CVE-2020-11254 — MEDIUM (6.2)

Vulnerability Description

Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

CVSS Score

6.2

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qualcomm	Pm6150A	-
Qualcomm	Pm6150L	-
Qualcomm	Pm6350	-
Qualcomm	Pm660	-
Qualcomm	Pm660L	-
Qualcomm	Pm7250B	-
Qualcomm	Pm8008	-
Qualcomm	Pm8009	-
Qualcomm	Pm8350	-
Qualcomm	Pm8350B	-
Qualcomm	Pm8350Bh	-
Qualcomm	Pm8350C	-
Qualcomm	Pmk8003	-
Qualcomm	Pmk8350	-
Qualcomm	Pmm6155Au	-
Qualcomm	Pmm8155Au	-
Qualcomm	Pmm8195Au	-
Qualcomm	Pmr735A	-
Qualcomm	Pmr735B	-
Qualcomm	Qat3516	-

Related Weaknesses (CWE)

CWE-476

References

https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletinPatchVendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletinPatchVendor Advisory

FAQ

What is CVE-2020-11254?

CVE-2020-11254 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mob...

How severe is CVE-2020-11254?

CVE-2020-11254 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-11254?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Pm6150A, Qualcomm Pm6150L, Qualcomm Pm6350, Qualcomm Pm660, Qualcomm Pm660L.