CVE-2020-11152

6.4

MEDIUM

Qualcomm Snapdragon V vested Reference Handling

Description

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

INFO

Published Date :

Jan. 21, 2021, 10:15 a.m.

Last Modified :

Jan. 29, 2021, 8:24 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

0.5

Affected Products

The following products are affected by CVE-2020-11152 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Qualcomm	apq8009w
2	Qualcomm	apq8017
3	Qualcomm	apq8037
4	Qualcomm	apq8052
5	Qualcomm	apq8053
6	Qualcomm	apq8056
7	Qualcomm	apq8076
8	Qualcomm	apq8096au
9	Qualcomm	aqt1000
10	Qualcomm	ar8031
11	Qualcomm	csra6620
12	Qualcomm	csra6640
13	Qualcomm	msm8909w
14	Qualcomm	msm8917
15	Qualcomm	msm8920
16	Qualcomm	msm8937
17	Qualcomm	msm8940
18	Qualcomm	msm8952
19	Qualcomm	msm8953
20	Qualcomm	msm8956
21	Qualcomm	msm8976
22	Qualcomm	msm8976sg
23	Qualcomm	msm8996au
24	Qualcomm	pm439
25	Qualcomm	pm660
26	Qualcomm	pm660a
27	Qualcomm	pm660l
28	Qualcomm	pm670
29	Qualcomm	pm670a
30	Qualcomm	pm670l
31	Qualcomm	pm8004
32	Qualcomm	pm8005
33	Qualcomm	pm855
34	Qualcomm	pm855a
35	Qualcomm	pm855b
36	Qualcomm	pm855l
37	Qualcomm	pm855p
38	Qualcomm	pm8916
39	Qualcomm	pm8937
40	Qualcomm	pm8940
41	Qualcomm	pm8952
42	Qualcomm	pm8953
43	Qualcomm	pm8956
44	Qualcomm	pm8998
45	Qualcomm	pmd9655
46	Qualcomm	pmi632
47	Qualcomm	pmi8937
48	Qualcomm	pmi8952
49	Qualcomm	pmi8998
50	Qualcomm	pmm8996au
51	Qualcomm	pmx24
52	Qualcomm	pmx50
53	Qualcomm	qat3514
54	Qualcomm	qat3522
55	Qualcomm	qat3550
56	Qualcomm	qbt1000
57	Qualcomm	qbt1500
58	Qualcomm	qbt2000
59	Qualcomm	qca6174a
60	Qualcomm	qca6310
61	Qualcomm	qca6320
62	Qualcomm	qca6420
63	Qualcomm	qca6430
64	Qualcomm	qca6564a
65	Qualcomm	qca6564au
66	Qualcomm	qca6574a
67	Qualcomm	qca6574au
68	Qualcomm	qca6584au
69	Qualcomm	qcc1110
70	Qualcomm	qcs405
71	Qualcomm	qcs603
72	Qualcomm	qcs605
73	Qualcomm	qet4100
74	Qualcomm	qet4101
75	Qualcomm	qet5100
76	Qualcomm	qet5100m
77	Qualcomm	qfe2080fc
78	Qualcomm	qfe2081fc
79	Qualcomm	qfe2082fc
80	Qualcomm	qfe2101
81	Qualcomm	qfe2550
82	Qualcomm	qfe3100
83	Qualcomm	qfe3440fc
84	Qualcomm	qfe4301
85	Qualcomm	qfe4302
86	Qualcomm	qfe4303
87	Qualcomm	qfe4305
88	Qualcomm	qfe4308
89	Qualcomm	qfe4309
90	Qualcomm	qfe4320
91	Qualcomm	qfe4373fc
92	Qualcomm	qfe4455fc
93	Qualcomm	qfe4465fc
94	Qualcomm	qln1035bd
95	Qualcomm	qpa4340
96	Qualcomm	qpa4360
97	Qualcomm	qpa5460
98	Qualcomm	qsw8573
99	Qualcomm	qtc800h
100	Qualcomm	qtc800s
101	Qualcomm	qtc800t
102	Qualcomm	qtc801s
103	Qualcomm	rgr7640au
104	Qualcomm	rsw8577
105	Qualcomm	sd439
106	Qualcomm	sd450
107	Qualcomm	sd660
108	Qualcomm	sd710
109	Qualcomm	sd712
110	Qualcomm	sd835
111	Qualcomm	sd855
112	Qualcomm	sdm630
113	Qualcomm	sdm830
114	Qualcomm	sdr051
115	Qualcomm	sdr052
116	Qualcomm	sdr660
117	Qualcomm	sdr8150
118	Qualcomm	sdw3100
119	Qualcomm	sdx50m
120	Qualcomm	smb1351
121	Qualcomm	smb1355
122	Qualcomm	smb1358
123	Qualcomm	smb1360
124	Qualcomm	smb1380
125	Qualcomm	smb1381
126	Qualcomm	smb1390
127	Qualcomm	smb231
128	Qualcomm	wcd9306
129	Qualcomm	wcd9326
130	Qualcomm	wcd9330
131	Qualcomm	wcd9335
132	Qualcomm	wcd9340
133	Qualcomm	wcd9341
134	Qualcomm	wcd9360
135	Qualcomm	wcn3610
136	Qualcomm	wcn3615
137	Qualcomm	wcn3620
138	Qualcomm	wcn3660b
139	Qualcomm	wcn3680b
140	Qualcomm	wcn3950
141	Qualcomm	wcn3980
142	Qualcomm	wcn3990
143	Qualcomm	wcn3998
144	Qualcomm	wcn3999
145	Qualcomm	wgr7640
146	Qualcomm	whs9410
147	Qualcomm	wsa8810
148	Qualcomm	wsa8815
149	Qualcomm	wtr2955
150	Qualcomm	wtr2965
151	Qualcomm	wtr3925
152	Qualcomm	wtr4905
153	Qualcomm	wtr5975
154	Qualcomm	sd636
155	Qualcomm	sd8cx
156	Qualcomm	qca8337
157	Qualcomm	qca9377
158	Qualcomm	sdw2500
159	Qualcomm	sdx24
160	Qualcomm	msm8916

: Total Affected Vendor : 1 | Products : 160

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2020-11152.

URL	Resource
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin	Broken Link
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin	Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2020-11152 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2020-11152 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value

Initial Analysis by [email protected]

Jan. 29, 2021

Action	Type	Old Value	New Value
Added	CVSS V2		NIST (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Added	CVSS V3.1		NIST AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Changed	Reference Type	https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin No Types Assigned	https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin Broken Link
Added	Reference		https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin [Patch, Vendor Advisory]
Added	CWE		NIST CWE-362
Added	CPE Configuration		OR cpe:2.3:h:qualcomm:apq8009w:-::::::: cpe:2.3:h:qualcomm:apq8017:-::::::: cpe:2.3:h:qualcomm:apq8037:-::::::: cpe:2.3:h:qualcomm:apq8052:-::::::: cpe:2.3:h:qualcomm:apq8053:-::::::: cpe:2.3:h:qualcomm:apq8056:-::::::: cpe:2.3:h:qualcomm:apq8076:-::::::: cpe:2.3:h:qualcomm:apq8096au:-::::::: cpe:2.3:h:qualcomm:aqt1000:-::::::: cpe:2.3:h:qualcomm:ar8031:-::::::: cpe:2.3:h:qualcomm:csra6620:-::::::: cpe:2.3:h:qualcomm:csra6640:-::::::: cpe:2.3:h:qualcomm:msm8909w:-::::::: cpe:2.3:h:qualcomm:msm8916:-::::::: cpe:2.3:h:qualcomm:msm8917:-::::::: cpe:2.3:h:qualcomm:msm8920:-::::::: cpe:2.3:h:qualcomm:msm8937:-::::::: cpe:2.3:h:qualcomm:msm8940:-::::::: cpe:2.3:h:qualcomm:msm8952:-::::::: cpe:2.3:h:qualcomm:msm8953:-::::::: cpe:2.3:h:qualcomm:msm8956:-::::::: cpe:2.3:h:qualcomm:msm8976:-::::::: cpe:2.3:h:qualcomm:msm8976sg:-::::::: cpe:2.3:h:qualcomm:msm8996au:-::::::: cpe:2.3:h:qualcomm:pm439:-::::::: cpe:2.3:h:qualcomm:pm660:-::::::: cpe:2.3:h:qualcomm:pm660a:-::::::: cpe:2.3:h:qualcomm:pm660l:-::::::: cpe:2.3:h:qualcomm:pm670:-::::::: cpe:2.3:h:qualcomm:pm670a:-::::::: cpe:2.3:h:qualcomm:pm670l:-::::::: cpe:2.3:h:qualcomm:pm8004:-::::::: cpe:2.3:h:qualcomm:pm8005:-::::::: cpe:2.3:h:qualcomm:pm855:-::::::: cpe:2.3:h:qualcomm:pm855a:-::::::: cpe:2.3:h:qualcomm:pm855b:-::::::: cpe:2.3:h:qualcomm:pm855l:-::::::: cpe:2.3:h:qualcomm:pm855p:-::::::: cpe:2.3:h:qualcomm:pm8916:-::::::: cpe:2.3:h:qualcomm:pm8937:-::::::: cpe:2.3:h:qualcomm:pm8940:-::::::: cpe:2.3:h:qualcomm:pm8952:-::::::: cpe:2.3:h:qualcomm:pm8953:-::::::: cpe:2.3:h:qualcomm:pm8956:-::::::: cpe:2.3:h:qualcomm:pm8998:-::::::: cpe:2.3:h:qualcomm:pmd9655:-::::::: cpe:2.3:h:qualcomm:pmi632:-::::::: cpe:2.3:h:qualcomm:pmi8937:-::::::: cpe:2.3:h:qualcomm:pmi8952:-::::::: cpe:2.3:h:qualcomm:pmi8998:-::::::: cpe:2.3:h:qualcomm:pmm8996au:-::::::: cpe:2.3:h:qualcomm:pmx24:-::::::: cpe:2.3:h:qualcomm:pmx50:-::::::: cpe:2.3:h:qualcomm:qat3514:-::::::: cpe:2.3:h:qualcomm:qat3522:-::::::: cpe:2.3:h:qualcomm:qat3550:-::::::: cpe:2.3:h:qualcomm:qbt1000:-::::::: cpe:2.3:h:qualcomm:qbt1500:-::::::: cpe:2.3:h:qualcomm:qbt2000:-::::::: cpe:2.3:h:qualcomm:qca6174a:-::::::: cpe:2.3:h:qualcomm:qca6310:-::::::: cpe:2.3:h:qualcomm:qca6320:-::::::: cpe:2.3:h:qualcomm:qca6420:-::::::: cpe:2.3:h:qualcomm:qca6430:-::::::: cpe:2.3:h:qualcomm:qca6564a:-::::::: cpe:2.3:h:qualcomm:qca6564au:-::::::: cpe:2.3:h:qualcomm:qca6574a:-::::::: cpe:2.3:h:qualcomm:qca6574au:-::::::: cpe:2.3:h:qualcomm:qca6584au:-::::::: cpe:2.3:h:qualcomm:qca8337:-::::::: cpe:2.3:h:qualcomm:qca9377:-::::::: cpe:2.3:h:qualcomm:qcc1110:-::::::: cpe:2.3:h:qualcomm:qcs405:-::::::: cpe:2.3:h:qualcomm:qcs603:-::::::: cpe:2.3:h:qualcomm:qcs605:-::::::: cpe:2.3:h:qualcomm:qet4100:-::::::: cpe:2.3:h:qualcomm:qet4101:-::::::: cpe:2.3:h:qualcomm:qet5100:-::::::: cpe:2.3:h:qualcomm:qet5100m:-::::::: cpe:2.3:h:qualcomm:qfe2080fc:-::::::: cpe:2.3:h:qualcomm:qfe2081fc:-::::::: cpe:2.3:h:qualcomm:qfe2082fc:-::::::: cpe:2.3:h:qualcomm:qfe2101:-::::::: cpe:2.3:h:qualcomm:qfe2550:-::::::: cpe:2.3:h:qualcomm:qfe3100:-::::::: cpe:2.3:h:qualcomm:qfe3440fc:-::::::: cpe:2.3:h:qualcomm:qfe4301:-::::::: cpe:2.3:h:qualcomm:qfe4302:-::::::: cpe:2.3:h:qualcomm:qfe4303:-::::::: cpe:2.3:h:qualcomm:qfe4305:-::::::: cpe:2.3:h:qualcomm:qfe4308:-::::::: cpe:2.3:h:qualcomm:qfe4309:-::::::: cpe:2.3:h:qualcomm:qfe4320:-::::::: cpe:2.3:h:qualcomm:qfe4373fc:-::::::: cpe:2.3:h:qualcomm:qfe4455fc:-::::::: cpe:2.3:h:qualcomm:qfe4465fc:-::::::: cpe:2.3:h:qualcomm:qln1035bd:-::::::: cpe:2.3:h:qualcomm:qpa4340:-::::::: cpe:2.3:h:qualcomm:qpa4360:-::::::: cpe:2.3:h:qualcomm:qpa5460:-::::::: cpe:2.3:h:qualcomm:qsw8573:-::::::: cpe:2.3:h:qualcomm:qtc800h:-::::::: cpe:2.3:h:qualcomm:qtc800s:-::::::: cpe:2.3:h:qualcomm:qtc800t:-::::::: cpe:2.3:h:qualcomm:qtc801s:-::::::: cpe:2.3:h:qualcomm:rgr7640au:-::::::: cpe:2.3:h:qualcomm:rsw8577:-::::::: cpe:2.3:h:qualcomm:sd439:-::::::: cpe:2.3:h:qualcomm:sd450:-::::::: cpe:2.3:h:qualcomm:sd636:-::::::: cpe:2.3:h:qualcomm:sd660:-::::::: cpe:2.3:h:qualcomm:sd710:-::::::: cpe:2.3:h:qualcomm:sd712:-::::::: cpe:2.3:h:qualcomm:sd835:-::::::: cpe:2.3:h:qualcomm:sd855:-::::::: cpe:2.3:h:qualcomm:sd8cx:-::::::: cpe:2.3:h:qualcomm:sdm630:-::::::: cpe:2.3:h:qualcomm:sdm830:-::::::: cpe:2.3:h:qualcomm:sdr051:-::::::: cpe:2.3:h:qualcomm:sdr052:-::::::: cpe:2.3:h:qualcomm:sdr660:-::::::: cpe:2.3:h:qualcomm:sdr8150:-::::::: cpe:2.3:h:qualcomm:sdw2500:-::::::: cpe:2.3:h:qualcomm:sdw3100:-::::::: cpe:2.3:h:qualcomm:sdx24:-::::::: cpe:2.3:h:qualcomm:sdx50m:-::::::: cpe:2.3:h:qualcomm:smb1351:-::::::: cpe:2.3:h:qualcomm:smb1355:-::::::: cpe:2.3:h:qualcomm:smb1358:-::::::: cpe:2.3:h:qualcomm:smb1360:-::::::: cpe:2.3:h:qualcomm:smb1380:-::::::: cpe:2.3:h:qualcomm:smb1381:-::::::: cpe:2.3:h:qualcomm:smb1390:-::::::: cpe:2.3:h:qualcomm:smb231:-::::::: cpe:2.3:h:qualcomm:wcd9306:-::::::: cpe:2.3:h:qualcomm:wcd9326:-::::::: cpe:2.3:h:qualcomm:wcd9330:-::::::: cpe:2.3:h:qualcomm:wcd9335:-::::::: cpe:2.3:h:qualcomm:wcd9340:-::::::: cpe:2.3:h:qualcomm:wcd9341:-::::::: cpe:2.3:h:qualcomm:wcd9360:-::::::: cpe:2.3:h:qualcomm:wcn3610:-::::::: cpe:2.3:h:qualcomm:wcn3615:-::::::: cpe:2.3:h:qualcomm:wcn3620:-::::::: cpe:2.3:h:qualcomm:wcn3660b:-::::::: cpe:2.3:h:qualcomm:wcn3680b:-::::::: cpe:2.3:h:qualcomm:wcn3950:-::::::: cpe:2.3:h:qualcomm:wcn3980:-::::::: cpe:2.3:h:qualcomm:wcn3990:-::::::: cpe:2.3:h:qualcomm:wcn3998:-::::::: cpe:2.3:h:qualcomm:wcn3999:-::::::: cpe:2.3:h:qualcomm:wgr7640:-::::::: cpe:2.3:h:qualcomm:whs9410:-::::::: cpe:2.3:h:qualcomm:wsa8810:-::::::: cpe:2.3:h:qualcomm:wsa8815:-::::::: cpe:2.3:h:qualcomm:wtr2955:-::::::: cpe:2.3:h:qualcomm:wtr2965:-::::::: cpe:2.3:h:qualcomm:wtr3925:-::::::: cpe:2.3:h:qualcomm:wtr4905:-::::::: cpe:2.3:h:qualcomm:wtr5975:-:::::::

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2020-11152 is associated with the following CWEs:

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2020-11152 weaknesses.

CAPEC-26: Leveraging Race Conditions Leveraging Race Conditions CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

CVE-2020-11152

Qualcomm Snapdragon V vested Reference Handling

Description

INFO

Jan. 21, 2021, 10:15 a.m.

Jan. 29, 2021, 8:24 p.m.

[email protected]

No

5.9

0.5

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.04 }} 0.00%

0.10264

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable