qualcomm pm6150a CVE-2020-11254 vulnerability in Qualcomm Products
Published on May 7, 2021

Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

NVD

Vulnerability Analysis

CVE-2020-11254 is exploitable with local system access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Products Associated with CVE-2020-11254

Want to know whenever a new CVE is published for Qualcomm products? stack.watch will email you.

Qualcomm Pm6150a
 
Qualcomm Pm6150l
 
Qualcomm Pm6350
 
Qualcomm Pm660
 
Qualcomm Pm660l
 
Qualcomm Pm7250b
 
Qualcomm Pm8008
 
Qualcomm Pm8009
 
Qualcomm Pm8350
 
Qualcomm Pm8350b
 
Qualcomm Pm8350bh
 
Qualcomm Pm8350c
 
Qualcomm Pmk8003
 
Qualcomm Pmk8350
 
Qualcomm Pmm6155au
 
Qualcomm Pmm8155au
 
Qualcomm Pmm8195au
 
Qualcomm Pmr735a
 
Qualcomm Pmr735b
 
Qualcomm Qat3516
 
Qualcomm Qat3518
 
Qualcomm Qat3519
 
Qualcomm Qat3555
 
Qualcomm Qat5515
 
Qualcomm Qat5516
 
Qualcomm Qat5522
 
Qualcomm Qat5568
 
Qualcomm Qbt1500
 
Qualcomm Qca6574au
 
Qualcomm Qca6696
 
Qualcomm Qdm3301
 
Qualcomm Qdm4643
 
Qualcomm Qdm4650
 
Qualcomm Qdm5620
 
Qualcomm Qdm5621
 
Qualcomm Qdm5670
 
Qualcomm Qdm5671
 
Qualcomm Qet5100
 
Qualcomm Qet5100m
 
Qualcomm Qet6100
 
Qualcomm Qet6105
 
Qualcomm Qet6110
 
Qualcomm Qfs2530
 
Qualcomm Qfs2580
 
Qualcomm Qfs2608
 
Qualcomm Qfs2630
 
Qualcomm Qln4642
 
Qualcomm Qln4650
 
Qualcomm Qln5020
 
Qualcomm Qln5030
 
Qualcomm Qln5040
 
Qualcomm Qpa2625
 
Qualcomm Qpa5461
 
Qualcomm Qpa5580
 
Qualcomm Qpa5581
 
Qualcomm Qpa8801
 
Qualcomm Qpa8802
 
Qualcomm Qpa8803
 
Qualcomm Qpa8821
 
Qualcomm Qpa8842
 
Qualcomm Qpm4621
 
Qualcomm Qpm4630
 
Qualcomm Qpm4640
 
Qualcomm Qpm4641
 
Qualcomm Qpm4650
 
Qualcomm Qpm5621
 
Qualcomm Qpm5641
 
Qualcomm Qpm5670
 
Qualcomm Qpm5677
 
Qualcomm Qpm5679
 
Qualcomm Qpm5870
 
Qualcomm Qpm5875
 
Qualcomm Qpm6585
 
Qualcomm Qpm6621
 
Qualcomm Qpm6670
 
Qualcomm Qpm8820
 
Qualcomm Qpm8870
 
Qualcomm Qtc800h
 
Qualcomm Qtc800s
 
Qualcomm Qtc801s
 
Qualcomm Qtm525
 
Qualcomm Sa6145p
 
Qualcomm Sa6150p
 
Qualcomm Sa6155p
 
Qualcomm Sa8150p
 
Qualcomm Sa8155p
 
Qualcomm Sa8195p
 
Qualcomm Sd480
 
Qualcomm Sd670
 
Qualcomm Sd710
 
Qualcomm Sd888
 
Qualcomm Sd888 5g
 
Qualcomm Sdr660
 
Qualcomm Sdr660g
 
Qualcomm Sdr735
 
Qualcomm Sdr735g
 
Qualcomm Sdr865
 
Qualcomm Sdxr1
 
Qualcomm Smb1351
 
Qualcomm Smb1355
 
Qualcomm Smb1396
 
Qualcomm Smb1398
 
Qualcomm Smr526
 
Qualcomm Smr545
 
Qualcomm Smr546
 
Qualcomm Wcd9326
 
Qualcomm Wcd9341
 
Qualcomm Wcd9370
 
Qualcomm Wcd9375
 
Qualcomm Wcd9380
 
Qualcomm Wcd9385
 
Qualcomm Wcn3980
 
Qualcomm Wcn3988
 
Qualcomm Wcn3990
 
Qualcomm Wcn3991
 
Qualcomm Wcn6850
 
Qualcomm Wcn6851
 
Qualcomm Wcn6855
 
Qualcomm Wcn6856
 
Qualcomm Wsa8830
 
Qualcomm Wsa8835
 
Qualcomm Snapdragon
 

Affected Versions

Qualcomm, Inc. Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile Version PM6150A, PM6150L, PM6350, PM660, PM660L, PM7250B, PM8008, PM8009, PM8350, PM8350B, PM8350BH, PM8350C, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMR735A, PMR735B, QAT3516, QAT3518, QAT3519, QAT3555, QAT5515, QAT5516, QAT5522, QAT5568, QBT1500, QCA6574AU, QCA6696, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5670, QDM5671, QET5100, QET5100M, QET6100, QET6105, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA5461, QPA5580, QPA5581, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5621, QPM5641, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6585, QPM6621, QPM6670, QPM8820, QPM8870, QTC800H, QTC800S, QTC801S, QTM525, SA6145P, SA6150P, SA6155P, SA8150P, SA8155P, SA8195P, SD480, SD670, SD710, SD888, SD888 5G, SDR660, SDR660G, SDR735, SDR735G, SDR865, SDXR1, SMB1351, SMB1355, SMB1396, SMB1398, SMR526, SMR545, SMR546, WCD9326, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3980, WCN3988, WCN3 ...[truncated*] is affected by CVE-2020-11254

Exploit Probability

EPSS
0.05%
Percentile
16.02%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.