6.4
MEDIUM
CVE-2020-11152
Qualcomm Snapdragon V vested Reference Handling
Description

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

INFO

Published Date :

Jan. 21, 2021, 10:15 a.m.

Last Modified :

Jan. 29, 2021, 8:24 p.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

0.5
Affected Products

The following products are affected by CVE-2020-11152 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Qualcomm apq8009w
2 Qualcomm apq8017
3 Qualcomm apq8037
4 Qualcomm apq8052
5 Qualcomm apq8053
6 Qualcomm apq8056
7 Qualcomm apq8076
8 Qualcomm apq8096au
9 Qualcomm aqt1000
10 Qualcomm ar8031
11 Qualcomm csra6620
12 Qualcomm csra6640
13 Qualcomm msm8909w
14 Qualcomm msm8917
15 Qualcomm msm8920
16 Qualcomm msm8937
17 Qualcomm msm8940
18 Qualcomm msm8952
19 Qualcomm msm8953
20 Qualcomm msm8956
21 Qualcomm msm8976
22 Qualcomm msm8976sg
23 Qualcomm msm8996au
24 Qualcomm pm439
25 Qualcomm pm660
26 Qualcomm pm660a
27 Qualcomm pm660l
28 Qualcomm pm670
29 Qualcomm pm670a
30 Qualcomm pm670l
31 Qualcomm pm8004
32 Qualcomm pm8005
33 Qualcomm pm855
34 Qualcomm pm855a
35 Qualcomm pm855b
36 Qualcomm pm855l
37 Qualcomm pm855p
38 Qualcomm pm8916
39 Qualcomm pm8937
40 Qualcomm pm8940
41 Qualcomm pm8952
42 Qualcomm pm8953
43 Qualcomm pm8956
44 Qualcomm pm8998
45 Qualcomm pmd9655
46 Qualcomm pmi632
47 Qualcomm pmi8937
48 Qualcomm pmi8952
49 Qualcomm pmi8998
50 Qualcomm pmm8996au
51 Qualcomm pmx24
52 Qualcomm pmx50
53 Qualcomm qat3514
54 Qualcomm qat3522
55 Qualcomm qat3550
56 Qualcomm qbt1000
57 Qualcomm qbt1500
58 Qualcomm qbt2000
59 Qualcomm qca6174a
60 Qualcomm qca6310
61 Qualcomm qca6320
62 Qualcomm qca6420
63 Qualcomm qca6430
64 Qualcomm qca6564a
65 Qualcomm qca6564au
66 Qualcomm qca6574a
67 Qualcomm qca6574au
68 Qualcomm qca6584au
69 Qualcomm qcc1110
70 Qualcomm qcs405
71 Qualcomm qcs603
72 Qualcomm qcs605
73 Qualcomm qet4100
74 Qualcomm qet4101
75 Qualcomm qet5100
76 Qualcomm qet5100m
77 Qualcomm qfe2080fc
78 Qualcomm qfe2081fc
79 Qualcomm qfe2082fc
80 Qualcomm qfe2101
81 Qualcomm qfe2550
82 Qualcomm qfe3100
83 Qualcomm qfe3440fc
84 Qualcomm qfe4301
85 Qualcomm qfe4302
86 Qualcomm qfe4303
87 Qualcomm qfe4305
88 Qualcomm qfe4308
89 Qualcomm qfe4309
90 Qualcomm qfe4320
91 Qualcomm qfe4373fc
92 Qualcomm qfe4455fc
93 Qualcomm qfe4465fc
94 Qualcomm qln1035bd
95 Qualcomm qpa4340
96 Qualcomm qpa4360
97 Qualcomm qpa5460
98 Qualcomm qsw8573
99 Qualcomm qtc800h
100 Qualcomm qtc800s
101 Qualcomm qtc800t
102 Qualcomm qtc801s
103 Qualcomm rgr7640au
104 Qualcomm rsw8577
105 Qualcomm sd439
106 Qualcomm sd450
107 Qualcomm sd660
108 Qualcomm sd710
109 Qualcomm sd712
110 Qualcomm sd835
111 Qualcomm sd855
112 Qualcomm sdm630
113 Qualcomm sdm830
114 Qualcomm sdr051
115 Qualcomm sdr052
116 Qualcomm sdr660
117 Qualcomm sdr8150
118 Qualcomm sdw3100
119 Qualcomm sdx50m
120 Qualcomm smb1351
121 Qualcomm smb1355
122 Qualcomm smb1358
123 Qualcomm smb1360
124 Qualcomm smb1380
125 Qualcomm smb1381
126 Qualcomm smb1390
127 Qualcomm smb231
128 Qualcomm wcd9306
129 Qualcomm wcd9326
130 Qualcomm wcd9330
131 Qualcomm wcd9335
132 Qualcomm wcd9340
133 Qualcomm wcd9341
134 Qualcomm wcd9360
135 Qualcomm wcn3610
136 Qualcomm wcn3615
137 Qualcomm wcn3620
138 Qualcomm wcn3660b
139 Qualcomm wcn3680b
140 Qualcomm wcn3950
141 Qualcomm wcn3980
142 Qualcomm wcn3990
143 Qualcomm wcn3998
144 Qualcomm wcn3999
145 Qualcomm wgr7640
146 Qualcomm whs9410
147 Qualcomm wsa8810
148 Qualcomm wsa8815
149 Qualcomm wtr2955
150 Qualcomm wtr2965
151 Qualcomm wtr3925
152 Qualcomm wtr4905
153 Qualcomm wtr5975
154 Qualcomm sd636
155 Qualcomm sd8cx
156 Qualcomm qca8337
157 Qualcomm qca9377
158 Qualcomm sdw2500
159 Qualcomm sdx24
160 Qualcomm msm8916
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2020-11152.

URL Resource
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin Broken Link
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2020-11152 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2020-11152 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jan. 29, 2021

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:M/Au:N/C:C/I:C/A:C)
    Added CVSS V3.1 NIST AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin No Types Assigned https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin Broken Link
    Added Reference https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin [Patch, Vendor Advisory]
    Added CWE NIST CWE-362
    Added CPE Configuration OR *cpe:2.3:h:qualcomm:apq8009w:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:apq8017:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:apq8037:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:apq8052:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:apq8056:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:apq8076:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:aqt1000:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:ar8031:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:csra6620:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:csra6640:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8916:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8917:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8920:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8937:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8940:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8952:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8953:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8956:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8976:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8976sg:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm439:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm660:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm660a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm660l:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm670:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm670a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm670l:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8004:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8005:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm855:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm855a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm855b:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm855l:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm855p:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8916:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8937:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8940:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8952:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8953:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8956:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8998:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmd9655:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmi632:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmi8937:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmi8952:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmi8998:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmm8996au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmx24:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmx50:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3514:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3522:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3550:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qbt1000:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qbt1500:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qbt2000:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6310:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6320:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6420:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6430:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6564a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6564au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca8337:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qcc1110:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qcs603:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet4100:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet4101:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet5100:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet5100m:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe2080fc:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe2081fc:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe2082fc:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe2101:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe2550:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe3100:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe3440fc:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4301:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4302:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4303:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4305:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4308:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4309:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4320:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4373fc:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4455fc:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4465fc:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln1035bd:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa4340:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa4360:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa5460:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qsw8573:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtc800h:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtc800s:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtc800t:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtc801s:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:rgr7640au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:rsw8577:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd439:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd450:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd636:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd660:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd710:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd712:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd835:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd855:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd8cx:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdm830:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr051:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr052:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr660:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr8150:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdw2500:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdw3100:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdx50m:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1351:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1355:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1358:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1360:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1380:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1381:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1390:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb231:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9306:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9326:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9330:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9335:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9340:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9360:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3610:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3615:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3620:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3950:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3990:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3998:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3999:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wgr7640:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:whs9410:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wtr2955:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wtr2965:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wtr3925:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wtr4905:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wtr5975:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2020-11152 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2020-11152 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.10264

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability