CVE-2020-11213

high-risk

Published 2021-01-21

Out of bound reads might occur in while processing Service descriptor due to improper validation of length of fields in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Do I need to act?

0.29% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Qcm4290

Qcm6125

Qcn5021

Qcn5022

Qcn5024

Qcn5052

Qcn5054

Qcn5064

Qcn5121

Qcn5122

Qcn5124

Qcn5152

Qcn5154

Qcn5164

Qcn5550

Qcn6023

Qcn6024

Qcn7605

Qcn7606

Qcn9000

Affected Vendors

Qualcomm

References (3)

Broken Link https://www.qualcomm.com/company/product-security/bulletins/december-2020-bullet...

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/december-2020-securi...

Broken Link https://www.qualcomm.com/company/product-security/bulletins/december-2020-bullet...

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical