CVE-2020-11266 : Image address is dereferenced before validating its range which can cause potent

Image address is dereferenced before validating its range which can cause potential QSEE information leakage in Snapdragon Wired Infrastructure and Networking

Published 2021-06-09 05:15:08

Updated 2021-06-16 19:03:22

Source Qualcomm, Inc.

View at NVD, CVE.org

Products affected by CVE-2020-11266

Qualcomm » Ipq4019 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ipq4019 » Version: N/A
Qualcomm » Qca9880 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9880_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9880 » Version: N/A
Qualcomm » Qca9886 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9886_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9886 » Version: N/A
Qualcomm » Wcd9340 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9340 » Version: N/A
Qualcomm » Wsa8810 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8810 » Version: N/A
Qualcomm » Csr8811 Firmware » Version: N/A
cpe:2.3:o:qualcomm:csr8811_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Csr8811 » Version: N/A
Qualcomm » Ipq4018 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ipq4018_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ipq4018 » Version: N/A
Qualcomm » Ipq4028 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ipq4028_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ipq4028 » Version: N/A
Qualcomm » Ipq4029 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ipq4029_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ipq4029 » Version: N/A
Qualcomm » Qca4024 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca4024_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca4024 » Version: N/A
Qualcomm » Qca8075 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca8075_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca8075 » Version: N/A
Qualcomm » Qca9888 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9888_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9888 » Version: N/A
Qualcomm » Qca9889 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9889_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9889 » Version: N/A
Qualcomm » Qca9898 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9898_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9898 » Version: N/A
Qualcomm » Qca9984 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9984_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9984 » Version: N/A
Qualcomm » Qca9992 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9992_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9992 » Version: N/A
Qualcomm » Qca9994 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9994_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9994 » Version: N/A
Qualcomm » Qca7500 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca7500_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca7500 » Version: N/A
Qualcomm » Qfe1922 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qfe1922_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qfe1922 » Version: N/A
Qualcomm » Qfe1952 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qfe1952_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qfe1952 » Version: N/A
Qualcomm » Ar7420 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ar7420_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ar7420 » Version: N/A
Qualcomm » Qca7520 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca7520_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca7520 » Version: N/A
Qualcomm » Qca7550 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca7550_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca7550 » Version: N/A
Qualcomm » Qcn3018 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qcn3018_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qcn3018 » Version: N/A
Qualcomm » Ar9580 Firmware » Version: N/A
cpe:2.3:o:qualcomm:ar9580_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Ar9580 » Version: N/A
Qualcomm » Qca10901 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca10901_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca10901 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2020-11266

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 10 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-11266

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:P/I:N/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
6.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N	2.0	4.0	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: None Availability: None

References for CVE-2020-11266

https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

January 2021 Security Bulletin | Qualcomm
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2020-11266

Products affected by CVE-2020-11266

Exploit prediction scoring system (EPSS) score for CVE-2020-11266

CVSS scores for CVE-2020-11266

References for CVE-2020-11266