CVE-2020-11130

moderate-risk

Published 2020-11-12

u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Qcm4290 Firmware

Qcs4290 Firmware

Qm215 Firmware

Qsm8350 Firmware

Sa6145P Firmware

Sa6155 Firmware

Sa6155P Firmware

Sa8155 Firmware

Sa8155P Firmware

Sc8180X Firmware

Sc8180Xp Firmware

Sdx55 Firmware

Sdx55M Firmware

Sm4250 Firmware

Sm4250P Firmware

Sm6115 Firmware

Sm6115P Firmware

Sm6125 Firmware

Sm6250 Firmware

Sm6350 Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/november-2020-bullet...

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 23/34 · High