Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-11254

Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.2, requiring local system access to exploit with relatively low complexity without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts and availability (service disruption) for affected systems. Impacting 121 products from qualcomm, from qualcomm, from qualcomm and 118 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

Reported in 2021, this vulnerability emerged during an era marked by increased sophistication in supply chain attacks, cloud infrastructure vulnerabilities, and software-as-a-service (SaaS) security challenges. Security practices during this period emphasized zero-trust architectures, container security, and API protection.

Published

2021-05-07T09:15:07.730

Last Modified

2024-11-21T04:57:30.563

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.2 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	qualcomm	pm6150a	-	Yes
Hardware	qualcomm	pm6150l	-	Yes
Hardware	qualcomm	pm6350	-	Yes
Hardware	qualcomm	pm660	-	Yes
Hardware	qualcomm	pm660l	-	Yes
Hardware	qualcomm	pm7250b	-	Yes
Hardware	qualcomm	pm8008	-	Yes
Hardware	qualcomm	pm8009	-	Yes
Hardware	qualcomm	pm8350	-	Yes
Hardware	qualcomm	pm8350b	-	Yes
Hardware	qualcomm	pm8350bh	-	Yes
Hardware	qualcomm	pm8350c	-	Yes
Hardware	qualcomm	pmk8003	-	Yes
Hardware	qualcomm	pmk8350	-	Yes
Hardware	qualcomm	pmm6155au	-	Yes
Hardware	qualcomm	pmm8155au	-	Yes
Hardware	qualcomm	pmm8195au	-	Yes
Hardware	qualcomm	pmr735a	-	Yes
Hardware	qualcomm	pmr735b	-	Yes
Hardware	qualcomm	qat3516	-	Yes
Hardware	qualcomm	qat3518	-	Yes
Hardware	qualcomm	qat3519	-	Yes
Hardware	qualcomm	qat3555	-	Yes
Hardware	qualcomm	qat5515	-	Yes
Hardware	qualcomm	qat5516	-	Yes
Hardware	qualcomm	qat5522	-	Yes
Hardware	qualcomm	qat5568	-	Yes
Hardware	qualcomm	qbt1500	-	Yes
Hardware	qualcomm	qca6574au	-	Yes
Hardware	qualcomm	qca6696	-	Yes
Hardware	qualcomm	qdm3301	-	Yes
Hardware	qualcomm	qdm4643	-	Yes
Hardware	qualcomm	qdm4650	-	Yes
Hardware	qualcomm	qdm5620	-	Yes
Hardware	qualcomm	qdm5621	-	Yes
Hardware	qualcomm	qdm5670	-	Yes
Hardware	qualcomm	qdm5671	-	Yes
Hardware	qualcomm	qet5100	-	Yes
Hardware	qualcomm	qet5100m	-	Yes
Hardware	qualcomm	qet6100	-	Yes
Hardware	qualcomm	qet6105	-	Yes
Hardware	qualcomm	qet6110	-	Yes
Hardware	qualcomm	qfs2530	-	Yes
Hardware	qualcomm	qfs2580	-	Yes
Hardware	qualcomm	qfs2608	-	Yes
Hardware	qualcomm	qfs2630	-	Yes
Hardware	qualcomm	qln4642	-	Yes
Hardware	qualcomm	qln4650	-	Yes
Hardware	qualcomm	qln5020	-	Yes
Hardware	qualcomm	qln5030	-	Yes
Hardware	qualcomm	qln5040	-	Yes
Hardware	qualcomm	qpa2625	-	Yes
Hardware	qualcomm	qpa5461	-	Yes
Hardware	qualcomm	qpa5580	-	Yes
Hardware	qualcomm	qpa5581	-	Yes
Hardware	qualcomm	qpa8801	-	Yes
Hardware	qualcomm	qpa8802	-	Yes
Hardware	qualcomm	qpa8803	-	Yes
Hardware	qualcomm	qpa8821	-	Yes
Hardware	qualcomm	qpa8842	-	Yes
Hardware	qualcomm	qpm4621	-	Yes
Hardware	qualcomm	qpm4630	-	Yes
Hardware	qualcomm	qpm4640	-	Yes
Hardware	qualcomm	qpm4641	-	Yes
Hardware	qualcomm	qpm4650	-	Yes
Hardware	qualcomm	qpm5621	-	Yes
Hardware	qualcomm	qpm5641	-	Yes
Hardware	qualcomm	qpm5670	-	Yes
Hardware	qualcomm	qpm5677	-	Yes
Hardware	qualcomm	qpm5679	-	Yes
Hardware	qualcomm	qpm5870	-	Yes
Hardware	qualcomm	qpm5875	-	Yes
Hardware	qualcomm	qpm6585	-	Yes
Hardware	qualcomm	qpm6621	-	Yes
Hardware	qualcomm	qpm6670	-	Yes
Hardware	qualcomm	qpm8820	-	Yes
Hardware	qualcomm	qpm8870	-	Yes
Hardware	qualcomm	qtc800h	-	Yes
Hardware	qualcomm	qtc800s	-	Yes
Hardware	qualcomm	qtc801s	-	Yes
Hardware	qualcomm	qtm525	-	Yes
Hardware	qualcomm	sa6145p	-	Yes
Hardware	qualcomm	sa6150p	-	Yes
Hardware	qualcomm	sa6155p	-	Yes
Hardware	qualcomm	sa8150p	-	Yes
Hardware	qualcomm	sa8155p	-	Yes
Hardware	qualcomm	sa8195p	-	Yes
Hardware	qualcomm	sd480	-	Yes
Hardware	qualcomm	sd670	-	Yes
Hardware	qualcomm	sd710	-	Yes
Hardware	qualcomm	sd888	-	Yes
Hardware	qualcomm	sd888_5g	-	Yes
Hardware	qualcomm	sdr660	-	Yes
Hardware	qualcomm	sdr660g	-	Yes
Hardware	qualcomm	sdr735	-	Yes
Hardware	qualcomm	sdr735g	-	Yes
Hardware	qualcomm	sdr865	-	Yes
Hardware	qualcomm	sdxr1	-	Yes
Hardware	qualcomm	smb1351	-	Yes
Hardware	qualcomm	smb1355	-	Yes
Hardware	qualcomm	smb1396	-	Yes
Hardware	qualcomm	smb1398	-	Yes
Hardware	qualcomm	smr526	-	Yes
Hardware	qualcomm	smr545	-	Yes
Hardware	qualcomm	smr546	-	Yes
Hardware	qualcomm	wcd9326	-	Yes
Hardware	qualcomm	wcd9341	-	Yes
Hardware	qualcomm	wcd9370	-	Yes
Hardware	qualcomm	wcd9375	-	Yes
Hardware	qualcomm	wcd9380	-	Yes
Hardware	qualcomm	wcd9385	-	Yes
Hardware	qualcomm	wcn3980	-	Yes
Hardware	qualcomm	wcn3988	-	Yes
Hardware	qualcomm	wcn3990	-	Yes
Hardware	qualcomm	wcn3991	-	Yes
Hardware	qualcomm	wcn6850	-	Yes
Hardware	qualcomm	wcn6851	-	Yes
Hardware	qualcomm	wcn6855	-	Yes
Hardware	qualcomm	wcn6856	-	Yes
Hardware	qualcomm	wsa8830	-	Yes
Hardware	qualcomm	wsa8835	-	Yes

References

https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin Patch, Vendor Advisory ([email protected])
https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For qualcomm's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.