7.8
HIGH
CVE-2020-11180
Snapdragon Out-of-Bounds Access Vulnerability
Description

Out of bound access in computer vision control due to improper validation of command length before processing it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

INFO

Published Date :

Jan. 21, 2021, 10:15 a.m.

Last Modified :

Nov. 21, 2024, 4:57 a.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

1.8
Affected Products

The following products are affected by CVE-2020-11180 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Qualcomm aqt1000
2 Qualcomm pm3003a
3 Qualcomm pm6150
4 Qualcomm pm7150a
5 Qualcomm pm7150l
6 Qualcomm pm7250
7 Qualcomm pm7250b
8 Qualcomm pm8004
9 Qualcomm pm8008
10 Qualcomm pm8009
11 Qualcomm pm8150
12 Qualcomm pm8150a
13 Qualcomm pm8150b
14 Qualcomm pm8150c
15 Qualcomm pm8150l
16 Qualcomm pm8250
17 Qualcomm pm855
18 Qualcomm pm855b
19 Qualcomm pm855l
20 Qualcomm pm855p
21 Qualcomm pmc1000h
22 Qualcomm pmk8002
23 Qualcomm pmk8003
24 Qualcomm pmm6155au
25 Qualcomm pmm8155au
26 Qualcomm pmm8195au
27 Qualcomm pmm855au
28 Qualcomm pmr525
29 Qualcomm pmr735b
30 Qualcomm pmx50
31 Qualcomm pmx55
32 Qualcomm qat3516
33 Qualcomm qat3518
34 Qualcomm qat3519
35 Qualcomm qat3555
36 Qualcomm qat5515
37 Qualcomm qat5522
38 Qualcomm qat5533
39 Qualcomm qbt1500
40 Qualcomm qbt2000
41 Qualcomm qca6390
42 Qualcomm qca6391
43 Qualcomm qca6420
44 Qualcomm qca6421
45 Qualcomm qca6426
46 Qualcomm qca6430
47 Qualcomm qca6431
48 Qualcomm qca6436
49 Qualcomm qca6574
50 Qualcomm qca6574a
51 Qualcomm qca6574au
52 Qualcomm qca6595au
53 Qualcomm qca6696
54 Qualcomm qdm2301
55 Qualcomm qdm2305
56 Qualcomm qdm3301
57 Qualcomm qdm5620
58 Qualcomm qdm5621
59 Qualcomm qdm5650
60 Qualcomm qdm5652
61 Qualcomm qdm5670
62 Qualcomm qdm5671
63 Qualcomm qdm5677
64 Qualcomm qdm5679
65 Qualcomm qet4101
66 Qualcomm qet5100
67 Qualcomm qet6110
68 Qualcomm qfs2530
69 Qualcomm qfs2580
70 Qualcomm qln4642
71 Qualcomm qln4650
72 Qualcomm qln5020
73 Qualcomm qln5030
74 Qualcomm qln5040
75 Qualcomm qpa2625
76 Qualcomm qpa5580
77 Qualcomm qpa6560
78 Qualcomm qpa8673
79 Qualcomm qpa8686
80 Qualcomm qpa8801
81 Qualcomm qpa8802
82 Qualcomm qpa8803
83 Qualcomm qpa8821
84 Qualcomm qpa8842
85 Qualcomm qpm4650
86 Qualcomm qpm5620
87 Qualcomm qpm5621
88 Qualcomm qpm5657
89 Qualcomm qpm5658
90 Qualcomm qpm5670
91 Qualcomm qpm5677
92 Qualcomm qpm5679
93 Qualcomm qpm6582
94 Qualcomm qpm6585
95 Qualcomm qpm8820
96 Qualcomm qpm8830
97 Qualcomm qpm8895
98 Qualcomm qsm7250
99 Qualcomm qsm8250
100 Qualcomm qtc800h
101 Qualcomm qtc801s
102 Qualcomm qtm525
103 Qualcomm sa6145p
104 Qualcomm sa6150p
105 Qualcomm sa6155
106 Qualcomm sa6155p
107 Qualcomm sa8150p
108 Qualcomm sa8155
109 Qualcomm sa8155p
110 Qualcomm sa8195p
111 Qualcomm sc8180x\+sdx55
112 Qualcomm sd730
113 Qualcomm sd765
114 Qualcomm sd765g
115 Qualcomm sd768g
116 Qualcomm sd855
117 Qualcomm sdr051
118 Qualcomm sdr052
119 Qualcomm sdr660
120 Qualcomm sdr735
121 Qualcomm sdr8150
122 Qualcomm sdr8250
123 Qualcomm sdr865
124 Qualcomm sdx50m
125 Qualcomm sdx55
126 Qualcomm sdx55m
127 Qualcomm sm7250p
128 Qualcomm smb1355
129 Qualcomm smb1381
130 Qualcomm smb1390
131 Qualcomm smb1395
132 Qualcomm smb2351
133 Qualcomm smr525
134 Qualcomm smr526
135 Qualcomm wcd9340
136 Qualcomm wcd9341
137 Qualcomm wcd9370
138 Qualcomm wcd9371
139 Qualcomm wcd9375
140 Qualcomm wcd9380
141 Qualcomm wcd9385
142 Qualcomm wcn3910
143 Qualcomm wcn3980
144 Qualcomm wcn3988
145 Qualcomm wcn3990
146 Qualcomm wcn3991
147 Qualcomm wcn3998
148 Qualcomm wcn6750
149 Qualcomm wcn6850
150 Qualcomm wcn6851
151 Qualcomm wsa8810
152 Qualcomm wsa8815
153 Qualcomm wsa8830
154 Qualcomm wsa8835
155 Qualcomm sd8c
156 Qualcomm sd8cx
157 Qualcomm sd8655g
158 Qualcomm sdxr25g
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2020-11180.

URL Resource
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin Broken Link
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin Broken Link

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2020-11180 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2020-11180 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by af854a3a-2127-422b-91ae-364da2661108

    Nov. 21, 2024

    Action Type Old Value New Value
    Added Reference https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin
  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jan. 30, 2021

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin No Types Assigned https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin Broken Link
    Added Reference https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin [Vendor Advisory]
    Added CWE NIST CWE-119
    Added CPE Configuration OR *cpe:2.3:h:qualcomm:aqt1000:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm3003a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm6150:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm7150a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm7150l:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm7250:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm7250b:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8004:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8008:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8009:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8150:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8150a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8150b:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8150c:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8150l:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8250:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm855:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm855b:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm855l:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm855p:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmc1000h:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmk8002:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmk8003:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmm6155au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmm8155au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmm8195au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmm855au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmr525:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmr735b:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmx50:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmx55:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3516:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3518:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3519:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3555:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat5515:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat5522:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat5533:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qbt1500:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qbt2000:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6391:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6420:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6421:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6426:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6430:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6431:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6436:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6574:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6696:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm2301:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm2305:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm3301:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5620:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5621:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5650:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5652:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5670:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5671:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5677:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qdm5679:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet4101:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet5100:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet6110:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfs2530:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfs2580:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln4642:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln4650:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln5020:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln5030:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln5040:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa2625:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa5580:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa6560:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa8673:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa8686:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa8801:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa8802:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa8803:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa8821:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa8842:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm4650:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm5620:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm5621:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm5657:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm5658:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm5670:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm5677:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm5679:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm6582:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm6585:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm8820:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm8830:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpm8895:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qsm7250:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qsm8250:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtc800h:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtc801s:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtm525:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sa6145p:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sa6150p:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sa6155:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sa6155p:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sa8150p:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sa8155:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sa8155p:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sa8195p:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sc8180x\+sdx55:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd730:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd765:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd765g:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd768g:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd855:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd8655g:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd8c:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd8cx:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr051:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr052:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr660:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr735:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr8150:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr8250:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr865:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdx50m:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdx55m:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdxr25g:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sm7250p:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1355:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1381:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1390:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1395:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb2351:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smr525:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smr526:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9340:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9370:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9371:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9375:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9380:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9385:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3910:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3988:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3990:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3991:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3998:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn6750:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn6850:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn6851:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wsa8830:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wsa8835:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.10264

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability