CVE-2020-11290
https://notcve.org/view.php?id=CVE-2020-11290
Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables Un uso de la memoria previamente liberada en eventos ioctl de msm debido una carrera entre el registro ioctl y los eventos de cancelación del registro en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin • CWE-416: Use After Free •
CVE-2020-11228
https://notcve.org/view.php?id=CVE-2020-11228
Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking Parte de la región RPM no estaba protegida de xblSec en sí debido a una política inapropiada y conlleva a un acceso sin privilegios en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking • https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin •
CVE-2020-11227
https://notcve.org/view.php?id=CVE-2020-11227
Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Una escritura fuera de límite mientras se analiza el análisis de paquetes RTT/TTY debido a una falta de comprobación del tamaño del búfer antes de copiar en el búfer en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin • CWE-129: Improper Validation of Array Index CWE-787: Out-of-bounds Write •
CVE-2020-11226
https://notcve.org/view.php?id=CVE-2020-11226
Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Una lectura de memoria fuera de límite en el módem de datos mientras se descomprimen los datos debido a una falta de comprobación de longitud de desplazamiento en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin • CWE-125: Out-of-bounds Read CWE-129: Improper Validation of Array Index •
CVE-2020-11220
https://notcve.org/view.php?id=CVE-2020-11220
While processing storage SCM commands there is a time of check or time of use window where a pointer used could be invalid at a specific time while executing the storage SCM call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking Mientras se procesan los comandos de almacenamiento SCM, se presenta una ventana de tiempo de comprobación o tiempo de uso en la que un puntero usado podría no ser válido en un momento específico mientras se ejecuta la llamada SCM de almacenamiento en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking • https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •