Vulnerability Description
Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Aqt1000 | - |
| Qualcomm | Pm3003A | - |
| Qualcomm | Pm6150 | - |
| Qualcomm | Pm7150A | - |
| Qualcomm | Pm7150L | - |
| Qualcomm | Pm7250 | - |
| Qualcomm | Pm7250B | - |
| Qualcomm | Pm8004 | - |
| Qualcomm | Pm8008 | - |
| Qualcomm | Pm8009 | - |
| Qualcomm | Pm8150 | - |
| Qualcomm | Pm8150A | - |
| Qualcomm | Pm8150B | - |
| Qualcomm | Pm8150C | - |
| Qualcomm | Pm8150L | - |
| Qualcomm | Pm8250 | - |
| Qualcomm | Pm855 | - |
| Qualcomm | Pm855B | - |
| Qualcomm | Pm855L | - |
| Qualcomm | Pm855P | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletBroken Link
- https://www.qualcomm.com/company/product-security/bulletins/december-2020-securiVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletBroken Link
FAQ
What is CVE-2020-11180?
CVE-2020-11180 is a vulnerability with a CVSS score of 7.8 (HIGH). Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IO...
How severe is CVE-2020-11180?
CVE-2020-11180 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11180?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Aqt1000, Qualcomm Pm3003A, Qualcomm Pm6150, Qualcomm Pm7150A, Qualcomm Pm7150L.