CVE-2020-11153

high-risk

Published 2020-11-02

u'Out of bound memory access while processing GATT data received due to lack of check of pdu data length and leads to remote code execution' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8053, QCA6390, QCA9379, QCN7605, SC8180X, SDX55

Do I need to act?

3.8% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (6)

Apq8053 Firmware

Qca6390 Firmware

Qca9379 Firmware

Qcn7605 Firmware

Sc8180X Firmware

Sdx55 Firmware

Affected Vendors

Qualcomm

References (3)

Broken Link https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulleti...

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/october-2020-securit...

Broken Link https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulleti...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 7/34 · Low

Exposure 13/34 · Low