CVE-2020-11151

Race condition occurs while calling user space ioctl from two different threads can results to use after free issue in video in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

CVSS v3 6.4 MEDIUM
CVSS v2.0 6.9 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin	Broken Link
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin	Patch Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:qualcomm:pm3003a:-:::::::*
	cpe:2.3:h:qualcomm:pm6125:-:::::::*
	cpe:2.3:h:qualcomm:pm6150:-:::::::*
	cpe:2.3:h:qualcomm:pm6150a:-:::::::*
	cpe:2.3:h:qualcomm:pm6150l:-:::::::*
	cpe:2.3:h:qualcomm:pm6350:-:::::::*
	cpe:2.3:h:qualcomm:pm640a:-:::::::*
	cpe:2.3:h:qualcomm:pm640l:-:::::::*
	cpe:2.3:h:qualcomm:pm640p:-:::::::*
	cpe:2.3:h:qualcomm:pm7150a:-:::::::*
	cpe:2.3:h:qualcomm:pm7150l:-:::::::*
	cpe:2.3:h:qualcomm:pm7250:-:::::::*
	cpe:2.3:h:qualcomm:pm7250b:-:::::::*
	cpe:2.3:h:qualcomm:pm8008:-:::::::*
	cpe:2.3:h:qualcomm:pm8009:-:::::::*
	cpe:2.3:h:qualcomm:pm8150a:-:::::::*
	cpe:2.3:h:qualcomm:pm8150b:-:::::::*
	cpe:2.3:h:qualcomm:pm8150c:-:::::::*
	cpe:2.3:h:qualcomm:pm8150l:-:::::::*
	cpe:2.3:h:qualcomm:pm8250:-:::::::*
	cpe:2.3:h:qualcomm:pmi632:-:::::::*
	cpe:2.3:h:qualcomm:pmk8002:-:::::::*
	cpe:2.3:h:qualcomm:pmk8003:-:::::::*
	cpe:2.3:h:qualcomm:pmm8195au:-:::::::*
	cpe:2.3:h:qualcomm:pmm855au:-:::::::*
	cpe:2.3:h:qualcomm:pmr525:-:::::::*
	cpe:2.3:h:qualcomm:pmr735a:-:::::::*
	cpe:2.3:h:qualcomm:pmr735b:-:::::::*
	cpe:2.3:h:qualcomm:pmx55:-:::::::*
	cpe:2.3:h:qualcomm:qat3516:-:::::::*
	cpe:2.3:h:qualcomm:qat3518:-:::::::*
	cpe:2.3:h:qualcomm:qat3519:-:::::::*
	cpe:2.3:h:qualcomm:qat3522:-:::::::*
	cpe:2.3:h:qualcomm:qat3550:-:::::::*
	cpe:2.3:h:qualcomm:qat3555:-:::::::*
	cpe:2.3:h:qualcomm:qat5515:-:::::::*
	cpe:2.3:h:qualcomm:qat5516:-:::::::*
	cpe:2.3:h:qualcomm:qat5522:-:::::::*
	cpe:2.3:h:qualcomm:qat5533:-:::::::*
	cpe:2.3:h:qualcomm:qbt1500:-:::::::*
	cpe:2.3:h:qualcomm:qbt2000:-:::::::*
	cpe:2.3:h:qualcomm:qca6390:-:::::::*
	cpe:2.3:h:qualcomm:qca6391:-:::::::*
	cpe:2.3:h:qualcomm:qca6421:-:::::::*
	cpe:2.3:h:qualcomm:qca6426:-:::::::*
	cpe:2.3:h:qualcomm:qca6431:-:::::::*
	cpe:2.3:h:qualcomm:qca6436:-:::::::*
	cpe:2.3:h:qualcomm:qca6574a:-:::::::*
	cpe:2.3:h:qualcomm:qca6574au:-:::::::*
	cpe:2.3:h:qualcomm:qca6584au:-:::::::*
	cpe:2.3:h:qualcomm:qca6595:-:::::::*
	cpe:2.3:h:qualcomm:qca6595au:-:::::::*
	cpe:2.3:h:qualcomm:qca6696:-:::::::*
	cpe:2.3:h:qualcomm:qcm4290:-:::::::*
	cpe:2.3:h:qualcomm:qcs4290:-:::::::*
	cpe:2.3:h:qualcomm:qdm2301:-:::::::*
	cpe:2.3:h:qualcomm:qdm2305:-:::::::*
	cpe:2.3:h:qualcomm:qdm2307:-:::::::*
	cpe:2.3:h:qualcomm:qdm2308:-:::::::*
	cpe:2.3:h:qualcomm:qdm2310:-:::::::*
	cpe:2.3:h:qualcomm:qdm3301:-:::::::*
	cpe:2.3:h:qualcomm:qdm5620:-:::::::*
	cpe:2.3:h:qualcomm:qdm5621:-:::::::*
	cpe:2.3:h:qualcomm:qdm5650:-:::::::*
cpe:2.3:h:qualcomm:qdm5652:-:::::::*
cpe:2.3:h:qualcomm:qdm5670:-:::::::*
cpe:2.3:h:qualcomm:qdm5671:-:::::::*
cpe:2.3:h:qualcomm:qdm5677:-:::::::*
cpe:2.3:h:qualcomm:qdm5679:-:::::::*
cpe:2.3:h:qualcomm:qet4101:-:::::::*
cpe:2.3:h:qualcomm:qet5100:-:::::::*
cpe:2.3:h:qualcomm:qet6100:-:::::::*
cpe:2.3:h:qualcomm:qet6110:-:::::::*
cpe:2.3:h:qualcomm:qfs2530:-:::::::*
cpe:2.3:h:qualcomm:qfs2580:-:::::::*
cpe:2.3:h:qualcomm:qln4642:-:::::::*
cpe:2.3:h:qualcomm:qln4650:-:::::::*
cpe:2.3:h:qualcomm:qln5020:-:::::::*
cpe:2.3:h:qualcomm:qln5030:-:::::::*
cpe:2.3:h:qualcomm:qln5040:-:::::::*
cpe:2.3:h:qualcomm:qpa2625:-:::::::*
cpe:2.3:h:qualcomm:qpa4360:-:::::::*
cpe:2.3:h:qualcomm:qpa5580:-:::::::*
cpe:2.3:h:qualcomm:qpa5581:-:::::::*
cpe:2.3:h:qualcomm:qpa6560:-:::::::*
cpe:2.3:h:qualcomm:qpa8673:-:::::::*
cpe:2.3:h:qualcomm:qpa8686:-:::::::*
cpe:2.3:h:qualcomm:qpa8801:-:::::::*
cpe:2.3:h:qualcomm:qpa8802:-:::::::*
cpe:2.3:h:qualcomm:qpa8803:-:::::::*
cpe:2.3:h:qualcomm:qpa8821:-:::::::*
cpe:2.3:h:qualcomm:qpa8842:-:::::::*
cpe:2.3:h:qualcomm:qpm4650:-:::::::*
cpe:2.3:h:qualcomm:qpm5621:-:::::::*
cpe:2.3:h:qualcomm:qpm5658:-:::::::*
cpe:2.3:h:qualcomm:qpm5670:-:::::::*
cpe:2.3:h:qualcomm:qpm5677:-:::::::*
cpe:2.3:h:qualcomm:qpm5679:-:::::::*
cpe:2.3:h:qualcomm:qpm6582:-:::::::*
cpe:2.3:h:qualcomm:qpm6585:-:::::::*
cpe:2.3:h:qualcomm:qpm8820:-:::::::*
cpe:2.3:h:qualcomm:qpm8830:-:::::::*
cpe:2.3:h:qualcomm:qpm8870:-:::::::*
cpe:2.3:h:qualcomm:qpm8895:-:::::::*
cpe:2.3:h:qualcomm:qsm7250:-:::::::*
cpe:2.3:h:qualcomm:qsw8574:-:::::::*
cpe:2.3:h:qualcomm:qtc410s:-:::::::*
cpe:2.3:h:qualcomm:qtc800h:-:::::::*
cpe:2.3:h:qualcomm:qtc801s:-:::::::*
cpe:2.3:h:qualcomm:qtm525:-:::::::*
cpe:2.3:h:qualcomm:sa6155p:-:::::::*
cpe:2.3:h:qualcomm:sa8150p:-:::::::*
cpe:2.3:h:qualcomm:sa8155:-:::::::*
cpe:2.3:h:qualcomm:sa8195p:-:::::::*
cpe:2.3:h:qualcomm:sd460:-:::::::*
cpe:2.3:h:qualcomm:sd662:-:::::::*
cpe:2.3:h:qualcomm:sd665:-:::::::*
cpe:2.3:h:qualcomm:sd675:-:::::::*
cpe:2.3:h:qualcomm:sd6905g:-:::::::*
cpe:2.3:h:qualcomm:sd750g:-:::::::*
cpe:2.3:h:qualcomm:sd765:-:::::::*
cpe:2.3:h:qualcomm:sd765g:-:::::::*
cpe:2.3:h:qualcomm:sd768g:-:::::::*
cpe:2.3:h:qualcomm:sd8655g:-:::::::*
cpe:2.3:h:qualcomm:sda429w:-:::::::*
cpe:2.3:h:qualcomm:sdr425:-:::::::*
cpe:2.3:h:qualcomm:sdr660:-:::::::*
cpe:2.3:h:qualcomm:sdr660g:-:::::::*
cpe:2.3:h:qualcomm:sdr735:-:::::::*
cpe:2.3:h:qualcomm:sdr8250:-:::::::*
cpe:2.3:h:qualcomm:sdr865:-:::::::*
cpe:2.3:h:qualcomm:sdx55:-:::::::*
cpe:2.3:h:qualcomm:sdx55m:-:::::::*
cpe:2.3:h:qualcomm:sdxr25g:-:::::::*
cpe:2.3:h:qualcomm:sm7250p:-:::::::*
cpe:2.3:h:qualcomm:smb1354:-:::::::*
cpe:2.3:h:qualcomm:smb1355:-:::::::*
cpe:2.3:h:qualcomm:smb1390:-:::::::*
cpe:2.3:h:qualcomm:smb1395:-:::::::*
cpe:2.3:h:qualcomm:smb1396:-:::::::*
cpe:2.3:h:qualcomm:smr525:-:::::::*
cpe:2.3:h:qualcomm:smr526:-:::::::*
cpe:2.3:h:qualcomm:wcd9341:-:::::::*
cpe:2.3:h:qualcomm:wcd9370:-:::::::*
cpe:2.3:h:qualcomm:wcd9375:-:::::::*
cpe:2.3:h:qualcomm:wcd9380:-:::::::*
cpe:2.3:h:qualcomm:wcd9385:-:::::::*
cpe:2.3:h:qualcomm:wcn3610:-:::::::*
cpe:2.3:h:qualcomm:wcn3620:-:::::::*
cpe:2.3:h:qualcomm:wcn3660b:-:::::::*
cpe:2.3:h:qualcomm:wcn3950:-:::::::*
cpe:2.3:h:qualcomm:wcn3980:-:::::::*
cpe:2.3:h:qualcomm:wcn3988:-:::::::*
cpe:2.3:h:qualcomm:wcn3991:-:::::::*
cpe:2.3:h:qualcomm:wcn3998:-:::::::*
cpe:2.3:h:qualcomm:wcn6750:-:::::::*
cpe:2.3:h:qualcomm:wcn6850:-:::::::*
cpe:2.3:h:qualcomm:wcn6851:-:::::::*
cpe:2.3:h:qualcomm:wgr7640:-:::::::*
cpe:2.3:h:qualcomm:wsa8810:-:::::::*
cpe:2.3:h:qualcomm:wsa8815:-:::::::*
cpe:2.3:h:qualcomm:wsa8830:-:::::::*
cpe:2.3:h:qualcomm:wsa8835:-:::::::*
cpe:2.3:h:qualcomm:wtr2965:-:::::::*
cpe:2.3:h:qualcomm:wtr3925:-:::::::*

History

21 Nov 2024, 04:56

Type	Values Removed	Values Added
References	~~() https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin - Broken Link~~	() https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin - Broken Link

Information

Published : 2021-01-21 10:15

Updated : 2024-11-21 04:56

NVD link : CVE-2020-11151

Mitre link : CVE-2020-11151

CVE.ORG link : CVE-2020-11151

JSON object : View

Products Affected

qualcomm

sa6155p
pm640a
wcn3998
wcn3660b
wcn6750
qpm8870
wcd9380
qat5522
pm8250
sdx55
qat5516
qtc410s
sd665
qpm6585
qfs2530
qpm5621
qca6426
qpm6582
pm6150a
pm6150l
qat3518
pm8009
qca6390
wsa8830
sd460
pmk8002
qln5040
wcn6850
qpa2625
smr525
qdm2301
qtm525
sa8150p
smr526
pmr525
qat5533
sd662
qdm3301
wcd9370
qca6431
qdm2305
pm8150c
sdxr25g
pmk8003
qdm5621
wtr2965
wcn3980
qdm5650
qpm4650
sdr735
qfs2580
qca6421
sdr660g
pmm8195au
smb1390
qet6100
sa8195p
pm8150l
qca6595au
qdm5652
smb1395
qcm4290
sd768g
qpa6560
pm6125
wcn3610
pm3003a
wcn3991
qbt2000
qcs4290
wcn3988
pm7150a
qln4642
qln5020
pmr735a
qca6584au
qln4650
qbt1500
sd6905g
wgr7640
wtr3925
qca6595
qet4101
qca6391
qsw8574
smb1354
qdm5671
wcn3950
qca6574au
qca6696
qpm8830
qdm2310
qpa8842
sdr425
qpa5581
smb1396
sdx55m
qtc801s
pmm855au
sda429w
wsa8810
qpa5580
sd675
qat3519
sd8655g
sdr660
wsa8835
sm7250p
pmx55
pm7150l
qdm2308
qet6110
sa8155
qpa8821
qdm5620
sd750g
qca6574a
qpa8801
wcd9341
qdm5677
wcd9375
sd765
qat3550
pm7250
qpm5679
qpm5658
qpm5677
qdm5670
wsa8815
qpm8820
smb1355
qpm8895
qtc800h
pm6350
qdm5679
pm640l
qpa4360
qdm2307
sdr865
qsm7250
wcd9385
qat3555
qca6436
pm6150
pmi632
wcn6851
qat3516
sdr8250
qat5515
sd765g
qpa8673
qet5100
pm640p
pm8008
qpm5670
qln5030
pm7250b
qpa8686
pm8150b
qat3522
qpa8803
pm8150a
qpa8802
pmr735b
wcn3620

CWE

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-416

Use After Free

6.4 /10