CVE-2020-11151 — MEDIUM (6.4)

Vulnerability Description

Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qualcomm	Pm3003A	-
Qualcomm	Pm6125	-
Qualcomm	Pm6150	-
Qualcomm	Pm6150A	-
Qualcomm	Pm6150L	-
Qualcomm	Pm6350	-
Qualcomm	Pm640A	-
Qualcomm	Pm640L	-
Qualcomm	Pm640P	-
Qualcomm	Pm7150A	-
Qualcomm	Pm7150L	-
Qualcomm	Pm7250	-
Qualcomm	Pm7250B	-
Qualcomm	Pm8008	-
Qualcomm	Pm8009	-
Qualcomm	Pm8150A	-
Qualcomm	Pm8150B	-
Qualcomm	Pm8150C	-
Qualcomm	Pm8150L	-
Qualcomm	Pm8250	-

Related Weaknesses (CWE)

CWE-362 CWE-416

References

https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletBroken Link
https://www.qualcomm.com/company/product-security/bulletins/december-2020-securiPatchVendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletBroken Link

FAQ

What is CVE-2020-11151?

CVE-2020-11151 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon...

How severe is CVE-2020-11151?

CVE-2020-11151 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-11151?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Pm3003A, Qualcomm Pm6125, Qualcomm Pm6150, Qualcomm Pm6150A, Qualcomm Pm6150L.