CVE-2020-11263

high-risk

Published 2022-01-03

An integer overflow due to improper check performed after the address and size passed are aligned in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.3/10 High

LOCAL / LOW complexity

Affected Products (20)

Ar8035 Firmware

Qca6390 Firmware

Qca6391 Firmware

Qca6426 Firmware

Qca6436 Firmware

Qca8337 Firmware

Qca9984 Firmware

Qcm2290 Firmware

Qcm4290 Firmware

Qcs2290 Firmware

Qcs405 Firmware

Qcs410 Firmware

Qcs4290 Firmware

Qcs610 Firmware

Qcx315 Firmware

Qrb5165 Firmware

Qrb5165N Firmware

Qsm8250 Firmware

Sd460 Firmware

Sd480 Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/december-2021-bullet...

/ 100

high-risk

Severity 23/34 · High

Exploitability 0/34 · Minimal

Exposure 27/34 · High