CVE-2020-11181

HIGH

Qualcomm PM3003A and related firmware - Memory Corruption via CVP Process Control Command

Title source: llm

Description

Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

References (2)

Core 2

Core References

Broken Link x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

Scores

CVSS v3 7.8

EPSS 0.0003

EPSS Percentile 9.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (39)

qualcomm/pm3003a_firmware

qualcomm/pm8009_firmware

qualcomm/pm8150a_firmware

qualcomm/pm8150b_firmware

qualcomm/pm8150c_firmware

qualcomm/pm8150l_firmware

qualcomm/pm8250_firmware

qualcomm/pmk8002_firmware

qualcomm/pmr525_firmware

qualcomm/pmx55_firmware

... and 29 more

Published Jan 21, 2021

Tracked Since Feb 18, 2026