Integer Overflow Vulnerability in Qualcomm Snapdragon Products
CVE-2020-11263

7.3HIGH

Key Information:

Vendor
Qualcomm
Status
Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Iot, Snapdragon Industrial Iot, Snapdragon Mobile, Snapdragon Wired Infrastructure And Networking
Vendor
CVE Published:
3 January 2022

Summary

This vulnerability involves an integer overflow that occurs due to inadequate validation after alignment checks of the address and size parameters in various Qualcomm Snapdragon products. This issue can compromise system integrity and potentially be exploited in systems utilizing these products, highlighting the need for users to apply necessary patches and updates.

Affected Version(s)

Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking AR8035, QCA6390, QCA6391, QCA6426, QCA6436, QCA8337, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS410, QCS4290, QCS610, QCX315, QRB5165, QRB5165N, QSM8250, SD 675, SD460, SD480, SD662, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD865 5G, SD870, SDX55, SDX55M, SDXR2 5G, SM6225, SM6250, SM6250P, SM6375, SM7250P, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6850, WCN6851, WSA8810, WSA8815, WSA8830, WSA8835

References

https://www.qualcomm.com/company/product-security/bulleti...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.