CVE-2020-11305 : Integer overflow in boot due to improper length check on arguments received in Snapdragon Consumer IOT, Snapdragon Indus

Integer overflow in boot due to improper length check on arguments received in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music

Published 2021-03-17 06:15:14

Updated 2021-03-25 15:54:05

Source Qualcomm, Inc.

View at NVD, CVE.org

Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-2020-11305

Probability of exploitation activity in the next 30 days: 0.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 29 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-11305

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.8	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	0.9	5.9	NIST
Attack Vector: Physical Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-11305

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-11305

https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin

March 2021 Security Bulletin | Qualcomm
Patch;Vendor Advisory

CVEs referencing this url

Products affected by CVE-2020-11305

Qualcomm » Mdm9206 Firmware » Version: N/A
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Mdm9206 » Version: N/A
Qualcomm » Qca9377 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9377 » Version: N/A
Qualcomm » Apq8009 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8009 » Version: N/A
Qualcomm » Apq8053 Firmware » Version: N/A
cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Apq8053 » Version: N/A
Qualcomm » Wsa8810 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8810 » Version: N/A
Qualcomm » Wsa8815 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wsa8815 » Version: N/A
Qualcomm » Wcd9330 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9330 » Version: N/A
Qualcomm » Pm8909 Firmware » Version: N/A
cpe:2.3:o:qualcomm:pm8909_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Pm8909 » Version: N/A
Qualcomm » Pm8916 Firmware » Version: N/A
cpe:2.3:o:qualcomm:pm8916_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Pm8916 » Version: N/A
Qualcomm » Pm8953 Firmware » Version: N/A
cpe:2.3:o:qualcomm:pm8953_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Pm8953 » Version: N/A
Qualcomm » Pmd9607 Firmware » Version: N/A
cpe:2.3:o:qualcomm:pmd9607_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Pmd9607 » Version: N/A
Qualcomm » Pmi8952 Firmware » Version: N/A
cpe:2.3:o:qualcomm:pmi8952_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Pmi8952 » Version: N/A
Qualcomm » Qca9367 Firmware » Version: N/A
cpe:2.3:o:qualcomm:qca9367_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Qca9367 » Version: N/A
Qualcomm » Smb1358 Firmware » Version: N/A
cpe:2.3:o:qualcomm:smb1358_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Smb1358 » Version: N/A
Qualcomm » Smb1360 Firmware » Version: N/A
cpe:2.3:o:qualcomm:smb1360_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Smb1360 » Version: N/A
Qualcomm » Smb231 Firmware » Version: N/A
cpe:2.3:o:qualcomm:smb231_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Smb231 » Version: N/A
Qualcomm » Wcd9326 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcd9326 » Version: N/A
Qualcomm » Wcn3660b Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3660b » Version: N/A
Qualcomm » Wcn3680b Firmware » Version: N/A
cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wcn3680b » Version: N/A
Qualcomm » Wtr2965 Firmware » Version: N/A
cpe:2.3:o:qualcomm:wtr2965_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Qualcomm » Wtr2965 » Version: N/A

Vulnerability Details : CVE-2020-11305

Exploit prediction scoring system (EPSS) score for CVE-2020-11305

CVSS scores for CVE-2020-11305

CWE ids for CVE-2020-11305

References for CVE-2020-11305

Products affected by CVE-2020-11305