CVE-2020-11168 : u'Null-pointer dereference can occur while accessing data buffer beyond its size

u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8009W, APQ8017, APQ8053, APQ8064AU, APQ8096AU, APQ8098, MDM9206, MDM9650, MSM8909W, MSM8953, MSM8996AU, QCM4290, QCS405, QCS4290, QCS603, QCS605, QM215, QSM8350, SA6155, SA6155P, SA8155, SA8155P, SDA429W, SDA640, SDA660, SDA845, SDA855, SDM1000, SDM429, SDM429W, SDM450, SDM632, SDM640, SDM830, SDM845, SDW2500, SDX20, SDX20M, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P, WCD9330

Published 2020-11-12 10:15:12

Updated 2020-11-19 17:27:18

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2020-11168

Qualcomm » Mdm9206 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9206 » Version: N/A
Qualcomm » Mdm9650 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9650 » Version: N/A
Qualcomm » Msm8909w Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8909w » Version: N/A
Qualcomm » Sdx20 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx20 » Version: N/A
Qualcomm » Apq8096au Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8096au » Version: N/A
Qualcomm » Msm8996au Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8996au » Version: N/A
Qualcomm » Sdm845 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm845 » Version: N/A
Qualcomm » Sdm632 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm632_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm632 » Version: N/A
Qualcomm » Sdm429 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm429_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm429 » Version: N/A
Qualcomm » Sda660 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda660 » Version: N/A
Qualcomm » Sda845 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda845 » Version: N/A
Qualcomm » Qcs605 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs605 » Version: N/A
Qualcomm » Qm215 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qm215_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qm215 » Version: N/A
Qualcomm » Qcs405 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs405 » Version: N/A
Qualcomm » Apq8009 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8009 » Version: N/A
Qualcomm » Apq8017 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8017 » Version: N/A
Qualcomm » Apq8053 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8053 » Version: N/A
Qualcomm » Sdx55 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55 » Version: N/A
Qualcomm » Sm8150 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8150 » Version: N/A
Qualcomm » Apq8098 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8098_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8098 » Version: N/A
Qualcomm » Msm8953 Firmware » Version: N/A
cpe:2.3:o:qualcomm:msm8953_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Msm8953 » Version: N/A
Qualcomm » Sdm450 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm450 » Version: N/A
Qualcomm » Sm8250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8250 » Version: N/A
Qualcomm » Sxr2130 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr2130 » Version: N/A
Qualcomm » Sa6155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6155p » Version: N/A
Qualcomm » Sdm429w Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm429w » Version: N/A
Qualcomm » Sa8155p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8155p » Version: N/A
Qualcomm » Sdx20m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx20m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx20m » Version: N/A
Qualcomm » Wcd9330 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9330 » Version: N/A
Qualcomm » Apq8009w Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8009w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8009w » Version: N/A
Qualcomm » Apq8064au Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8064au_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8064au » Version: N/A
Qualcomm » Qcm4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcm4290 » Version: N/A
Qualcomm » Qcs4290 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs4290 » Version: N/A
Qualcomm » Qcs603 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcs603 » Version: N/A
Qualcomm » Qsm8350 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qsm8350_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qsm8350 » Version: N/A
Qualcomm » Sa6155 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa6155 » Version: N/A
Qualcomm » Sa8155 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sa8155 » Version: N/A
Qualcomm » Sda429w Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda429w » Version: N/A
Qualcomm » Sda640 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda640_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda640 » Version: N/A
Qualcomm » Sda855 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sda855_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sda855 » Version: N/A
Qualcomm » Sdm1000 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm1000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm1000 » Version: N/A
Qualcomm » Sdm640 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm640_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm640 » Version: N/A
Qualcomm » Sdm830 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdm830_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdm830 » Version: N/A
Qualcomm » Sdw2500 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdw2500_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdw2500 » Version: N/A
Qualcomm » Sdx50m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx50m » Version: N/A
Qualcomm » Sdx55m Firmware » Version: N/A
cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sdx55m » Version: N/A
Qualcomm » Sm4250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4250 » Version: N/A
Qualcomm » Sm4250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm4250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm4250p » Version: N/A
Qualcomm » Sm6115 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6115_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6115 » Version: N/A
Qualcomm » Sm6115p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6115p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6115p » Version: N/A
Qualcomm » Sm6125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6125 » Version: N/A
Qualcomm » Sm6250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6250 » Version: N/A
Qualcomm » Sm6350 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm6350_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm6350 » Version: N/A
Qualcomm » Sm7125 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7125_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7125 » Version: N/A
Qualcomm » Sm7225 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7225_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7225 » Version: N/A
Qualcomm » Sm7250 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7250_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7250 » Version: N/A
Qualcomm » Sm7250p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm7250p » Version: N/A
Qualcomm » Sm8150p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8150p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8150p » Version: N/A
Qualcomm » Sm8350 Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8350_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8350 » Version: N/A
Qualcomm » Sm8350p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sm8350p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sm8350p » Version: N/A
Qualcomm » Sxr2130p Firmware » Version: N/A
cpe:2.3:o:qualcomm:sxr2130p_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Sxr2130p » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-11168

EPSS FAQ

0.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 49 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-11168

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-11168

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-11168

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Page not found
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-11168

Products affected by CVE-2020-11168

Exploit prediction scoring system (EPSS) score for CVE-2020-11168

CVSS scores for CVE-2020-11168

CWE ids for CVE-2020-11168

References for CVE-2020-11168