CVE-2020-11153 - u'Out of bound memory access while processing GATT data received due to lack of check of pdu data le

CVE-2020-11153

Summary

u'Out of bound memory access while processing GATT data received due to lack of check of pdu data length and leads to remote code execution' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8053, QCA6390, QCA9379, QCN7605, SC8180X, SDX55

References

Vulnerable Configurations

cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca9379:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qca9379:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:qcn7605_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:qcn7605:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*
cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 03-11-2020 - 17:38)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

confirm

https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Last major update

03-11-2020 - 17:38

Published

02-11-2020 - 07:15

Last modified

03-11-2020 - 17:38