CVE-2020-11205
HIGHQualcomm Snapdragon Firmware - Integer Overflow to Heap Overflow via Packet Length Mismatch
Title source: llmDescription
u'Possible integer overflow to heap overflow while processing command due to lack of check of packet length received' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile in QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155P, SA8195P, SDX55M, SM8250, SM8350, SM8350P, SXR2130, SXR2130P
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
10.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-190
CWE-787
Status
published
Products (14)
qualcomm/qsm8350_firmware
qualcomm/sa6145p_firmware
qualcomm/sa6150p_firmware
qualcomm/sa6155_firmware
qualcomm/sa6155p_firmware
qualcomm/sa8150p_firmware
qualcomm/sa8155p_firmware
qualcomm/sa8195p_firmware
qualcomm/sdx55m_firmware
qualcomm/sm8250_firmware
... and 4 more
Published
Nov 12, 2020
Tracked Since
Feb 18, 2026