CVE-2020-11273

high-risk

Published 2021-05-07

Histogram type KPI was teardown with the assumption of the existence of histogram binning info and will lead to null pointer access when histogram binning info is missing due to lack of null check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Do I need to act?

0.25% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Pm8350 Firmware

Pm8350B Firmware

Pm8350Bh Firmware

Pm8350C Firmware

Pm855 Firmware

Pm855B Firmware

Pm855L Firmware

Pm8998 Firmware

Pmi8998 Firmware

Pmk8002 Firmware

Pmk8003 Firmware

Pmk8350 Firmware

Pmr525 Firmware

Pmr735A Firmware

Pmr735B Firmware

Pmx24 Firmware

Pmx55 Firmware

Pmx60 Firmware

Qat3516 Firmware

Qat3518 Firmware

Affected Vendors

Qualcomm

References (2)

Vendor Advisory https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin

/ 100

high-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 33/34 · Critical