Vulnerability Name: CVE-2020-11122 (CCN-187937) Assigned: 2020-08-05 Published: 2020-08-05 Updated: 2021-07-21 Summary: u'Null Pointer exception while playing crafted mkv file as data stream get deleted on secondary invalid configuration' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8098, Bitra, Kamorta, SA6155P, Saipan, SM6150, SM7150, SM8150, SM8250, SXR2130 CVSS v3 Severity: 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-20 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2020-11122 qualcomm-cve202011122-code-exec(187937) https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin August 2020 Security Bulletin https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:apq8098_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:apq8098:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:bitra_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:bitra:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:kamorta_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:kamorta:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sa6155p:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:saipan_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:saipan:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm6150:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm7150:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm8150:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm8250:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sxr2130:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_auto:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_consumer_internet_of_things:-:*:*:*:*:*:*:* BACK
qualcomm apq8098 firmware -
qualcomm apq8098 -
qualcomm bitra firmware -
qualcomm bitra -
qualcomm kamorta firmware -
qualcomm kamorta -
qualcomm sa6155p firmware -
qualcomm sa6155p -
qualcomm saipan firmware -
qualcomm saipan -
qualcomm sm6150 firmware -
qualcomm sm6150 -
qualcomm sm7150 firmware -
qualcomm sm7150 -
qualcomm sm8150 firmware -
qualcomm sm8150 -
qualcomm sm8250 firmware -
qualcomm sm8250 -
qualcomm sxr2130 firmware -
qualcomm sxr2130 -
qualcomm snapdragon mobile -
qualcomm snapdragon auto -
qualcomm snapdragon consumer internet of things -
Denotes that component is vulnerable