Vulnerability CVE-2020-11268 - CERT Civis.Net

Vulnerability Name:

CVE-2020-11268 (CCN-201469)

Assigned:

2020-03-31

Published:

2021-05-03

Updated:

2021-05-14

Summary:

Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-11268

Source: XF
Type: UNKNOWN
qualcomm-cve202011268-dos(201469)

Source: CCN
Type: Qualcomm Web site
May 2021 Security Bulletin

Source: CONFIRM
Type: Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin

Vulnerable Configuration:

Configuration 1:

cpe:/h:qualcomm:apq8009:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:apq8016:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:apq8074:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:apq8084:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:apq8094:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:ar6003:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:mdm8215:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:mdm8215m:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:mdm8615m:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:mdm9215:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:mdm9235m:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:mdm9310:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:mdm9615:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:mdm9640:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:mdm9645:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:msm8974:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:msm8939:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:msm8108:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:msm8208:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:msm8209:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:msm8608:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:msm8994:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:pm8018:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:pm8909:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:pm8916:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:mdm9615m:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:msm8916:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:msm8929:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:mdm9609:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:msm8216:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:msm8274:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:msm8674:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:msm8974p:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:pm8841:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:pm8941:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qca6174a:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qca6584:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:sd210:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qca6174:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wcd9330:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:pmd9645:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:pmi8994:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe1040:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe2101:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe2340:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe2550:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe3100:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe3320:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:smb1360:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wcn3610:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wcn3660b:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wcn3680b:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wgr7640:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wtr1605:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wtr2955:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wtr3925:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:pmd9635:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qca1990:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe1045:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe1100:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe2330:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe2520:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe3335:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe3340:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe3345:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wcd9306:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wcn3620:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wcn3660:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wcn3660a:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wcn3680:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wfr1620:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wtr1605l:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wtr1625:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wtr1625l:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wtr2605:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe1035:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:pm8994:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe2310:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe2320:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe1101:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe1520:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe1550:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:qfe2720:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wtr4605:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:wtr4905:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:*

OR cpe:/h:qualcomm:snapdragon_auto:-:*:*:*:*:*:*:*

Denotes that component is vulnerable