CVE-2020-11217

HIGH

Qualcomm Pm3003a - Double Free

Title source: rule

Description

A possible double free or invalid memory access in audio driver while reading Speaker Protection parameters in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

References (2)

[Broken Link] https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin

[Patch, Vendor Advisory] https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

Scores

CVSS v3 7.8

EPSS 0.0004

EPSS Percentile 12.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-415

Status published

Affected Products (50)

qualcomm/pm3003a

qualcomm/pm4125

qualcomm/pm6125

qualcomm/pm6150a

qualcomm/pm6150l

qualcomm/pm6350

qualcomm/pm660

qualcomm/pm660a

qualcomm/pm660l

qualcomm/pm7150a

qualcomm/pm7150l

qualcomm/pm7250

qualcomm/pm7250b

qualcomm/pm7350c

qualcomm/pm8008

... and 35 more

Timeline

Published Jan 21, 2021

Tracked Since Feb 18, 2026