CVE-2020-11261

7.8

CVSS
High

PUBLISHED

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto,...

Exploited in the wild Low complexity No user interaction

Vendor: Qualcomm, Inc.
Product: Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Published: Jun 09, 2021
EPSS: —

Description

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

cisa

CVSS scores

CVSS v3.1 7.8 High

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0 7.2

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitation status

Exploited in the wild

Recorded 2021-12-01 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: total

References

https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Dec 01, 2021
CISA	Dec 01, 2021

Vulnerability detail