CVE-2020-11254

high-risk

Published 2021-05-07

Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.2/10 Medium

LOCAL / LOW complexity

Affected Products (20)

Pm6150A

Pm6150L

Pm6350

Pm660

Pm660L

Pm7250B

Pm8008

Pm8009

Pm8350

Pm8350B

Pm8350Bh

Pm8350C

Pmk8003

Pmk8350

Pmm6155Au

Pmm8155Au

Pmm8195Au

Pmr735A

Pmr735B

Qat3516

Affected Vendors

Qualcomm

References (2)

Patch https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin

/ 100

high-risk

Severity 20/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 31/34 · Critical