high
7.8
CWE
415
Advisory Published
CVE Published
Updated

CVE-2020-11217: Double Free

First published: Mon Dec 07 2020(Updated: )

A possible double free or invalid memory access in audio driver while reading Speaker Protection parameters in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Credit: product-security@qualcomm.com

Affected SoftwareAffected VersionHow to fix
Google Android
Qualcomm Pm3003a
Qualcomm Pm4125
Qualcomm Pm6125
Qualcomm Pm6150a
Qualcomm Pm6150l
Qualcomm Pm6350
Qualcomm pm660
Qualcomm pm660a
Qualcomm pm660l
Qualcomm Pm7150a
Qualcomm Pm7150l
Qualcomm Pm7250
Qualcomm Pm7250b
Qualcomm Pm7350c
Qualcomm Pm8008
Qualcomm Pm8009
Qualcomm Pm8150a
Qualcomm Pm8150b
Qualcomm Pm8150c
Qualcomm Pm8150l
Qualcomm Pm8250
Qualcomm Pm8350
Qualcomm Pm8350b
Qualcomm Pm8350bh
Qualcomm Pm8350bhs
Qualcomm Pm8350c
Qualcomm pmi632
Qualcomm Pmk7350
Qualcomm Pmk8002
Qualcomm Pmk8003
Qualcomm Pmk8350
Qualcomm Pmr525
Qualcomm Pmr735a
Qualcomm Pmr735b
Qualcomm Pmx55
Qualcomm qat3514
Qualcomm Qat3516
Qualcomm Qat3518
Qualcomm Qat3519
Qualcomm Qat3522
Qualcomm Qat3550
Qualcomm Qat3555
Qualcomm Qat5515
Qualcomm Qat5516
Qualcomm Qat5522
Qualcomm Qat5533
Qualcomm Qat5568
Qualcomm Qbt2000
Qualcomm qca6390
qualcomm qca6391
qualcomm qca6421
qualcomm qca6426
qualcomm qca6431
qualcomm qca6436
Qualcomm qcm2290
Qualcomm qcm4290
Qualcomm qcs2290
Qualcomm qcs4290
Qualcomm Qdm2301
Qualcomm Qdm2305
Qualcomm Qdm2307
Qualcomm Qdm2308
Qualcomm Qdm2310
Qualcomm Qdm3301
Qualcomm Qdm3302
Qualcomm Qdm4643
Qualcomm Qdm4650
Qualcomm Qdm5579
Qualcomm Qdm5620
Qualcomm Qdm5621
Qualcomm Qdm5650
Qualcomm Qdm5652
Qualcomm Qdm5670
Qualcomm Qdm5671
Qualcomm Qdm5677
Qualcomm Qdm5679
Qualcomm Qet4100
Qualcomm Qet4101
Qualcomm Qet5100
Qualcomm Qet5100m
Qualcomm Qet6100
Qualcomm Qet6110
Qualcomm Qfs2530
Qualcomm Qfs2580
Qualcomm Qfs2608
Qualcomm Qfs2630
Qualcomm Qln4642
Qualcomm Qln4650
Qualcomm Qln5020
Qualcomm Qln5030
Qualcomm Qln5040
Qualcomm Qpa2625
Qualcomm Qpa4340
Qualcomm Qpa4360
Qualcomm Qpa5461
Qualcomm Qpa5580
Qualcomm Qpa5581
Qualcomm Qpa6560
Qualcomm Qpa8673
Qualcomm Qpa8686
Qualcomm Qpa8801
Qualcomm Qpa8802
Qualcomm Qpa8803
Qualcomm Qpa8821
Qualcomm Qpa8842
Qualcomm Qpm4621
Qualcomm Qpm4630
Qualcomm Qpm4640
Qualcomm Qpm4641
Qualcomm Qpm4650
Qualcomm Qpm5620
Qualcomm Qpm5621
Qualcomm Qpm5641
Qualcomm Qpm5657
Qualcomm Qpm5658
Qualcomm Qpm5670
Qualcomm Qpm5677
Qualcomm Qpm5679
Qualcomm Qpm5870
Qualcomm Qpm5875
Qualcomm Qpm6582
Qualcomm Qpm6585
Qualcomm Qpm6621
Qualcomm Qpm6670
Qualcomm Qpm8820
Qualcomm Qpm8830
Qualcomm Qpm8870
Qualcomm Qpm8895
Qualcomm Qsm7250
Qualcomm Qtc800h
Qualcomm Qtc800s
Qualcomm Qtc801s
Qualcomm Qtm525
Qualcomm Rsw8577
Qualcomm sd460
Qualcomm sd660
Qualcomm sd662
Qualcomm Sd6905g
Qualcomm sd750g
Qualcomm sd765
Qualcomm sd765g
Qualcomm sd768g
Qualcomm Sd8655g
Qualcomm Sd8885g
Qualcomm Sdr425
Qualcomm Sdr660
Qualcomm Sdr735
Qualcomm Sdr735g
Qualcomm Sdr8250
Qualcomm Sdr865
Qualcomm sdx55m
Qualcomm Sdxr25g
Qualcomm sm4125
Qualcomm Sm4350
qualcomm sm7250p
Qualcomm Sm7350
Qualcomm Smb1351
Qualcomm Smb1354
Qualcomm Smb1355
Qualcomm Smb1390
Qualcomm Smb1394
Qualcomm Smb1395
Qualcomm Smb1396
Qualcomm Smb1398
Qualcomm Smr525
Qualcomm Smr526
Qualcomm Smr545
Qualcomm Smr546
qualcomm wcd9335
qualcomm wcd9341
Qualcomm wcd9370
Qualcomm wcd9375
qualcomm wcd9380
qualcomm wcd9385
Qualcomm wcn3910
qualcomm wcn3950
Qualcomm Wcn3980
Qualcomm WCN3988
qualcomm wcn3990
Qualcomm WCN3991 Firmware
Qualcomm wcn3998
qualcomm wcn6740
qualcomm wcn6750
Qualcomm WCN6850 Firmware
Qualcomm WCN6851 Firmware
qualcomm wcn6856
Qualcomm Wgr7640
qualcomm wsa8810
qualcomm wsa8815
qualcomm wsa8830
qualcomm wsa8835
Qualcomm Wtr2965
Qualcomm Wtr3925

Remedy

https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2020-11217?

    CVE-2020-11217 is classified as a high-severity vulnerability due to the potential for an attacker to exploit memory access issues.

  • How do I fix CVE-2020-11217?

    To address CVE-2020-11217, ensure that you update your affected Qualcomm driver or firmware as recommended by Qualcomm's security bulletin.

  • Which products are affected by CVE-2020-11217?

    CVE-2020-11217 affects various Qualcomm audio drivers used in devices including Android systems and a range of specific Qualcomm chipsets.

  • Can CVE-2020-11217 be exploited remotely?

    Yes, CVE-2020-11217 can potentially be exploited remotely if an attacker has access to the vulnerable audio driver.

  • What types of vulnerabilities does CVE-2020-11217 represent?

    CVE-2020-11217 represents a double free and an invalid memory access vulnerability within the audio driver.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203