1. Home
  2. CVE Database
  3. CVE-2020-11294
MEDIUM · 5.9

CVE-2020-11294

Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon ...

Vulnerability Description

Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
QualcommAr8035 Firmware-
QualcommAr8035-
QualcommPm215 Firmware-
QualcommPm215-
QualcommPm3003A Firmware-
QualcommPm3003A-
QualcommPm6125 Firmware-
QualcommPm6125-
QualcommPm6150 Firmware-
QualcommPm6150-
QualcommPm6150A Firmware-
QualcommPm6150A-
QualcommPm6150L Firmware-
QualcommPm6150L-
QualcommPm6350 Firmware-
QualcommPm6350-
QualcommPm640A Firmware-
QualcommPm640A-
QualcommPm640L Firmware-
QualcommPm640L-

Related Weaknesses (CWE)

CWE-129

References

FAQ

What is CVE-2020-11294?

CVE-2020-11294 is a vulnerability with a CVSS score of 5.9 (MEDIUM). Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon ...

How severe is CVE-2020-11294?

CVE-2020-11294 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-11294?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Ar8035 Firmware, Qualcomm Ar8035, Qualcomm Pm215 Firmware, Qualcomm Pm215, Qualcomm Pm3003A Firmware.