Qualcomm Snapdragon Auto Submission use after free

EntryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music and Snapdragon Wearables (Chip Software). It has been declared as critical. Affected by this vulnerability is some unknown functionality of the component Submission Handler. Upgrading eliminates this vulnerability.

Field06/09/2021 08:29 PM06/11/2021 04:52 PM
vendorQualcommQualcomm
nameSnapdragon Auto/Snapdragon Compute/Snapdragon Connectivity/Snapdragon Consumer IOT/Snapdragon Industrial IOT/Snapdragon Mobile/Snapdragon Voice & Music/Snapdragon WearablesSnapdragon Auto/Snapdragon Compute/Snapdragon Connectivity/Snapdragon Consumer IOT/Snapdragon Industrial IOT/Snapdragon Mobile/Snapdragon Voice & Music/Snapdragon Wearables
componentSubmission HandlerSubmission Handler
cwe416 (memory corruption)416 (memory corruption)
risk22
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
urlhttps://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletinhttps://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin
nameUpgradeUpgrade
cveCVE-2020-11262CVE-2020-11262
date1623189600 (06/09/2021)1623189600 (06/09/2021)
typeChip SoftwareChip Software
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_rcCC
cvss2_vuldb_rlOFOF
cvss2_vuldb_avAA
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_eNDND
cvss3_vuldb_avAA
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_eXX
cvss2_vuldb_basescore4.94.9
cvss2_vuldb_tempscore4.94.3
cvss3_vuldb_basescore5.55.5
cvss3_vuldb_tempscore5.55.3
cvss3_meta_basescore5.55.5
cvss3_meta_tempscore5.55.3
price_0day$5k-$25k$5k-$25k
cve_assigned1585605600
cve_nvd_summaryA race between command submission and destroying the context can cause an invalid context being added to the list leads to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
confirm_urlhttps://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

Want to stay up to date on a daily basis?

Enable the mail alert feature now!