CVE-2020-11261

CVSS 7.8 HIGHEPSS 1.8%● KEVCWE-20

In short

A memory corruption flaw occurs when an application requests an extremely large amount of memory without proper validation, potentially causing system crashes or unexpected behavior on Snapdragon devices. This weakness can be exploited by local attackers to crash or compromise the system.

Technical detail

Improper input validation (CWE-20) in memory allocation routines fails to detect oversized allocation requests across multiple Snapdragon platforms. The vulnerability allows local attackers to trigger memory corruption by requesting allocation of excessive size, leading to denial of service or potential code execution with device privileges.

Summary generated and translated by AI from the official description.

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Qualcomm, Inc. · Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11261 https://www.qualcomm.com/company/product-security/bulletins/january-2021-bulletin