Qualcomm Snapdragon Auto ioctl Command user memory corruption

EntryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music and Snapdragon Wearables (Chip Software). It has been declared as critical. This vulnerability affects an unknown function of the component ioctl Command Handler. Upgrading eliminates this vulnerability.

Field06/09/2021 08:23 PM06/11/2021 03:50 PM
vendorQualcommQualcomm
nameSnapdragon Auto/Snapdragon Compute/Snapdragon Connectivity/Snapdragon Consumer IOT/Snapdragon Industrial IOT/Snapdragon Mobile/Snapdragon Voice & Music/Snapdragon WearablesSnapdragon Auto/Snapdragon Compute/Snapdragon Connectivity/Snapdragon Consumer IOT/Snapdragon Industrial IOT/Snapdragon Mobile/Snapdragon Voice & Music/Snapdragon Wearables
componentioctl Command Handlerioctl Command Handler
argumentuseruser
cwe119 (memory corruption)119 (memory corruption)
risk22
cvss3_vuldb_acLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletinhttps://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin
nameUpgradeUpgrade
cveCVE-2020-11240CVE-2020-11240
date1623189600 (06/09/2021)1623189600 (06/09/2021)
typeChip SoftwareChip Software
cvss2_vuldb_acLL
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss2_vuldb_basescore5.25.2
cvss2_vuldb_tempscore5.24.5
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.55.3
cvss3_meta_basescore5.55.5
cvss3_meta_tempscore5.55.3
price_0day$5k-$25k$5k-$25k
cve_assigned1585605600
cve_nvd_summaryMemory corruption due to ioctl command size was incorrectly set to the size of a pointer and not enough storage is allocated for the copy of the user argument in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
confirm_urlhttps://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

Do you need the next level of professionalism?

Upgrade your account now!