Strix
26.1K

CVE-2020-11233

HIGHCVSS 7/10EPSS 0.13%

Last modified

CVE-2020-11233 is a high-severity vulnerability rated 7/10 on the CVSS scale. Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables. EPSS estimates a 0.13% chance of exploitation in the next 30 days.

Description

Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Metrics

CVSS 3.1
7/10

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.13%

3.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
QualcommApq8009 FirmwareAll versions
QualcommApq8009w FirmwareAll versions
QualcommApq8017 FirmwareAll versions
QualcommApq8053 FirmwareAll versions
QualcommApq8076 FirmwareAll versions
QualcommApq8096au FirmwareAll versions
QualcommCsr6030 FirmwareAll versions
QualcommMdm9206 FirmwareAll versions
QualcommMdm9230 FirmwareAll versions
QualcommMdm9250 FirmwareAll versions
QualcommMdm9330 FirmwareAll versions
QualcommMdm9607 FirmwareAll versions
QualcommMdm9626 FirmwareAll versions
QualcommMdm9628 FirmwareAll versions
QualcommMdm9630 FirmwareAll versions
QualcommMdm9640 FirmwareAll versions
QualcommMdm9650 FirmwareAll versions
QualcommMdm9655 FirmwareAll versions
QualcommMsm8909w FirmwareAll versions
QualcommMsm8937 FirmwareAll versions
QualcommMsm8996au FirmwareAll versions
QualcommPm215 FirmwareAll versions
QualcommPm439 FirmwareAll versions
QualcommPm660 FirmwareAll versions
QualcommPm8004 FirmwareAll versions
QualcommPm8909 FirmwareAll versions
QualcommPm8916 FirmwareAll versions
QualcommPm8937 FirmwareAll versions
QualcommPm8952 FirmwareAll versions
QualcommPm8953 FirmwareAll versions
QualcommPm8956 FirmwareAll versions
QualcommPm8996 FirmwareAll versions
QualcommPmd9607 FirmwareAll versions
QualcommPmd9635 FirmwareAll versions
QualcommPmd9645 FirmwareAll versions
QualcommPmd9655 FirmwareAll versions
QualcommPmi632 FirmwareAll versions
QualcommPmi8937 FirmwareAll versions
QualcommPmi8952 FirmwareAll versions
QualcommPmi8994 FirmwareAll versions
QualcommPmi8996 FirmwareAll versions
QualcommPmk8001 FirmwareAll versions
QualcommPmm8996au FirmwareAll versions
QualcommPmx20 FirmwareAll versions
QualcommQca4020 FirmwareAll versions
QualcommQca6174 FirmwareAll versions
QualcommQca6174a FirmwareAll versions
QualcommQca6564a FirmwareAll versions
QualcommQca6564au FirmwareAll versions
QualcommQca6574a FirmwareAll versions

Showing 50 of 112 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-11233?
Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
How severe is CVE-2020-11233?
CVE-2020-11233 has a CVSS score of 7/10 (HIGH severity). The EPSS model estimates a 0.13% probability of exploitation in the next 30 days.
How do I fix CVE-2020-11233?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-11233?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST