Vulnerability Description
Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Apq8017 Firmware | - |
| Qualcomm | Apq8017 | - |
| Qualcomm | Aqt1000 Firmware | - |
| Qualcomm | Aqt1000 | - |
| Qualcomm | Ar8035 Firmware | - |
| Qualcomm | Ar8035 | - |
| Qualcomm | Csrb31024 Firmware | - |
| Qualcomm | Csrb31024 | - |
| Qualcomm | Msm8917 Firmware | - |
| Qualcomm | Msm8917 | - |
| Qualcomm | Pm215 Firmware | - |
| Qualcomm | Pm215 | - |
| Qualcomm | Pm3003A Firmware | - |
| Qualcomm | Pm3003A | - |
| Qualcomm | Pm4125 Firmware | - |
| Qualcomm | Pm4125 | - |
| Qualcomm | Pm4250 Firmware | - |
| Qualcomm | Pm4250 | - |
| Qualcomm | Pm439 Firmware | - |
| Qualcomm | Pm439 | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletVendor Advisory
FAQ
What is CVE-2020-11163?
CVE-2020-11163 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdrago...
How severe is CVE-2020-11163?
CVE-2020-11163 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-11163?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Apq8017 Firmware, Qualcomm Apq8017, Qualcomm Aqt1000 Firmware, Qualcomm Aqt1000, Qualcomm Ar8035 Firmware.