CVE-2020-11286

An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface & endpoint are made together. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CVSS v2.0 4.6

4.6^/10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

CVSS v3.0 6.8 MEDIUM

6.8^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin	Patch Vendor Advisory

Configurations

Configuration 1

cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6584:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8937:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6574:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd210:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd205:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd835:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd820:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8017:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6174:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8076:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9250:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9628:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd821:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd660:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8009w:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:apq8064au:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdw2500:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdx20m:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9330:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:ar8151:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:csr6030:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9626:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm660:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm660a:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm660l:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8004:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8005:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8909:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8916:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8937:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8952:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8953:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8956:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8996:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pm8998:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmd9607:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmd9645:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmd9655:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmi8952:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmi8994:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmi8996:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmi8998:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmk8001:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmm8996au:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmx20:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qat3514:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qat3522:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qat3550:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qbt1000:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qbt1500:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6310:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6320:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6564a:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6564au:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca9367:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qet4100:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qet4101:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qet4200aq:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qfe1040:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qfe2340:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qfe2550:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qfe3100:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qfe3320:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qln1021aq:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qln1030:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qln1031:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qln1036aq:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qpa4340:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qpa4360:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qpa5460:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qsw8573:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qtc800h:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qtc800s:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qtc800t:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:rgr7640au:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:rsw8577:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdr660:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:smb1350:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:smb1351:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:smb1357:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:smb1358:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:smb1360:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:smb1380:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:smb231:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:smb358s:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9326:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9335:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9340:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3610:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3615:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3990:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wgr7640:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wtr2955:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wtr2965:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wtr3905:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wtr3925:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wtr3950:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wtr4905:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wtr5975:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9230:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9330:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9630:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmd9635:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:pmi8937:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qfe1045:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qfe3335:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qfe3345:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdw3100:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcd9306:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:wcn3620:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qfe1035:-:*:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-02-22 07:15

Updated : 2021-07-21 11:39

NVD link : CVE-2020-11286

Mitre link : CVE-2020-11286

Products Affected

Ar8151

Qualcomm

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer