CVE-2020-11148

MEDIUM

Qualcomm APQ8017 and related - Use-After-Free in HIDL Callback Event Handling

Title source: llm

Description

Use after free issue in HIDL while using callback to post event in Rx thread when internal mutex is not acquired and meantime close is triggered and callback instance is deleted in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

References (2)

Core 2

Core References

Broken Link x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

Scores

CVSS v3 6.7

EPSS 0.0004

EPSS Percentile 12.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (50)

qualcomm/apq8017

qualcomm/apq8053

qualcomm/msm8917

qualcomm/msm8953

qualcomm/pm215

qualcomm/pm3003a

qualcomm/pm439

qualcomm/pm6125

qualcomm/pm6150

qualcomm/pm6150a

... and 40 more

Published Jan 21, 2021

Tracked Since Feb 18, 2026