CVE-2020-11198

MEDIUM

Snapdragon - Info Disclosure

Title source: llm

Description

Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

References (1)

[Vendor Advisory] https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin

Scores

CVSS v3 6.7

EPSS 0.0002

EPSS Percentile 5.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-212

Status published

Products (50)

qualcomm/aqt1000_firmware

qualcomm/ar8031_firmware

qualcomm/ar8035_firmware

qualcomm/csr8811_firmware

qualcomm/csra6620_firmware

qualcomm/csra6640_firmware

qualcomm/csrb31024_firmware

qualcomm/fsm10055_firmware

qualcomm/fsm10056_firmware

qualcomm/ipq6000_firmware

... and 40 more

Published Feb 22, 2021

Tracked Since Feb 18, 2026