CVE-2020-11183

CVSS V2 High 7.2 CVSS V3 Medium 6.7
Description
A process can potentially cause a buffer overflow in the display service allowing privilege escalation by executing code as that service in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Overview
  • CVE ID
  • CVE-2020-11183
  • Assigner
  • product-security@qualcomm.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2021-01-21T10:15:14
  • Last Modified Date
  • 2021-01-29T22:13:01
Weakness Enumerations
CWE URL
CWE-120 http://cwe.mitre.org/data/definitions/120.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:apq8009w:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:apq8017:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:apq8037:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:ar8151:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:mdm9250:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:msm8917:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:msm8920:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:msm8937:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:msm8940:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:msm8953:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm215:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm439:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm660:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm660a:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm660l:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm8004:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm8005:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm855a:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm8909:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm8916:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm8937:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm8940:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm8953:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm8996:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pm8998:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pmd9607:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pmd9655:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pmi632:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pmi8937:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pmi8940:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pmi8952:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pmi8994:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pmi8996:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pmi8998:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pmk8001:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pmm855au:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pmm8996au:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:pmx20:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qat3514:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qat3522:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qat3550:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qbt1000:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qbt1500:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qca6310:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qca6320:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qca6564a:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qca6564au:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qca6595:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qca6595au:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qca9367:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qca9379:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qcc1110:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qet4100:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qet4101:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qet4200aq:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qet5100:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe2080fc:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe2081fc:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe2082fc:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe2101:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe2550:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe3100:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe3440fc:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe4301:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe4302:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe4303:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe4305:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe4308:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe4309:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe4320:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe4373fc:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe4455fc:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qfe4465fc:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qln1021aq:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qln1030:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qln1031:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qln1035bd:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qln1036aq:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qpa4340:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qpa4360:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qpa5373:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qpa5460:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qsw8573:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qtc800h:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qtc800s:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qtc800t:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qtc801s:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:qualcomm215:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:rgr7640au:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:rsw8577:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sd439:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sd450:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sd636:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sd660:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sd710:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sd712:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sd820:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sd821:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sd835:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sdm830:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sdr051:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sdr052:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sdr660:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sdw2500:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sdw3100:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sdx20m:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:sdx50m:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:smb1350:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:smb1351:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:smb1355:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:smb1357:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:smb1358:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:smb1360:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:smb1380:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:smb231:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wcd9326:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wcd9330:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wcd9335:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wcd9340:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wcd9341:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wcn3615:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wcn3620:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wcn3660b:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wcn3680:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wcn3680b:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wcn3980:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wcn3990:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wgr7640:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wsa8810:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wsa8815:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wtr2955:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wtr2965:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wtr3905:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wtr3925:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wtr3950:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wtr4905:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:qualcomm:wtr5975:-:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.2
  • Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • LOCAL
  • Attack Compatibility
  • LOW
  • Privileges Required
  • HIGH
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 6.7
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 0.8
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin Broken Link
https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin Patch Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2020-11183
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11183
History
Created Old Value New Value Data Type Notes
2022-05-10 07:25:26 Added to TrackCVE
2022-12-05 20:42:37 security.cna@qualcomm.com product-security@qualcomm.com CVE Assigner updated
2022-12-05 20:42:37 2021-01-21T10:15Z 2021-01-21T10:15:14 CVE Published Date updated
2022-12-05 20:42:37 2021-01-29T22:13:01 CVE Modified Date updated
2022-12-05 20:42:37 Analyzed Vulnerability Status updated