CVE-2020-11284

CVE Database · CVE-2020-11284

CVE-2020-11284

· HIGHModified

CVSS v3.1

8.4

EPSS

0.16%

Published

May 7, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-667

Affected Products (262)

qualcomm · aqt1000_firmwarevulnerable

qualcomm · aqt1000

qualcomm · ar8035_firmwarevulnerable

qualcomm · ar8035

qualcomm · pm3003a_firmwarevulnerable

qualcomm · pm3003a

qualcomm · pm4125_firmwarevulnerable

qualcomm · pm4125

qualcomm · pm4250_firmwarevulnerable

qualcomm · pm4250

qualcomm · pm6125_firmwarevulnerable

· pm6125

References (2)

https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs