Strix
26.1K

CVE-2020-11137

CRITICALCVSS 9.8/10EPSS 1.08%

Last modified

CVE-2020-11137 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Integer multiplication overflow resulting in lower buffer size allocation than expected causes memory access out of bounds resulting in possible device instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking. EPSS estimates a 1.08% chance of exploitation in the next 30 days.

Description

Integer multiplication overflow resulting in lower buffer size allocation than expected causes memory access out of bounds resulting in possible device instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Metrics

CVSS 3.1
9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
1.08%

61.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
QualcommApq8009All versions
QualcommApq8009wAll versions
QualcommApq8017All versions
QualcommApq8030All versions
QualcommApq8037All versions
QualcommApq8052All versions
QualcommApq8053All versions
QualcommApq8056All versions
QualcommApq8062All versions
QualcommApq8064All versions
QualcommApq8064auAll versions
QualcommApq8076All versions
QualcommApq8084All versions
QualcommApq8096auAll versions
QualcommAqt1000All versions
QualcommAr6003All versions
QualcommAr8031All versions
QualcommAr8035All versions
QualcommAr8151All versions
QualcommCsra6620All versions
QualcommCsra6640All versions
QualcommCsrb31024All versions
QualcommMdm8215All versions
QualcommMdm8215mAll versions
QualcommMdm8615mAll versions
QualcommMdm8635mAll versions
QualcommMdm9215All versions
QualcommMdm9225All versions
QualcommMdm9225mAll versions
QualcommMdm9230All versions
QualcommMdm9235mAll versions
QualcommMdm9310All versions
QualcommMdm9330All versions
QualcommMdm9607All versions
QualcommMdm9615All versions
QualcommMdm9615mAll versions
QualcommMdm9625All versions
QualcommMdm9625mAll versions
QualcommMdm9628All versions
QualcommMdm9630All versions
QualcommMdm9635mAll versions
QualcommMdm9640All versions
QualcommMdm9645All versions
QualcommMdm9650All versions
QualcommMdm9655All versions
QualcommMpq8064All versions
QualcommMsm8108All versions
QualcommMsm8208All versions
QualcommMsm8209All versions
QualcommMsm8226All versions

Showing 50 of 491 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-11137?
Integer multiplication overflow resulting in lower buffer size allocation than expected causes memory access out of bounds resulting in possible device instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
How severe is CVE-2020-11137?
CVE-2020-11137 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.08% probability of exploitation in the next 30 days.
How do I fix CVE-2020-11137?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-11137?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST