medium
6.2
CWE
476
Advisory Published
Updated

CVE-2020-11254: Null Pointer Dereference

First published: Fri May 07 2021(Updated: )

Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Credit: product-security@qualcomm.com

Affected SoftwareAffected VersionHow to fix
Qualcomm Pm6150a
Qualcomm Pm6150l
Qualcomm Pm6350
Qualcomm pm660
Qualcomm pm660l
Qualcomm Pm7250b
Qualcomm Pm8008
Qualcomm Pm8009
Qualcomm Pm8350
Qualcomm Pm8350b
Qualcomm Pm8350bh
Qualcomm Pm8350c
Qualcomm Pmk8003
Qualcomm Pmk8350
Qualcomm Pmm6155au
Qualcomm Pmm8155au
Qualcomm Pmm8195au
Qualcomm Pmr735a
Qualcomm Pmr735b
Qualcomm Qat3516
Qualcomm Qat3518
Qualcomm Qat3519
Qualcomm Qat3555
Qualcomm Qat5515
Qualcomm Qat5516
Qualcomm Qat5522
Qualcomm Qat5568
Qualcomm Qbt1500
qualcomm qca6574au
qualcomm qca6696
Qualcomm Qdm3301
Qualcomm Qdm4643
Qualcomm Qdm4650
Qualcomm Qdm5620
Qualcomm Qdm5621
Qualcomm Qdm5670
Qualcomm Qdm5671
Qualcomm Qet5100
Qualcomm Qet5100m
Qualcomm Qet6100
Qualcomm Qet6105
Qualcomm Qet6110
Qualcomm Qfs2530
Qualcomm Qfs2580
Qualcomm Qfs2608
Qualcomm Qfs2630
Qualcomm Qln4642
Qualcomm Qln4650
Qualcomm Qln5020
Qualcomm Qln5030
Qualcomm Qln5040
Qualcomm Qpa2625
Qualcomm Qpa5461
Qualcomm Qpa5580
Qualcomm Qpa5581
Qualcomm Qpa8801
Qualcomm Qpa8802
Qualcomm Qpa8803
Qualcomm Qpa8821
Qualcomm Qpa8842
Qualcomm Qpm4621
Qualcomm Qpm4630
Qualcomm Qpm4640
Qualcomm Qpm4641
Qualcomm Qpm4650
Qualcomm Qpm5621
Qualcomm Qpm5641
Qualcomm Qpm5670
Qualcomm Qpm5677
Qualcomm Qpm5679
Qualcomm Qpm5870
Qualcomm Qpm5875
Qualcomm Qpm6585
Qualcomm Qpm6621
Qualcomm Qpm6670
Qualcomm Qpm8820
Qualcomm Qpm8870
Qualcomm Qtc800h
Qualcomm Qtc800s
Qualcomm Qtc801s
Qualcomm Qtm525
Qualcomm sa6145p
Qualcomm sa6150p
qualcomm SA6155P
Qualcomm sa8150p
Qualcomm sa8155p
Qualcomm sa8195p
Qualcomm Snapdragon 480
qualcomm sd670
Qualcomm sd710
Qualcomm sd888
qualcomm sd888 5g
Qualcomm Sdr660
Qualcomm Sdr660g
Qualcomm Sdr735
Qualcomm Sdr735g
Qualcomm Sdr865
qualcomm sdxr1
Qualcomm Smb1351
Qualcomm Smb1355
Qualcomm Smb1396
Qualcomm Smb1398
Qualcomm Smr526
Qualcomm Smr545
Qualcomm Smr546
Qualcomm wcd9326
qualcomm wcd9341
Qualcomm wcd9370
Qualcomm wcd9375
qualcomm wcd9380
qualcomm wcd9385
Qualcomm Wcn3980
Qualcomm WCN3988
qualcomm wcn3990
Qualcomm WCN3991 Firmware
Qualcomm WCN6850 Firmware
Qualcomm WCN6851 Firmware
qualcomm wcn6855
qualcomm wcn6856
qualcomm wsa8830
qualcomm wsa8835

Remedy

https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2020-11254?

    CVE-2020-11254 is rated as high severity due to its potential for memory corruption.

  • How do I fix CVE-2020-11254?

    To fix CVE-2020-11254, apply the latest firmware updates provided by Qualcomm for affected devices.

  • What devices are affected by CVE-2020-11254?

    CVE-2020-11254 affects various Snapdragon models including PM6150A, PM6350, and several others.

  • What type of vulnerability is CVE-2020-11254?

    CVE-2020-11254 is a memory corruption vulnerability caused by dereferencing an invalid session context pointer.

  • Is CVE-2020-11254 being actively exploited?

    As of the latest information, there is no evidence indicating that CVE-2020-11254 is actively being exploited in the wild.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203