Denial of Service Vulnerability in Snapdragon Platforms by Qualcomm
CVE-2020-11157

7.5HIGH

Key Information:

Vendor
Qualcomm
Status
Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Vendor
CVE Published:
2 November 2020

Summary

The vulnerability arises from inadequate handling of unexpected control messages during encryption processes. This oversight can cause connection terminations, resulting in a denial of service condition across various Snapdragon platforms. Devices affected include Snapdragon Auto, Snapdragon Mobile, and several others. It is crucial for users of these devices to apply necessary patches and updates to maintain security.

Affected Version(s)

Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables APQ8053, APQ8076, MDM9640, MDM9650, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, QCA6174A, QCA9886, QCM2150, QM215, SDM429, SDM439, SDM450, SDM632

References

https://www.qualcomm.com/company/product-security/bulleti...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.