6.4
MEDIUM
CVE-2020-11151
Snapdragon Auto/Compute/Connectivity/Industrial IOT/Mobile/Wearables Use-after-Free Race Condition
Description

Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

INFO

Published Date :

Jan. 21, 2021, 10:15 a.m.

Last Modified :

Nov. 21, 2024, 4:56 a.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

0.5
Affected Products

The following products are affected by CVE-2020-11151 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Qualcomm pm3003a
2 Qualcomm pm6125
3 Qualcomm pm6150
4 Qualcomm pm6150a
5 Qualcomm pm6150l
6 Qualcomm pm6350
7 Qualcomm pm640a
8 Qualcomm pm640l
9 Qualcomm pm640p
10 Qualcomm pm7150a
11 Qualcomm pm7150l
12 Qualcomm pm7250
13 Qualcomm pm7250b
14 Qualcomm pm8008
15 Qualcomm pm8009
16 Qualcomm pm8150a
17 Qualcomm pm8150b
18 Qualcomm pm8150c
19 Qualcomm pm8150l
20 Qualcomm pm8250
21 Qualcomm pmi632
22 Qualcomm pmk8002
23 Qualcomm pmk8003
24 Qualcomm pmm8195au
25 Qualcomm pmm855au
26 Qualcomm pmr525
27 Qualcomm pmr735a
28 Qualcomm pmr735b
29 Qualcomm pmx55
30 Qualcomm qat3516
31 Qualcomm qat3518
32 Qualcomm qat3519
33 Qualcomm qat3522
34 Qualcomm qat3550
35 Qualcomm qat3555
36 Qualcomm qat5515
37 Qualcomm qat5516
38 Qualcomm qat5522
39 Qualcomm qat5533
40 Qualcomm qbt1500
41 Qualcomm qbt2000
42 Qualcomm qca6390
43 Qualcomm qca6391
44 Qualcomm qca6421
45 Qualcomm qca6426
46 Qualcomm qca6431
47 Qualcomm qca6436
48 Qualcomm qca6574a
49 Qualcomm qca6574au
50 Qualcomm qca6584au
51 Qualcomm qca6595
52 Qualcomm qca6595au
53 Qualcomm qca6696
54 Qualcomm qcm4290
55 Qualcomm qcs4290
56 Qualcomm qdm2301
57 Qualcomm qdm2305
58 Qualcomm qdm2307
59 Qualcomm qdm2308
60 Qualcomm qdm2310
61 Qualcomm qdm3301
62 Qualcomm qdm5620
63 Qualcomm qdm5621
64 Qualcomm qdm5650
65 Qualcomm qdm5652
66 Qualcomm qdm5670
67 Qualcomm qdm5671
68 Qualcomm qdm5677
69 Qualcomm qdm5679
70 Qualcomm qet4101
71 Qualcomm qet5100
72 Qualcomm qet6100
73 Qualcomm qet6110
74 Qualcomm qfs2530
75 Qualcomm qfs2580
76 Qualcomm qln4642
77 Qualcomm qln4650
78 Qualcomm qln5020
79 Qualcomm qln5030
80 Qualcomm qln5040
81 Qualcomm qpa2625
82 Qualcomm qpa4360
83 Qualcomm qpa5580
84 Qualcomm qpa5581
85 Qualcomm qpa6560
86 Qualcomm qpa8673
87 Qualcomm qpa8686
88 Qualcomm qpa8801
89 Qualcomm qpa8802
90 Qualcomm qpa8803
91 Qualcomm qpa8821
92 Qualcomm qpa8842
93 Qualcomm qpm4650
94 Qualcomm qpm5621
95 Qualcomm qpm5658
96 Qualcomm qpm5670
97 Qualcomm qpm5677
98 Qualcomm qpm5679
99 Qualcomm qpm6582
100 Qualcomm qpm6585
101 Qualcomm qpm8820
102 Qualcomm qpm8830
103 Qualcomm qpm8870
104 Qualcomm qpm8895
105 Qualcomm qsm7250
106 Qualcomm qsw8574
107 Qualcomm qtc410s
108 Qualcomm qtc800h
109 Qualcomm qtc801s
110 Qualcomm qtm525
111 Qualcomm sa6155p
112 Qualcomm sa8150p
113 Qualcomm sa8155
114 Qualcomm sa8195p
115 Qualcomm sd460
116 Qualcomm sd662
117 Qualcomm sd665
118 Qualcomm sd675
119 Qualcomm sd750g
120 Qualcomm sd765
121 Qualcomm sd765g
122 Qualcomm sd768g
123 Qualcomm sda429w
124 Qualcomm sdr425
125 Qualcomm sdr660
126 Qualcomm sdr660g
127 Qualcomm sdr735
128 Qualcomm sdr8250
129 Qualcomm sdr865
130 Qualcomm sdx55
131 Qualcomm sdx55m
132 Qualcomm sm7250p
133 Qualcomm smb1354
134 Qualcomm smb1355
135 Qualcomm smb1390
136 Qualcomm smb1395
137 Qualcomm smb1396
138 Qualcomm smr525
139 Qualcomm smr526
140 Qualcomm wcd9341
141 Qualcomm wcd9370
142 Qualcomm wcd9375
143 Qualcomm wcd9380
144 Qualcomm wcd9385
145 Qualcomm wcn3610
146 Qualcomm wcn3620
147 Qualcomm wcn3660b
148 Qualcomm wcn3950
149 Qualcomm wcn3980
150 Qualcomm wcn3988
151 Qualcomm wcn3991
152 Qualcomm wcn3998
153 Qualcomm wcn6750
154 Qualcomm wcn6850
155 Qualcomm wcn6851
156 Qualcomm wgr7640
157 Qualcomm wsa8810
158 Qualcomm wsa8815
159 Qualcomm wsa8830
160 Qualcomm wsa8835
161 Qualcomm wtr2965
162 Qualcomm wtr3925
163 Qualcomm sd6905g
164 Qualcomm sd8655g
165 Qualcomm sdxr25g
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2020-11151.

URL Resource
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin Broken Link
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin Patch Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin Broken Link

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2020-11151 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2020-11151 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CWE Remap by [email protected]

    Jul. 21, 2021

    Action Type Old Value New Value
    Changed CWE CWE-416 CWE-362 CWE-416
  • Initial Analysis by [email protected]

    Jan. 29, 2021

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:M/Au:N/C:C/I:C/A:C)
    Added CVSS V3.1 NIST AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin No Types Assigned https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin Broken Link
    Added Reference https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin [Patch, Vendor Advisory]
    Added CWE NIST CWE-416
    Added CPE Configuration OR *cpe:2.3:h:qualcomm:pm3003a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm6125:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm6150:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm6150a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm6150l:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm6350:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm640a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm640l:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm640p:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm7150a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm7150l:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm7250:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm7250b:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8008:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8009:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8150a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8150b:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8150c:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8150l:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8250:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmi632:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmk8002:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmk8003:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmm8195au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmm855au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmr525:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmr735a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmr735b:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmx55:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3516:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3518:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3519:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3522:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3550:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3555:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat5515:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat5516:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat5522:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat5533:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qbt1500:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qbt2000:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6421:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6426:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6431:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6436:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qcm4290:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qcs4290:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm2301:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm2305:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm2307:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm2308:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm2310:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm3301:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5620:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5621:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5650:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5652:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5670:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5671:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5677:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5679:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet4101:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet5100:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet6100:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet6110:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfs2530:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfs2580:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln4642:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln4650:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln5020:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln5030:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln5040:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa2625:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa4360:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa5580:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa5581:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa6560:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa8673:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa8686:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa8801:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa8802:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa8803:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa8821:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa8842:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm4650:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm5621:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm5658:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm5670:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm5677:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm5679:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm6582:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm6585:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm8820:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm8830:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm8870:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm8895:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qsm7250:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qsw8574:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtc410s:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtc800h:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtc801s:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtm525:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sa8155:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd460:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd662:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd665:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd675:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd6905g:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd750g:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd765:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd765g:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd768g:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd8655g:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sda429w:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr425:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr660:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr660g:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr735:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr8250:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr865:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdx55m:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdxr25g:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sm7250p:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1354:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1355:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1390:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1395:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1396:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smr525:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smr526:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3610:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3620:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3991:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3998:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn6750:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn6850:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn6851:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wgr7640:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wtr2965:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wtr3925:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2020-11151 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2020-11151 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.10264

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability