FKIE_CVE-2020-11169
Vulnerability from fkie_nvd - Published: 2020-11-02 07:15 - Updated: 2024-11-21 04:57
Severity ?
Summary
u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| qualcomm | apq8009_firmware | - | |
| qualcomm | apq8009 | - | |
| qualcomm | apq8053_firmware | - | |
| qualcomm | apq8053 | - | |
| qualcomm | qca6390_firmware | - | |
| qualcomm | qca6390 | - | |
| qualcomm | qcn7605_firmware | - | |
| qualcomm | qcn7605 | - | |
| qualcomm | qcn7606_firmware | - | |
| qualcomm | qcn7606 | - | |
| qualcomm | sa415m_firmware | - | |
| qualcomm | sa415m | - | |
| qualcomm | sa515m_firmware | - | |
| qualcomm | sa515m | - | |
| qualcomm | sa6155p_firmware | - | |
| qualcomm | sa6155p | - | |
| qualcomm | sa8155p_firmware | - | |
| qualcomm | sa8155p | - | |
| qualcomm | sc8180x_firmware | - | |
| qualcomm | sc8180x | - | |
| qualcomm | sdx55_firmware | - | |
| qualcomm | sdx55 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C61BF93F-53DF-4399-AF41-45CEC1E0A2B8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC498E0-B82B-4A53-8F55-6C1DA58AFA88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B052615D-857A-46D4-9098-1CBFA14687C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*",
"matchCriteriaId": "19B59B60-A298-4A56-A45A-E34B7AAB43D7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96FBD6DF-F174-4690-AA3D-1E8974E3627F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3BF86E1-3FAC-4A42-8C01-5944C6C30AE5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C9D1966-30F0-414D-BE75-0A14B12A1457",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CD28C87D-1D28-4C84-BFE4-56EE3BF2C6B0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:qcn7606_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F466A5BD-1912-4811-9A93-81555F101D46",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:qcn7606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92914E-16F6-4A25-9FEF-FB7CB3377132",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4387DBE-67F7-4E95-A2B0-828211EBDC22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sa415m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC798E06-0A2E-4DAD-81D1-9B2FAE6327C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "02A2DB6A-7137-4D3D-9D6E-B9B0D0376758",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sa515m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE4F498-4C58-4DCC-B7D8-1B461177D083",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DC40C14-3B2D-4E00-9E0F-86E6BDBF2D81",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0514D433-162C-4680-8912-721D19BE6201",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8648B38-2597-401A-8F53-D582FA911569",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A01CD59B-8F21-4CD6-8A1A-7B37547A8715",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "30A45C1A-C921-42B5-9237-367245023B45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56C9D979-F214-4CD4-8CF9-43BC804BB179",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E93FB34B-3674-404D-9687-E092E9A246AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3FF5A9A-A34A-499C-B6E0-D67B496C5454",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "u\u0027Buffer over-read while processing received L2CAP packet due to lack of integer overflow check\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55"
},
{
"lang": "es",
"value": "Una lectura excesiva del b\u00fafer mientras se procesa el paquete L2CAP recibido debido a una falta de comprobaci\u00f3n de desbordamiento de enteros en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026amp; Music, Snapdragon Wired Infrastructure and Networking en versiones APQ8009, APQ8053, QCA6390, QCN7605, QCN7606, SA415M, SA515M, SA6155P, SA8155P, SC8180X, SDX55"
}
],
"id": "CVE-2020-11169",
"lastModified": "2024-11-21T04:57:01.080",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-02T07:15:13.997",
"references": [
{
"source": "product-security@qualcomm.com",
"tags": [
"Broken Link"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin"
}
],
"sourceIdentifier": "product-security@qualcomm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…