CVE-2020-11214

Name: CVE-2020-11214
Creator: NVD / NIST
Published: 2021-01-21T10:15:14.62+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 0.78%

Last modified Jun 17, 2026

CVE-2020-11214 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking. EPSS estimates a 0.78% chance of exploitation in the next 30 days.

Description

Buffer over-read while processing NDL attribute if attribute length is larger than expected and then FW is treating it as more number of immutable schedules in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.78%

51.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-125

Affected Software

Vendor	Product	Versions
Qualcomm	Aqt1000	All versions
Qualcomm	Ar8031	All versions
Qualcomm	Ar8035	All versions
Qualcomm	Csr8811	All versions
Qualcomm	Csra6620	All versions
Qualcomm	Csra6640	All versions
Qualcomm	Csrb31024	All versions
Qualcomm	Ipq5010	All versions
Qualcomm	Ipq5018	All versions
Qualcomm	Ipq6000	All versions
Qualcomm	Ipq6005	All versions
Qualcomm	Ipq6010	All versions
Qualcomm	Ipq6018	All versions
Qualcomm	Ipq6028	All versions
Qualcomm	Ipq8070	All versions
Qualcomm	Ipq8070a	All versions
Qualcomm	Ipq8071	All versions
Qualcomm	Ipq8071a	All versions
Qualcomm	Ipq8072	All versions
Qualcomm	Ipq8072a	All versions
Qualcomm	Ipq8074	All versions
Qualcomm	Ipq8074a	All versions
Qualcomm	Ipq8076	All versions
Qualcomm	Ipq8076a	All versions
Qualcomm	Ipq8078	All versions
Qualcomm	Ipq8078a	All versions
Qualcomm	Ipq8173	All versions
Qualcomm	Ipq8174	All versions
Qualcomm	Mdm9206	All versions
Qualcomm	Pm3003a	All versions
Qualcomm	Pm4125	All versions
Qualcomm	Pm456	All versions
Qualcomm	Pm6125	All versions
Qualcomm	Pm6150	All versions
Qualcomm	Pm6150a	All versions
Qualcomm	Pm6150l	All versions
Qualcomm	Pm6250	All versions
Qualcomm	Pm6350	All versions
Qualcomm	Pm640a	All versions
Qualcomm	Pm640l	All versions
Qualcomm	Pm640p	All versions
Qualcomm	Pm660	All versions
Qualcomm	Pm660a	All versions
Qualcomm	Pm660l	All versions
Qualcomm	Pm7150a	All versions
Qualcomm	Pm7150l	All versions
Qualcomm	Pm7250	All versions
Qualcomm	Pm7250b	All versions
Qualcomm	Pm8004	All versions
Qualcomm	Pm8008	All versions

Showing 50 of 349 affected configurations. See NVD for the full list.

References

Timeline

Published: Jan 21, 2021
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-11214?

How severe is CVE-2020-11214?

CVE-2020-11214 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.78% probability of exploitation in the next 30 days.

How do I fix CVE-2020-11214?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-11214?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST