1. Home
  2. CVE Database
  3. CVE-2020-11277
HIGH · 7.4

CVE-2020-11277

Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile

Vulnerability Description

Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile

CVSS Score

7.4

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QualcommPm3003A Firmware-
QualcommPm3003A-
QualcommPm4250 Firmware-
QualcommPm4250-
QualcommPm6125 Firmware-
QualcommPm6125-
QualcommPm6150A Firmware-
QualcommPm6150A-
QualcommPm6150L Firmware-
QualcommPm6150L-
QualcommPm6350 Firmware-
QualcommPm6350-
QualcommPm7150A Firmware-
QualcommPm7150A-
QualcommPm7150L Firmware-
QualcommPm7150L-
QualcommPm7250 Firmware-
QualcommPm7250-
QualcommPm7250B Firmware-
QualcommPm7250B-

Related Weaknesses (CWE)

CWE-362CWE-416

References

FAQ

What is CVE-2020-11277?

CVE-2020-11277 is a vulnerability with a CVSS score of 7.4 (HIGH). Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile

How severe is CVE-2020-11277?

CVE-2020-11277 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-11277?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Pm3003A Firmware, Qualcomm Pm3003A, Qualcomm Pm4250 Firmware, Qualcomm Pm4250, Qualcomm Pm6125 Firmware.