CVE-2020-11130 : u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Aut

u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

Published 2020-11-12 10:15:12

Updated 2020-11-19 18:03:37

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-2020-11130

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 10 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-11130

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-11130

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-11130

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Page not found
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2020-11130

Qualcomm » Qm215 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qm215_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qm215 » Version: N/A
Qualcomm » Sdx55 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55 » Version: N/A
Qualcomm » Sm8150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8150 » Version: N/A
Qualcomm » Sc8180x Firmware » Version: N/A
cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sc8180x » Version: N/A
Qualcomm » Sm8250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8250 » Version: N/A
Qualcomm » Sxr2130 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr2130 » Version: N/A
Qualcomm » Sa6155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6155p » Version: N/A
Qualcomm » Sa8155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8155p » Version: N/A
Qualcomm » Qcm4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm4290 » Version: N/A
Qualcomm » Qcs4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs4290 » Version: N/A
Qualcomm » Qsm8350 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qsm8350_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qsm8350 » Version: N/A
Qualcomm » Sa6155 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6155 » Version: N/A
Qualcomm » Sa8155 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8155 » Version: N/A
Qualcomm » Sdx55m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55m » Version: N/A
Qualcomm » Sm4250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4250 » Version: N/A
Qualcomm » Sm4250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4250p » Version: N/A
Qualcomm » Sm6115 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6115_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6115 » Version: N/A
Qualcomm » Sm6115p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6115p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6115p » Version: N/A
Qualcomm » Sm6125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6125 » Version: N/A
Qualcomm » Sm6250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6250 » Version: N/A
Qualcomm » Sm6350 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6350_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6350 » Version: N/A
Qualcomm » Sm7125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7125 » Version: N/A
Qualcomm » Sm7225 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7225_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7225 » Version: N/A
Qualcomm » Sm7250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7250 » Version: N/A
Qualcomm » Sm7250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7250p » Version: N/A
Qualcomm » Sm8150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8150p » Version: N/A
Qualcomm » Sm8350 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8350_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8350 » Version: N/A
Qualcomm » Sm8350p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8350p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8350p » Version: N/A
Qualcomm » Sxr2130p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr2130p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr2130p » Version: N/A
Qualcomm » Sa6145p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6145p » Version: N/A
Qualcomm » Sc8180xp Firmware » Version: N/A
cpe:2.3:o:qualcomm:sc8180xp_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sc8180xp » Version: N/A

Vulnerability Details : CVE-2020-11130

Exploit prediction scoring system (EPSS) score for CVE-2020-11130

CVSS scores for CVE-2020-11130

CWE ids for CVE-2020-11130

References for CVE-2020-11130

Products affected by CVE-2020-11130