high
7.8
CWE
416
Advisory Published
CVE Published
Updated

CVE-2020-11175: Use After Free

First published: Mon Nov 02 2020(Updated: )

u'Use after free issue in Bluetooth transport driver when a method in the object is accessed after the object has been deleted due to improper timer handling.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8009W, MSM8909W, QCS605, QM215, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6350, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P

Credit: product-security@qualcomm.com

Affected SoftwareAffected VersionHow to fix
Google Android
Google Android
Google Android
Qualcomm Msm8909w Firmware
Qualcomm Msm8909w
Qualcomm Qcs605 Firmware
Google Android
Qualcomm Qm215 Firmware
Qualcomm Qm215
Google Android
Google Android
Google Android
Qualcomm Sa6155p
Qualcomm Sa8155 Firmware
Google Android
Google Android
Google Android
Qualcomm Sda640 Firmware
Google Android
Qualcomm Sda670 Firmware
Qualcomm Sda670
Qualcomm Sda855 Firmware
Google Android
Google Android
Google Android
Google Android
Google Android
Qualcomm Sdm670 Firmware
Qualcomm Sdm670
Qualcomm Sdm710 Firmware
Qualcomm Sdm710
Qualcomm Sdm845 Firmware
Qualcomm Sdm845
Qualcomm Sdx50m Firmware
Qualcomm Sdx50m
Qualcomm Sdx55 Firmware
Qualcomm Sdx55
Google Android
Google Android
Qualcomm Sm6125 Firmware
Qualcomm Sm6125
Qualcomm Sm6350 Firmware
Qualcomm Sm6350
Qualcomm Sm7225 Firmware
Qualcomm Sm7225
Google Android
Qualcomm Sm7250
Google Android
Google Android
Qualcomm Sm8150 Firmware
Qualcomm Sm8150
Google Android
Qualcomm Sm8150p
Qualcomm Sm8250 Firmware
Qualcomm SM8250
Qualcomm Sxr1120 Firmware
Qualcomm Sxr1120
Qualcomm Sxr1130 Firmware
Qualcomm Sxr1130
Qualcomm Sxr2130 Firmware
Qualcomm Sxr2130
Google Android
Qualcomm Sxr2130p

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2020-11175?

    CVE-2020-11175 is a use after free issue in the Bluetooth transport driver that occurs when a method in the object is accessed after the object has been deleted due to improper timer handling.

  • Which software products are affected by CVE-2020-11175?

    CVE-2020-11175 affects Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IoT, Snapdragon Industrial IoT, Snapdragon Mobile, Snapdragon Wearables, and various Qualcomm firmware versions.

  • What is the severity of CVE-2020-11175?

    The severity of CVE-2020-11175 is high, with a CVSS score of 7.8.

  • Where can I find more information about CVE-2020-11175?

    More information about CVE-2020-11175 can be found on the Qualcomm Product Security Bulletin for November 2020 and the Android Security Bulletin for November 2020.

  • How can I mitigate the vulnerability CVE-2020-11175?

    To mitigate the CVE-2020-11175 vulnerability, it is recommended to apply the necessary software updates provided by the affected vendors.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203