CVE-2020-11294
MEDIUMQualcomm AR8035 Firmware - Out-of-Bounds Write in Logger via Prefix Size
Title source: llmDescription
Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin
Scores
CVSS v3
5.9
EPSS
0.0004
EPSS Percentile
12.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-129
Status
published
Products (50)
qualcomm/ar8035_firmware
qualcomm/pm215_firmware
qualcomm/pm3003a_firmware
qualcomm/pm6125_firmware
qualcomm/pm6150_firmware
qualcomm/pm6150a_firmware
qualcomm/pm6150l_firmware
qualcomm/pm6350_firmware
qualcomm/pm640a_firmware
qualcomm/pm640l_firmware
... and 40 more
Published
May 07, 2021
Tracked Since
Feb 18, 2026