CVE-2020-11124: Use After Free
First published: Tue Sep 08 2020(Updated: )
u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Qualcomm Mdm9607 | ||
| Google Android | ||
| Qualcomm Nicobar | ||
| Qualcomm Qcs404 Firmware | ||
| Google Android | ||
| Qualcomm Qcs405 Firmware | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Rennell Firmware | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sa6155p | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sc8180x Firmware | ||
| Qualcomm Sc8180x | ||
| Qualcomm Sdm660 Firmware | ||
| Qualcomm Sdm660 | ||
| Qualcomm Sdx55 Firmware | ||
| Qualcomm Sdx55 | ||
| Google Android | ||
| Qualcomm Sm6150 | ||
| Google Android | ||
| Google Android | ||
| Qualcomm Sm8150 Firmware | ||
| Qualcomm Sm8150 | ||
| Qualcomm Sm8250 Firmware | ||
| Qualcomm SM8250 | ||
| Qualcomm Sxr2130 Firmware | ||
| Qualcomm Sxr2130 | ||
| Google Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-11124?
CVE-2020-11124 is a vulnerability that allows for a possible use-after-free while accessing the diag client map table.
How does CVE-2020-11124 affect Qualcomm devices?
CVE-2020-11124 affects Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in various Qualcomm devices.
What is the severity of CVE-2020-11124?
The severity of CVE-2020-11124 is high, with a severity value of 7.8.
How can I fix CVE-2020-11124?
To fix CVE-2020-11124, it is recommended to apply the necessary security patches provided by Qualcomm and Google.
Where can I find more information about CVE-2020-11124?
You can find more information about CVE-2020-11124 in the September 2020 security bulletin from Qualcomm and the Android security bulletin for September 2020.
- collector/nvd-index
- collector/android-source
- vendor/qualcomm
- canonical/google android
- canonical/qualcomm mdm9607
- canonical/qualcomm nicobar
- canonical/qualcomm qcs404 firmware
- canonical/qualcomm qcs405 firmware
- canonical/qualcomm rennell firmware
- canonical/qualcomm sa6155p
- canonical/qualcomm sc8180x firmware
- canonical/qualcomm sc8180x
- canonical/qualcomm sdm660 firmware
- canonical/qualcomm sdm660
- canonical/qualcomm sdx55 firmware
- canonical/qualcomm sdx55
- canonical/qualcomm sm6150
- canonical/qualcomm sm8150 firmware
- canonical/qualcomm sm8150
- canonical/qualcomm sm8250 firmware
- canonical/qualcomm sm8250
- canonical/qualcomm sxr2130 firmware
- canonical/qualcomm sxr2130
- vendor/google