Qualcomm Snapdragon Auto up to SXR1130 IPA Driver input validation

entryeditHistoryDiffjsonxmlCTI

A vulnerability has been found in Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice , Music and Snapdragon Wearables (Chip Software) and classified as critical. Affected by this vulnerability is an unknown functionality of the component IPA Driver. Upgrading eliminates this vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1056156010/26/2020VulD...confirm_urlhttps://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletincve.mitre.org10/26/2020accepted70
1019102106/23/2020VulD...cve_nvd_summaryWhile IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130mitre.org06/23/2020accepted100
1019102006/23/2020VulD...cve_assigned1563494400mitre.org06/23/2020accepted100
1019101206/23/2020VulD...cvss3_nvd_aHnist.gov06/23/2020accepted100
1019101106/23/2020VulD...cvss3_nvd_iHnist.gov06/23/2020accepted100
1019101006/23/2020VulD...cvss3_nvd_cHnist.gov06/23/2020accepted100
1019100906/23/2020VulD...cvss3_nvd_sUnist.gov06/23/2020accepted100
1019100806/23/2020VulD...cvss3_nvd_uiNnist.gov06/23/2020accepted100
1019100706/23/2020VulD...cvss3_nvd_prLnist.gov06/23/2020accepted100
1019100606/23/2020VulD...cvss3_nvd_acLnist.gov06/23/2020accepted100
1019100506/23/2020VulD...cvss3_nvd_avLnist.gov06/23/2020accepted100
1019099206/23/2020VulD...cvss2_nvd_aiCnist.gov06/23/2020accepted100
1019099106/23/2020VulD...cvss2_nvd_iiCnist.gov06/23/2020accepted100
1019099006/23/2020VulD...cvss2_nvd_ciCnist.gov06/23/2020accepted100
1019098906/23/2020VulD...cvss2_nvd_auNnist.gov06/23/2020accepted100
1019098806/23/2020VulD...cvss2_nvd_acLnist.gov06/23/2020accepted100
1019098706/23/2020VulD...cvss2_nvd_avLnist.gov06/23/2020accepted100
1019097806/23/2020VulD...cwe20 (privilege escalation)06/23/2020accepted100
1019097306/23/2020VulD...typeChip Software06/23/2020accepted100
1019103006/23/2020VulD...cvss3_nvd_basescore7.8nist.gov06/23/2020accepted90

Do you want to use VulDB in your project?

Use the official API to access entries easily!