First published: Mon Aug 03 2020(Updated: )
u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will lead to use after free scenario' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8096AU, APQ8098, Bitra, Kamorta, MSM8917, MSM8953, MSM8998, QCM2150, QCS405, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM632, SM6150, SM7150, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Apq8098 | ||
Google Android | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Msm8917 Firmware | ||
Qualcomm Msm8917 | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm MSM8998 | ||
Qualcomm Qcm2150 Firmware | ||
Google Android | ||
Qualcomm Qcs405 Firmware | ||
Google Android | ||
Qualcomm Qcs605 Firmware | ||
Google Android | ||
Qualcomm Qm215 Firmware | ||
Qualcomm Qm215 | ||
Qualcomm Rennell Firmware | ||
Google Android | ||
Google Android | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Sdm439 Firmware | ||
Qualcomm Sdm439 | ||
Google Android | ||
Qualcomm SDM450 | ||
Qualcomm Sdm632 Firmware | ||
Qualcomm Sdm632 | ||
Google Android | ||
Qualcomm Sm6150 | ||
Google Android | ||
Google Android | ||
Qualcomm Sm8150 Firmware | ||
Qualcomm Sm8150 | ||
Qualcomm Sm8250 Firmware | ||
Qualcomm SM8250 | ||
Qualcomm Sxr2130 Firmware | ||
Qualcomm Sxr2130 | ||
Google Android |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2020-11120.
CVE-2020-11120 has a severity rating of 7.8 (High).
CVE-2020-11120 affects the following software products: Google Android, Qualcomm Apq8096au Firmware, Qualcomm MSM8917 Firmware, Qualcomm Sdm439 Firmware, Qualcomm Qcs405 Firmware, Qualcomm Qcs605 Firmware, Qualcomm Qm215 Firmware, Qualcomm Rennell Firmware, Qualcomm Saipan Firmware, Qualcomm Sxr2130 Firmware.
CVE-2020-11120 is a vulnerability where the calling thread may free the data buffer pointer that was passed to the callback, leading to a use after free scenario.
No, Qualcomm Apq8096au and Qualcomm MSM8998 are not vulnerable to CVE-2020-11120.