CVE-2020-11277

CVE Database · CVE-2020-11277

CVE-2020-11277

· HIGHModified

CVSS v3.1

7.4

EPSS

0.11%

Published

Feb 22, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-362CWE-416

Affected Products (322)

qualcomm · pm3003a_firmwarevulnerable

qualcomm · pm3003a

qualcomm · pm4250_firmwarevulnerable

qualcomm · pm4250

qualcomm · pm6125_firmwarevulnerable

qualcomm · pm6125

qualcomm · pm6150a_firmwarevulnerable

qualcomm · pm6150a

qualcomm · pm6150l_firmwarevulnerable

qualcomm · pm6150l

qualcomm · pm6350_firmwarevulnerable

· pm6350

References (2)

https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs