Vulnerability Name:

CVE-2020-11242 (CCN-199647)

Assigned:2020-03-31
Published:2021-04-05
Updated:2021-04-12
Summary:User could gain access to secure memory due to incorrect argument into address range validation api used in SDI to capture requested contents in Snapdragon Industrial IOT, Snapdragon Mobile
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-11242

Source: XF
Type: UNKNOWN
qualcomm-cve202011242-sec-bypass(199647)

Source: CCN
Type: Qualcomm Web site
April 2021 Security Bulletin

Source: CONFIRM
Type: Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/april-2021-bulletin

Vulnerable Configuration:Configuration 1:
  • cpe:/o:qualcomm:pm660_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:pm660:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:qualcomm:pm660a_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:pm660a:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:qualcomm:pm660l_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:pm660l:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:qualcomm:pm855a_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:pm855a:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:qualcomm:pmm855au_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:pmm855au:-:*:*:*:*:*:*:*

    • Configuration 6:
  • cpe:/o:qualcomm:qat3514_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qat3514:-:*:*:*:*:*:*:*

    • Configuration 7:
  • cpe:/o:qualcomm:qat3522_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qat3522:-:*:*:*:*:*:*:*

    • Configuration 8:
  • cpe:/o:qualcomm:qat3550_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qat3550:-:*:*:*:*:*:*:*

    • Configuration 9:
  • cpe:/o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qca6564a:-:*:*:*:*:*:*:*

    • Configuration 10:
  • cpe:/o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qca6564au:-:*:*:*:*:*:*:*

    • Configuration 11:
  • cpe:/o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qca6574a:-:*:*:*:*:*:*:*

    • Configuration 12:
  • cpe:/o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qca6574au:-:*:*:*:*:*:*:*

    • Configuration 13:
  • cpe:/o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qca6595:-:*:*:*:*:*:*:*

    • Configuration 14:
  • cpe:/o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qca6595au:-:*:*:*:*:*:*:*

    • Configuration 15:
  • cpe:/o:qualcomm:qet4100_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qet4100:-:*:*:*:*:*:*:*

    • Configuration 16:
  • cpe:/o:qualcomm:qet4101_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qet4101:-:*:*:*:*:*:*:*

    • Configuration 17:
  • cpe:/o:qualcomm:qet4200aq_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qet4200aq:-:*:*:*:*:*:*:*

    • Configuration 18:
  • cpe:/o:qualcomm:qln1021aq_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qln1021aq:-:*:*:*:*:*:*:*

    • Configuration 19:
  • cpe:/o:qualcomm:qln1031_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qln1031:-:*:*:*:*:*:*:*

    • Configuration 20:
  • cpe:/o:qualcomm:qln1036aq_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qln1036aq:-:*:*:*:*:*:*:*

    • Configuration 21:
  • cpe:/o:qualcomm:qpa4340_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qpa4340:-:*:*:*:*:*:*:*

    • Configuration 22:
  • cpe:/o:qualcomm:qpa4360_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qpa4360:-:*:*:*:*:*:*:*

    • Configuration 23:
  • cpe:/o:qualcomm:qpa5460_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qpa5460:-:*:*:*:*:*:*:*

    • Configuration 24:
  • cpe:/o:qualcomm:qtc800h_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qtc800h:-:*:*:*:*:*:*:*

    • Configuration 25:
  • cpe:/o:qualcomm:qtc800s_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qtc800s:-:*:*:*:*:*:*:*

    • Configuration 26:
  • cpe:/o:qualcomm:rsw8577_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:rsw8577:-:*:*:*:*:*:*:*

    • Configuration 27:
  • cpe:/o:qualcomm:sd455_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd455:-:*:*:*:*:*:*:*

    • Configuration 28:
  • cpe:/o:qualcomm:sd636_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd636:-:*:*:*:*:*:*:*

    • Configuration 29:
  • cpe:/o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sd660:-:*:*:*:*:*:*:*

    • Configuration 30:
  • cpe:/o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sdm630:-:*:*:*:*:*:*:*

    • Configuration 31:
  • cpe:/o:qualcomm:sdr660_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sdr660:-:*:*:*:*:*:*:*

    • Configuration 32:
  • cpe:/o:qualcomm:smb1351_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:smb1351:-:*:*:*:*:*:*:*

    • Configuration 33:
  • cpe:/o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:wcd9335:-:*:*:*:*:*:*:*

    • Configuration 34:
  • cpe:/o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:wcd9340:-:*:*:*:*:*:*:*

    • Configuration 35:
  • cpe:/o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:wcd9341:-:*:*:*:*:*:*:*

    • Configuration 36:
  • cpe:/o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:wcn3950:-:*:*:*:*:*:*:*

    • Configuration 37:
  • cpe:/o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:wcn3980:-:*:*:*:*:*:*:*

    • Configuration 38:
  • cpe:/o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:wcn3990:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:*
  • OR cpe:/h:qualcomm:snapdragon_industrial_internet_of_things:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    qualcomm pm660 firmware -
    qualcomm pm660 -
    qualcomm pm660a firmware -
    qualcomm pm660a -
    qualcomm pm660l firmware -
    qualcomm pm660l -
    qualcomm pm855a firmware -
    qualcomm pm855a -
    qualcomm pmm855au firmware -
    qualcomm pmm855au -
    qualcomm qat3514 firmware -
    qualcomm qat3514 -
    qualcomm qat3522 firmware -
    qualcomm qat3522 -
    qualcomm qat3550 firmware -
    qualcomm qat3550 -
    qualcomm qca6564a firmware -
    qualcomm qca6564a -
    qualcomm qca6564au firmware -
    qualcomm qca6564au -
    qualcomm qca6574a firmware -
    qualcomm qca6574a -
    qualcomm qca6574au firmware -
    qualcomm qca6574au -
    qualcomm qca6595 firmware -
    qualcomm qca6595 -
    qualcomm qca6595au firmware -
    qualcomm qca6595au -
    qualcomm qet4100 firmware -
    qualcomm qet4100 -
    qualcomm qet4101 firmware -
    qualcomm qet4101 -
    qualcomm qet4200aq firmware -
    qualcomm qet4200aq -
    qualcomm qln1021aq firmware -
    qualcomm qln1021aq -
    qualcomm qln1031 firmware -
    qualcomm qln1031 -
    qualcomm qln1036aq firmware -
    qualcomm qln1036aq -
    qualcomm qpa4340 firmware -
    qualcomm qpa4340 -
    qualcomm qpa4360 firmware -
    qualcomm qpa4360 -
    qualcomm qpa5460 firmware -
    qualcomm qpa5460 -
    qualcomm qtc800h firmware -
    qualcomm qtc800h -
    qualcomm qtc800s firmware -
    qualcomm qtc800s -
    qualcomm rsw8577 firmware -
    qualcomm rsw8577 -
    qualcomm sd455 firmware -
    qualcomm sd455 -
    qualcomm sd636 firmware -
    qualcomm sd636 -
    qualcomm sd660 firmware -
    qualcomm sd660 -
    qualcomm sdm630 firmware -
    qualcomm sdm630 -
    qualcomm sdr660 firmware -
    qualcomm sdr660 -
    qualcomm smb1351 firmware -
    qualcomm smb1351 -
    qualcomm wcd9335 firmware -
    qualcomm wcd9335 -
    qualcomm wcd9340 firmware -
    qualcomm wcd9340 -
    qualcomm wcd9341 firmware -
    qualcomm wcd9341 -
    qualcomm wcn3950 firmware -
    qualcomm wcn3950 -
    qualcomm wcn3980 firmware -
    qualcomm wcn3980 -
    qualcomm wcn3990 firmware -
    qualcomm wcn3990 -
    qualcomm snapdragon mobile -
    qualcomm snapdragon industrial internet of things -