CVE-2020-11261

HIGH KEV

Qualcomm Apq8009 Firmware - Out-of-Bounds Write

Title source: rule

Description

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

References (2)

[Patch, Vendor Advisory] https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11261

Scores

CVSS v3 7.8

EPSS 0.0085

EPSS Percentile 74.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-12-01

VulnCheck KEV 2020-07-20

InTheWild.io 2020-07-20

ENISA EUVD EUVD-2020-3615

CWE

CWE-20 CWE-787

Status published

Products (50)

qualcomm/apq8009_firmware

qualcomm/apq8009w_firmware

qualcomm/apq8017_firmware

qualcomm/apq8037_firmware

qualcomm/apq8053_firmware

qualcomm/apq8064au_firmware

qualcomm/apq8096au_firmware

qualcomm/aqt1000_firmware

qualcomm/ar8031_firmware

qualcomm/ar8035_firmware

... and 40 more

Published Jun 09, 2021

KEV Added Dec 01, 2021

Tracked Since Feb 18, 2026