CVE-2020-11120

HIGH

Snapdragon Auto Snapdragon Compute Snapdragon Consumer IOT Snapdrag...

Title source: llm

Description

u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will lead to use after free scenario' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, APQ8098, Bitra, Kamorta, MSM8917, MSM8953, MSM8998, QCM2150, QCS405, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM632, SM6150, SM7150, SM8150, SM8250, SXR2130

References (2)

Core 2

Core References

Broken Link x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 13.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (22)

qualcomm/apq8096au_firmware

qualcomm/apq8098_firmware

qualcomm/bitra_firmware

qualcomm/kamorta_firmware

qualcomm/msm8917_firmware

qualcomm/msm8953_firmware

qualcomm/msm8998_firmware

qualcomm/qcm2150_firmware

qualcomm/qcs405_firmware

qualcomm/qcs605_firmware

... and 12 more

Published Sep 08, 2020

Tracked Since Feb 18, 2026