6.7
MEDIUM
CVE-2020-11183
Qualcomm Snapdragon Buffer Overflow Vulnerability (Privilege Escalation)
Description

A process can potentially cause a buffer overflow in the display service allowing privilege escalation by executing code as that service in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

INFO

Published Date :

Jan. 21, 2021, 10:15 a.m.

Last Modified :

Jan. 29, 2021, 10:13 p.m.

Remotely Exploitable :

No

Impact Score :

5.9

Exploitability Score :

0.8
Affected Products

The following products are affected by CVE-2020-11183 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Qualcomm apq8009
2 Qualcomm apq8009w
3 Qualcomm apq8017
4 Qualcomm apq8037
5 Qualcomm apq8053
6 Qualcomm apq8096au
7 Qualcomm ar8151
8 Qualcomm mdm9206
9 Qualcomm mdm9650
10 Qualcomm mdm9655
11 Qualcomm msm8909w
12 Qualcomm msm8917
13 Qualcomm msm8920
14 Qualcomm msm8937
15 Qualcomm msm8940
16 Qualcomm msm8953
17 Qualcomm msm8996au
18 Qualcomm pm215
19 Qualcomm pm439
20 Qualcomm pm660
21 Qualcomm pm660a
22 Qualcomm pm660l
23 Qualcomm pm8004
24 Qualcomm pm8005
25 Qualcomm pm855a
26 Qualcomm pm8909
27 Qualcomm pm8916
28 Qualcomm pm8937
29 Qualcomm pm8940
30 Qualcomm pm8953
31 Qualcomm pm8996
32 Qualcomm pm8998
33 Qualcomm pmd9607
34 Qualcomm pmd9655
35 Qualcomm pmi632
36 Qualcomm pmi8937
37 Qualcomm pmi8940
38 Qualcomm pmi8952
39 Qualcomm pmi8994
40 Qualcomm pmi8996
41 Qualcomm pmi8998
42 Qualcomm pmk8001
43 Qualcomm pmm855au
44 Qualcomm pmm8996au
45 Qualcomm qat3514
46 Qualcomm qat3522
47 Qualcomm qat3550
48 Qualcomm qbt1000
49 Qualcomm qbt1500
50 Qualcomm qca6174a
51 Qualcomm qca6310
52 Qualcomm qca6320
53 Qualcomm qca6564a
54 Qualcomm qca6564au
55 Qualcomm qca6574a
56 Qualcomm qca6574au
57 Qualcomm qca6595
58 Qualcomm qca6595au
59 Qualcomm qca9379
60 Qualcomm qcc1110
61 Qualcomm qet4100
62 Qualcomm qet4101
63 Qualcomm qet4200aq
64 Qualcomm qet5100
65 Qualcomm qfe2080fc
66 Qualcomm qfe2081fc
67 Qualcomm qfe2082fc
68 Qualcomm qfe2101
69 Qualcomm qfe2550
70 Qualcomm qfe3100
71 Qualcomm qfe3440fc
72 Qualcomm qfe4301
73 Qualcomm qfe4302
74 Qualcomm qfe4303
75 Qualcomm qfe4305
76 Qualcomm qfe4308
77 Qualcomm qfe4309
78 Qualcomm qfe4320
79 Qualcomm qfe4373fc
80 Qualcomm qfe4455fc
81 Qualcomm qfe4465fc
82 Qualcomm qln1021aq
83 Qualcomm qln1030
84 Qualcomm qln1031
85 Qualcomm qln1035bd
86 Qualcomm qln1036aq
87 Qualcomm qpa4340
88 Qualcomm qpa4360
89 Qualcomm qpa5373
90 Qualcomm qpa5460
91 Qualcomm qsw8573
92 Qualcomm qtc800h
93 Qualcomm qtc800s
94 Qualcomm qtc800t
95 Qualcomm qtc801s
96 Qualcomm qualcomm215
97 Qualcomm rgr7640au
98 Qualcomm rsw8577
99 Qualcomm sd439
100 Qualcomm sd450
101 Qualcomm sd660
102 Qualcomm sd710
103 Qualcomm sd712
104 Qualcomm sd820
105 Qualcomm sd821
106 Qualcomm sd835
107 Qualcomm sdm630
108 Qualcomm sdm830
109 Qualcomm sdr051
110 Qualcomm sdr052
111 Qualcomm sdr660
112 Qualcomm sdw3100
113 Qualcomm sdx50m
114 Qualcomm smb1350
115 Qualcomm smb1351
116 Qualcomm smb1355
117 Qualcomm smb1357
118 Qualcomm smb1358
119 Qualcomm smb1360
120 Qualcomm smb1380
121 Qualcomm smb231
122 Qualcomm wcd9326
123 Qualcomm wcd9330
124 Qualcomm wcd9335
125 Qualcomm wcd9340
126 Qualcomm wcd9341
127 Qualcomm wcn3615
128 Qualcomm wcn3620
129 Qualcomm wcn3660b
130 Qualcomm wcn3680
131 Qualcomm wcn3680b
132 Qualcomm wcn3980
133 Qualcomm wcn3990
134 Qualcomm wgr7640
135 Qualcomm wsa8810
136 Qualcomm wsa8815
137 Qualcomm wtr2955
138 Qualcomm wtr2965
139 Qualcomm wtr3905
140 Qualcomm wtr3925
141 Qualcomm wtr3950
142 Qualcomm wtr4905
143 Qualcomm wtr5975
144 Qualcomm sd636
145 Qualcomm mdm9250
146 Qualcomm pmx20
147 Qualcomm qca9367
148 Qualcomm qca9377
149 Qualcomm sdw2500
150 Qualcomm sdx20
151 Qualcomm sdx20m
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2020-11183.

URL Resource
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin Broken Link
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin Patch Vendor Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2020-11183 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2020-11183 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • Initial Analysis by [email protected]

    Jan. 29, 2021

    Action Type Old Value New Value
    Added CVSS V2 NIST (AV:L/AC:L/Au:N/C:C/I:C/A:C)
    Added CVSS V3.1 NIST AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    Changed Reference Type https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin No Types Assigned https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin Broken Link
    Added Reference https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin [Patch, Vendor Advisory]
    Added CWE NIST CWE-120
    Added CPE Configuration OR *cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:apq8009w:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:apq8017:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:apq8037:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:ar8151:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:mdm9250:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8917:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8920:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8937:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8940:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8953:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm215:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm439:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm660:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm660a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm660l:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8004:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8005:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm855a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8909:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8916:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8937:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8940:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8953:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8996:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pm8998:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmd9607:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmd9655:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmi632:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmi8937:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmi8940:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmi8952:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmi8994:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmi8996:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmi8998:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmk8001:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmm855au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmm8996au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:pmx20:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3514:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3522:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qat3550:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qbt1000:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qbt1500:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6310:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6320:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6564a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6564au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca9367:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qca9379:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qcc1110:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet4100:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet4101:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet4200aq:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qet5100:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe2080fc:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe2081fc:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe2082fc:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe2101:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe2550:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe3100:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe3440fc:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4301:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4302:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4303:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4305:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4308:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4309:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4320:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4373fc:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4455fc:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qfe4465fc:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln1021aq:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln1030:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln1031:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln1035bd:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qln1036aq:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa4340:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa4360:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa5373:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qpa5460:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qsw8573:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtc800h:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtc800s:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtc800t:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qtc801s:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:qualcomm215:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:rgr7640au:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:rsw8577:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd439:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd450:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd636:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd660:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd710:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd712:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd820:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd821:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sd835:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdm830:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr051:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr052:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdr660:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdw2500:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdw3100:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdx20m:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:sdx50m:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1350:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1351:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1355:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1357:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1358:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1360:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb1380:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:smb231:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9326:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9330:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9335:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9340:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3615:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3620:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3680:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wcn3990:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wgr7640:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wtr2955:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wtr2965:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wtr3905:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wtr3925:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wtr3950:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wtr4905:-:*:*:*:*:*:*:* *cpe:2.3:h:qualcomm:wtr5975:-:*:*:*:*:*:*:*
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2020-11183 is associated with the following CWEs:

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.04 }} 0.00%

score

0.10264

percentile

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability