Vulnerability from variot - Updated: 2023-12-18 13:08Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value. Samsumgandroidphone is a series of mobile phones based on the Android platform developed by South Korea's Samsung. There is a memory corruption vulnerability in the smsm_sensor_config' function in the v4l-subdev driver of samsumgandroidphone. This vulnerability is caused by the failure to perform boundary checking when the program writes gpio_config.gpio_name as an index to the buffer. An attacker could exploit this vulnerability to cause memory corruption. Samsung is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0012",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mobile",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": "4.4"
},
{
"model": "mobile",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": "5.0"
},
{
"model": "mobile",
"scope": "eq",
"trust": 1.6,
"vendor": "samsung",
"version": "5.1"
},
{
"model": "apq8084",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "msm8974",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "msm8974pro",
"scope": null,
"trust": 0.8,
"vendor": "qualcomm",
"version": null
},
{
"model": "mobile",
"scope": null,
"trust": 0.8,
"vendor": "samsung",
"version": null
},
{
"model": "samsumg android phone",
"scope": null,
"trust": 0.6,
"vendor": "samsung",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02627"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007853"
},
{
"db": "NVD",
"id": "CVE-2016-4038"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-370"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:samsung:samsung_mobile:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:samsung:msm8974:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:apq8084:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:msm8974pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4038"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Berry Cheng.",
"sources": [
{
"db": "BID",
"id": "86366"
}
],
"trust": 0.3
},
"cve": "CVE-2016-4038",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-4038",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-02627",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-4038",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4038",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-02627",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-370",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02627"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007853"
},
{
"db": "NVD",
"id": "CVE-2016-4038"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-370"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value. Samsumgandroidphone is a series of mobile phones based on the Android platform developed by South Korea\u0027s Samsung. There is a memory corruption vulnerability in the smsm_sensor_config\u0027 function in the v4l-subdev driver of samsumgandroidphone. This vulnerability is caused by the failure to perform boundary checking when the program writes gpio_config.gpio_name as an index to the buffer. An attacker could exploit this vulnerability to cause memory corruption. Samsung is prone to a remote memory-corruption vulnerability. \nAttackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4038"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007853"
},
{
"db": "CNVD",
"id": "CNVD-2016-02627"
},
{
"db": "BID",
"id": "86366"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4038",
"trust": 3.3
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2016/04/18/8",
"trust": 3.0
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2016/04/17/2",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007853",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-02627",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201604-370",
"trust": 0.6
},
{
"db": "BID",
"id": "86366",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02627"
},
{
"db": "BID",
"id": "86366"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007853"
},
{
"db": "NVD",
"id": "CVE-2016-4038"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-370"
}
]
},
"id": "VAR-201702-0012",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02627"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02627"
}
]
},
"last_update_date": "2023-12-18T13:08:59.349000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SVE-2015-4958: msm_sensor_config security issues",
"trust": 0.8,
"url": "http://security.samsungmobile.com/smrupdate.html#smr-jan-2016"
},
{
"title": "Samsumgandroidphonev4l-subdev driver memory corruption vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74785"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02627"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007853"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007853"
},
{
"db": "NVD",
"id": "CVE-2016-4038"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.openwall.com/lists/oss-security/2016/04/18/8"
},
{
"trust": 1.6,
"url": "http://security.samsungmobile.com/smrupdate.html#smr-jan-2016"
},
{
"trust": 1.6,
"url": "http://www.openwall.com/lists/oss-security/2016/04/17/2"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4038"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4038"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02627"
},
{
"db": "BID",
"id": "86366"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007853"
},
{
"db": "NVD",
"id": "CVE-2016-4038"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-370"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-02627"
},
{
"db": "BID",
"id": "86366"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-007853"
},
{
"db": "NVD",
"id": "CVE-2016-4038"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-370"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02627"
},
{
"date": "2016-04-17T00:00:00",
"db": "BID",
"id": "86366"
},
{
"date": "2017-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007853"
},
{
"date": "2017-02-01T15:59:00.223000",
"db": "NVD",
"id": "CVE-2016-4038"
},
{
"date": "2016-04-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-370"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02627"
},
{
"date": "2016-04-17T00:00:00",
"db": "BID",
"id": "86366"
},
{
"date": "2017-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-007853"
},
{
"date": "2017-03-04T23:06:33.777000",
"db": "NVD",
"id": "CVE-2016-4038"
},
{
"date": "2017-02-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-370"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-370"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "With certain Qualcomm chipsets Android Equipped with Samsung Device vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-007853"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-370"
}
],
"trust": 0.6
}
}
VAR-201804-0075
Vulnerability from variot - Updated: 2023-12-18 12:02In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8974, lack of length checking in OEMCrypto_DeriveKeysFromSessionKey() could lead to a buffer overflow vulnerability. Qualcomm Snapdragon Mobile MSM8974 Run on Android Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MSM8974 is a central processing unit (CPU) product of Qualcomm (Qualcomm). There is a buffer overflow vulnerability in Qualcomm closed-source components in Android versions before 2018-04-05. The vulnerability is caused by the lack of length detection in the 'OEMCrypto_DeriveKeysFromSessionKey()' function. A remote attacker could exploit this vulnerability to execute arbitrary code on the system by sending a specially crafted request. The following product (used in mobile devices) is affected: Qualcomm MSM8974
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "msm8974",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": null
},
{
"model": "msm8974",
"scope": "eq",
"trust": 0.8,
"vendor": "qualcomm",
"version": "firmware"
},
{
"model": "pixel xl",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "pixel c",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "pixel xl",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20"
},
{
"model": "pixel",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "20"
},
{
"model": "pixel",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "9"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7"
},
{
"model": "nexus 6p",
"scope": null,
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5x"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4"
},
{
"model": "nexus",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "10"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "103671"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003863"
},
{
"db": "NVD",
"id": "CVE-2015-9179"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-974"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:qualcomm:msm8974_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:qualcomm:msm8974:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9179"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "103671"
}
],
"trust": 0.3
},
"cve": "CVE-2015-9179",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-9179",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-87140",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-9179",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-9179",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201804-974",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-87140",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-9179",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87140"
},
{
"db": "VULMON",
"id": "CVE-2015-9179"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003863"
},
{
"db": "NVD",
"id": "CVE-2015-9179"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-974"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8974, lack of length checking in OEMCrypto_DeriveKeysFromSessionKey() could lead to a buffer overflow vulnerability. Qualcomm Snapdragon Mobile MSM8974 Run on Android Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. \nLittle is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm MSM8974 is a central processing unit (CPU) product of Qualcomm (Qualcomm). There is a buffer overflow vulnerability in Qualcomm closed-source components in Android versions before 2018-04-05. The vulnerability is caused by the lack of length detection in the \u0027OEMCrypto_DeriveKeysFromSessionKey()\u0027 function. A remote attacker could exploit this vulnerability to execute arbitrary code on the system by sending a specially crafted request. The following product (used in mobile devices) is affected: Qualcomm MSM8974",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-9179"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003863"
},
{
"db": "BID",
"id": "103671"
},
{
"db": "VULHUB",
"id": "VHN-87140"
},
{
"db": "VULMON",
"id": "CVE-2015-9179"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-9179",
"trust": 2.9
},
{
"db": "BID",
"id": "103671",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003863",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201804-974",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-87140",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-9179",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87140"
},
{
"db": "VULMON",
"id": "CVE-2015-9179"
},
{
"db": "BID",
"id": "103671"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003863"
},
{
"db": "NVD",
"id": "CVE-2015-9179"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-974"
}
]
},
"id": "VAR-201804-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-87140"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:02:13.183000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Android \u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306b\u95a2\u3059\u308b\u516c\u958b\u60c5\u5831 - 2018 \u5e74 4 \u6708",
"trust": 0.8,
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"title": "Android Qualcomm Fixes for closed source component buffer error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80330"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014April 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=068d787c35ce8cea494780f9a47b5827"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-9179"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003863"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-974"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87140"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003863"
},
{
"db": "NVD",
"id": "CVE-2015-9179"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/103671"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9179"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-9179"
},
{
"trust": 0.3,
"url": "http://code.google.com/android/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://source.android.com/security/bulletin/2018-04-01.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-87140"
},
{
"db": "VULMON",
"id": "CVE-2015-9179"
},
{
"db": "BID",
"id": "103671"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003863"
},
{
"db": "NVD",
"id": "CVE-2015-9179"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-974"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-87140"
},
{
"db": "VULMON",
"id": "CVE-2015-9179"
},
{
"db": "BID",
"id": "103671"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003863"
},
{
"db": "NVD",
"id": "CVE-2015-9179"
},
{
"db": "CNNVD",
"id": "CNNVD-201804-974"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-18T00:00:00",
"db": "VULHUB",
"id": "VHN-87140"
},
{
"date": "2018-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9179"
},
{
"date": "2018-04-05T00:00:00",
"db": "BID",
"id": "103671"
},
{
"date": "2018-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003863"
},
{
"date": "2018-04-18T14:29:06.777000",
"db": "NVD",
"id": "CVE-2015-9179"
},
{
"date": "2018-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-974"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-09T00:00:00",
"db": "VULHUB",
"id": "VHN-87140"
},
{
"date": "2018-05-09T00:00:00",
"db": "VULMON",
"id": "CVE-2015-9179"
},
{
"date": "2018-04-05T00:00:00",
"db": "BID",
"id": "103671"
},
{
"date": "2018-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003863"
},
{
"date": "2018-05-09T15:26:52.013000",
"db": "NVD",
"id": "CVE-2015-9179"
},
{
"date": "2018-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201804-974"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-974"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Qualcomm Snapdragon Mobile MSM8974 Run on Android Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003863"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201804-974"
}
],
"trust": 0.6
}
}
FKIE_CVE-2020-11268
Vulnerability from fkie_nvd - Published: 2021-05-07 09:15 - Updated: 2024-11-21 04:57
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC498E0-B82B-4A53-8F55-6C1DA58AFA88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:apq8016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6E79D48-F105-4D64-8C8F-88FE0345F5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:apq8074:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51221D96-CF0A-431B-AFEE-E08D8A5BF943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:apq8084:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBC2E532-1298-4B43-9EF8-AE37E1338EED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:apq8094:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20239319-ACA6-4249-815D-C10D5E39A16A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:ar6003:-:*:*:*:*:*:*:*",
"matchCriteriaId": "140FD423-FAC4-4D2D-BCFF-511E0AE8CE95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:mdm8215:-:*:*:*:*:*:*:*",
"matchCriteriaId": "53F4B19E-78D9-4721-BF1E-C0330888EE75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:mdm8215m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1E79B5-B3B1-4184-8774-A83629129190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:mdm8615m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3CB673-B24C-4594-893B-C582E94AB2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:mdm9215:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF064C7D-4BB8-419E-A9A2-DD75CD31FE62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:mdm9235m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2306EA19-4EF3-40C1-ADF7-F7137A732C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:mdm9310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF11BFFD-C16A-4999-9497-6D89B8F9A9D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:mdm9609:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE9F2427-BCDB-45C9-AECE-6DFE5A3C3AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:mdm9615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DF4D4E-CDAA-42BB-802E-2722E7F3DBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:mdm9615m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA5E4BD0-32E1-422E-A841-969FA8D5AC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB323C15-2018-4CB8-858E-56F088B03FBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "716B747E-672C-4B95-9D8E-1262338E67EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F8F856B-70D7-4A1A-8257-90AAAE62CD6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:msm8108:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57963412-14B9-4C0D-AA0D-6928445DB808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:msm8208:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF54A14-FDCD-445F-9F51-4AAAA17C392D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:msm8209:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FBCA5AB-07E4-404E-A278-28F6004D2126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:msm8216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD07E12-75FA-40DD-8200-75BF926378C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:msm8274:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D78BAD27-17D6-4072-BCC2-176F7F037076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:msm8608:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDED3AA7-576C-4437-A466-D627698F4242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:msm8674:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EDAF8F0-1A78-4C23-A3A7-4188C264130A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:msm8916:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17B34A04-C686-4EC5-8B1C-53A7A5C3B19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:msm8929:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5BA466C-EB61-4C03-BF3E-A18448E6326D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:msm8939:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA7A79E-0F04-41E6-8E37-49B2977D92B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:msm8974:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ABA70411-0E39-431C-99C6-F6632C94CCB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:msm8974p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB59C43D-637A-4E04-AB3C-62071388453C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:msm8994:-:*:*:*:*:*:*:*",
"matchCriteriaId": "916FAB3E-67C7-4C97-9717-D1507C33323C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:pm8018:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1E1D946-4EC1-493F-B9AE-0646D86E5483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:pm8841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "068BA3D0-4E7C-435D-9C5D-8015164E81DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:pm8909:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2950D103-C664-44CE-86FC-49A03861441F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:pm8916:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEDA1620-8FFC-4DF4-9CBC-188D21581CF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:pm8941:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9ACA25D6-35BF-460F-8A33-8C0975CAC31D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:pm8994:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12E3B29A-2A7E-466F-B081-E105352B16FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:pmd9635:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4D94C9DD-08B2-44A4-B789-F9B9D51E7F7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:pmd9645:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F95D237E-FF3D-497B-AC48-FBAEFD4481BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:pmi8994:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB63FC0F-DCE3-4F34-8851-3EEBCB52E39B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qca1990:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9136B88F-3C3D-471F-8589-CA0BA4473B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qca6174:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D2AD8F5C-1FEB-45C2-BC8F-123C2BEB0EA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C31FA74C-6659-4457-BC32-257624F43C66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qca6584:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F0C9ED5-27E3-48EC-9A05-862715EE2034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe1035:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA96119-0D78-4670-8B22-AD5AEE2C30B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe1040:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED257DFF-994C-4CD9-96AA-AFE5F15AE929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe1045:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FC09F3-32D6-4FA3-B93F-917B6448B541",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe1100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB1B240-1B14-4C24-8D0A-30C1A76AB687",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe1101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFFE5FE-1217-45A8-97AB-8CFF9681E4B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe1520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "673C190F-A55B-4F25-A8F6-2CB5FB5041AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe1550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6793E84B-9F25-420F-8CD4-50BFD7E0947E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe2101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0862428-695F-4445-AD89-536376E57E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe2310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "192EE890-B7E9-4E06-873A-BD84FBB41B90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe2320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D122C155-690C-4E3D-9725-1073F72AFB36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe2330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFD27B2D-E6B7-4F01-9B07-D64370EC539C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe2340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E73C00-29F6-42C9-9AE0-70B373D9679C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe2520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F58DA0F-88A4-4C88-A1A4-0455584D8BC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe2550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC33174B-9D45-4C82-BDC1-A60B085A4513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe2720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D08FE4FD-59EA-4FBC-A254-99B03E1EC582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe3100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A6D656-2A27-4F9F-A3BD-80ADD4141716",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe3320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD1BAE7-58B8-45E5-9CB7-D337BF4F9597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe3335:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B890E12C-EE5F-4A93-AAED-CF68949243DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe3340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7255B9DD-58B2-4211-B999-558EAE484B39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:qfe3345:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF9AD63-E29A-4719-BF61-FF6AF65AFB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:sd210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E75C7497-A7DC-436B-BACD-71F69D99517D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:smb1360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1D7205-33E9-452B-BECD-F551801071DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wcd9306:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F51C69B9-F0AB-4BF5-A8C2-64FEB7075593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wcd9330:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3D23FE-B3D5-4EC3-8268-98F12181966D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wcn3610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "044A14FB-64F6-4200-AC85-8DC91C31BD16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wcn3620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62B00662-139A-4E36-98FA-D4F7D101D4AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wcn3660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "34D7240B-DCB4-4BF4-94C7-13EBECA62D6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wcn3660a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3CAD26-4EFA-4A37-9776-01CDB173C9ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCD2FE2-11F2-4B2A-9BD7-EB26718139DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wcn3680:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B612B044-C7D1-4662-AB2A-5400E34A3CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE861CE7-B530-4698-A9BC-43A159647BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wfr1620:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4346F2B3-269F-4B14-A305-708847DB2F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wgr7640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA4BC4-C634-4F62-A49E-5AD8F4FD4672",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wtr1605:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0424E316-C8EE-420A-8861-F3E7FE178170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wtr1605l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AD356D66-BCC8-4235-8EA3-934D5D2A7F87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wtr1625:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A547E51D-9A43-4BC5-B11F-E3E5403D779C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wtr1625l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9C4823-EEF4-4D65-84DF-3159093B0745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wtr2605:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD196F3-B527-4493-A46E-F85C2F127A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wtr2955:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5516E6E3-D8DA-4172-A059-503B369E2034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wtr3925:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27666130-DB04-457F-A968-3919FD5314BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wtr4605:-:*:*:*:*:*:*:*",
"matchCriteriaId": "863053C1-5C53-4ABB-B494-F4DC01CFDB11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:qualcomm:wtr4905:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A503AA01-CFD9-42D5-81D6-2F13E5DDA9A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile"
},
{
"lang": "es",
"value": "Un potencial reinicio de UE al decodificar un Sib1 o SIB1 dise\u00f1ado que programa los SIB no compatibles y puede conllevar a una denegaci\u00f3n de servicio en los productos Snapdragon Auto, Snapdragon Mobile"
}
],
"id": "CVE-2020-11268",
"lastModified": "2024-11-21T04:57:34.743",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "product-security@qualcomm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-07T09:15:07.773",
"references": [
{
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
],
"sourceIdentifier": "product-security@qualcomm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-11268 (GCVE-0-2020-11268)
Vulnerability from cvelistv5 – Published: 2021-05-07 09:10 – Updated: 2024-08-04 11:28
VLAI?
Summary
Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile
Severity ?
7.5 (High)
CWE
- Improper Input Validation in LTE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Mobile |
Affected:
APQ8009, APQ8016, APQ8074, APQ8084, APQ8094, AR6003, MDM8215, MDM8215M, MDM8615M, MDM9215, MDM9235M, MDM9310, MDM9609, MDM9615, MDM9615M, MDM9635M, MDM9640, MDM9645, MSM8108, MSM8208, MSM8209, MSM8216, MSM8274, MSM8608, MSM8674, MSM8916, MSM8929, MSM8939, MSM8974, MSM8974P, MSM8994, PM8018, PM8841, PM8909, PM8916, PM8941, PM8994, PMD9635, PMD9645, PMI8994, QCA1990, QCA6174, QCA6174A, QCA6584, QFE1035, QFE1040, QFE1045, QFE1100, QFE1101, QFE1520, QFE1550, QFE2101, QFE2310, QFE2320, QFE2330, QFE2340, QFE2520, QFE2550, QFE2720, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, SD210, SMB1360, WCD9306, WCD9330, WCN3610, WCN3620, WCN3660, WCN3660A, WCN3660B, WCN3680, WCN3680B, WFR1620, WGR7640, WTR1605, WTR1605L, WTR1625, WTR1625L, WTR2605, WTR2955, WTR3925, WTR4605, WTR4905
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Mobile",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009, APQ8016, APQ8074, APQ8084, APQ8094, AR6003, MDM8215, MDM8215M, MDM8615M, MDM9215, MDM9235M, MDM9310, MDM9609, MDM9615, MDM9615M, MDM9635M, MDM9640, MDM9645, MSM8108, MSM8208, MSM8209, MSM8216, MSM8274, MSM8608, MSM8674, MSM8916, MSM8929, MSM8939, MSM8974, MSM8974P, MSM8994, PM8018, PM8841, PM8909, PM8916, PM8941, PM8994, PMD9635, PMD9645, PMI8994, QCA1990, QCA6174, QCA6174A, QCA6584, QFE1035, QFE1040, QFE1045, QFE1100, QFE1101, QFE1520, QFE1550, QFE2101, QFE2310, QFE2320, QFE2330, QFE2340, QFE2520, QFE2550, QFE2720, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, SD210, SMB1360, WCD9306, WCD9330, WCN3610, WCN3620, WCN3660, WCN3660A, WCN3660B, WCN3680, WCN3680B, WFR1620, WGR7640, WTR1605, WTR1605L, WTR1625, WTR1625L, WTR2605, WTR2955, WTR3925, WTR4605, WTR4905"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation in LTE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-07T09:10:31",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8016, APQ8074, APQ8084, APQ8094, AR6003, MDM8215, MDM8215M, MDM8615M, MDM9215, MDM9235M, MDM9310, MDM9609, MDM9615, MDM9615M, MDM9635M, MDM9640, MDM9645, MSM8108, MSM8208, MSM8209, MSM8216, MSM8274, MSM8608, MSM8674, MSM8916, MSM8929, MSM8939, MSM8974, MSM8974P, MSM8994, PM8018, PM8841, PM8909, PM8916, PM8941, PM8994, PMD9635, PMD9645, PMI8994, QCA1990, QCA6174, QCA6174A, QCA6584, QFE1035, QFE1040, QFE1045, QFE1100, QFE1101, QFE1520, QFE1550, QFE2101, QFE2310, QFE2320, QFE2330, QFE2340, QFE2520, QFE2550, QFE2720, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, SD210, SMB1360, WCD9306, WCD9330, WCN3610, WCN3620, WCN3660, WCN3660A, WCN3660B, WCN3680, WCN3680B, WFR1620, WGR7640, WTR1605, WTR1605L, WTR1625, WTR1625L, WTR2605, WTR2955, WTR3925, WTR4605, WTR4905"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile"
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation in LTE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11268",
"datePublished": "2021-05-07T09:10:31",
"dateReserved": "2020-03-31T00:00:00",
"dateUpdated": "2024-08-04T11:28:13.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11268 (GCVE-0-2020-11268)
Vulnerability from nvd – Published: 2021-05-07 09:10 – Updated: 2024-08-04 11:28
VLAI?
Summary
Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile
Severity ?
7.5 (High)
CWE
- Improper Input Validation in LTE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Mobile |
Affected:
APQ8009, APQ8016, APQ8074, APQ8084, APQ8094, AR6003, MDM8215, MDM8215M, MDM8615M, MDM9215, MDM9235M, MDM9310, MDM9609, MDM9615, MDM9615M, MDM9635M, MDM9640, MDM9645, MSM8108, MSM8208, MSM8209, MSM8216, MSM8274, MSM8608, MSM8674, MSM8916, MSM8929, MSM8939, MSM8974, MSM8974P, MSM8994, PM8018, PM8841, PM8909, PM8916, PM8941, PM8994, PMD9635, PMD9645, PMI8994, QCA1990, QCA6174, QCA6174A, QCA6584, QFE1035, QFE1040, QFE1045, QFE1100, QFE1101, QFE1520, QFE1550, QFE2101, QFE2310, QFE2320, QFE2330, QFE2340, QFE2520, QFE2550, QFE2720, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, SD210, SMB1360, WCD9306, WCD9330, WCN3610, WCN3620, WCN3660, WCN3660A, WCN3660B, WCN3680, WCN3680B, WFR1620, WGR7640, WTR1605, WTR1605L, WTR1625, WTR1625L, WTR2605, WTR2955, WTR3925, WTR4605, WTR4905
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:28:13.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Mobile",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8009, APQ8016, APQ8074, APQ8084, APQ8094, AR6003, MDM8215, MDM8215M, MDM8615M, MDM9215, MDM9235M, MDM9310, MDM9609, MDM9615, MDM9615M, MDM9635M, MDM9640, MDM9645, MSM8108, MSM8208, MSM8209, MSM8216, MSM8274, MSM8608, MSM8674, MSM8916, MSM8929, MSM8939, MSM8974, MSM8974P, MSM8994, PM8018, PM8841, PM8909, PM8916, PM8941, PM8994, PMD9635, PMD9645, PMI8994, QCA1990, QCA6174, QCA6174A, QCA6584, QFE1035, QFE1040, QFE1045, QFE1100, QFE1101, QFE1520, QFE1550, QFE2101, QFE2310, QFE2320, QFE2330, QFE2340, QFE2520, QFE2550, QFE2720, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, SD210, SMB1360, WCD9306, WCD9330, WCN3610, WCN3620, WCN3660, WCN3660A, WCN3660B, WCN3680, WCN3680B, WFR1620, WGR7640, WTR1605, WTR1605L, WTR1625, WTR1625L, WTR2605, WTR2955, WTR3925, WTR4605, WTR4905"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Input Validation in LTE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-07T09:10:31",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8016, APQ8074, APQ8084, APQ8094, AR6003, MDM8215, MDM8215M, MDM8615M, MDM9215, MDM9235M, MDM9310, MDM9609, MDM9615, MDM9615M, MDM9635M, MDM9640, MDM9645, MSM8108, MSM8208, MSM8209, MSM8216, MSM8274, MSM8608, MSM8674, MSM8916, MSM8929, MSM8939, MSM8974, MSM8974P, MSM8994, PM8018, PM8841, PM8909, PM8916, PM8941, PM8994, PMD9635, PMD9645, PMI8994, QCA1990, QCA6174, QCA6174A, QCA6584, QFE1035, QFE1040, QFE1045, QFE1100, QFE1101, QFE1520, QFE1550, QFE2101, QFE2310, QFE2320, QFE2330, QFE2340, QFE2520, QFE2550, QFE2720, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, SD210, SMB1360, WCD9306, WCD9330, WCN3610, WCN3620, WCN3660, WCN3660A, WCN3660B, WCN3680, WCN3680B, WFR1620, WGR7640, WTR1605, WTR1605L, WTR1625, WTR1625L, WTR2605, WTR2955, WTR3925, WTR4605, WTR4905"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile"
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation in LTE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11268",
"datePublished": "2021-05-07T09:10:31",
"dateReserved": "2020-03-31T00:00:00",
"dateUpdated": "2024-08-04T11:28:13.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}