CVSS: 6.9EPSS: 0%CPEs: 160EXPL: 0CVE-2020-11152
https://notcve.org/view.php?id=CVE-2020-11152
Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Una condición de carrera en la capa HAL al procesar objetos de devolución de llamada recibidos desde HIDL debido a una falta de sincronización entre los objetos de acceso en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.5EPSS: 0%CPEs: 413EXPL: 0CVE-2020-11145
https://notcve.org/view.php?id=CVE-2020-11145
Divide by zero issue can happen while updating delta extension header due to improper validation of master SN and extension header SN in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Un problema de división por cero puede ocurrir mientras se actualiza el encabezado de la extensión delta debido a una comprobación inapropiada del SN maestro y del encabezado de extensión SN en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin • CWE-369: Divide By Zero •
CVSS: 9.1EPSS: 0%CPEs: 414EXPL: 0CVE-2020-11144
https://notcve.org/view.php?id=CVE-2020-11144
Buffer over-read while UE process invalid DL ROHC packet for decompression due to lack of check of size of compresses packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Una lectura excesiva del búfer mientras UE procesa un paquete DL ROHC no válido para descompresión debido a una falta de comprobación del tamaño del paquete de compresas en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 491EXPL: 0CVE-2020-11137
https://notcve.org/view.php?id=CVE-2020-11137
Integer multiplication overflow resulting in lower buffer size allocation than expected causes memory access out of bounds resulting in possible device instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Un desbordamiento de la multiplicación de enteros resultando en una asignación de tamaño del búfer más baja de lo esperado hace que el acceso a la memoria esté fuera de los límites, resultando en una posible inestabilidad del dispositivo en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin • CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 491EXPL: 0CVE-2020-11138
https://notcve.org/view.php?id=CVE-2020-11138
Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitialized heap memory result in instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Los punteros no inicializados accedidos durante la reproducción de música con un flujo de bits incorrecto debido a una memoria de la pila no inicializada resultan en una inestabilidad en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/december-2020-security-bulletin • CWE-824: Access of Uninitialized Pointer •