CVE-2020-11124
HIGHQualcomm MDM9607 and Snapdragon Firmware - Use-After-Free in Diag Client Map Table
Title source: llmDescription
u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
11.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (17)
qualcomm/mdm9607_firmware
qualcomm/nicobar_firmware
qualcomm/qcs404_firmware
qualcomm/qcs405_firmware
qualcomm/qcs610_firmware
qualcomm/rennell_firmware
qualcomm/sa6155p_firmware
qualcomm/sa8155p_firmware
qualcomm/saipan_firmware
qualcomm/sc8180x_firmware
... and 7 more
Published
Sep 09, 2020
Tracked Since
Feb 18, 2026