Details of VAR-202011-0208

ID

VAR-202011-0208

CVE

CVE-2020-11156

TITLE

plural Qualcomm Product input verification vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-012774

DESCRIPTION

u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in QCA6390, QCN7605, QCS404, SA415M, SA515M, SC8180X, SDX55, SM8250. plural Qualcomm The product contains an input verification vulnerability.Information is obtained and denial of service (DoS) It may be put into a state. The Qualcomm chip is a chip of Qualcomm (Qualcomm). A way to miniaturize circuits (mainly including semiconductor equipment, but also passive components, etc.) and often manufactured on the surface of semiconductor wafers. A number of Qualcomm products have an input verification error vulnerability. The vulnerability stems from the failure to check the length of the received L2cap data packet, which causes the buffer overread problem in the Bluetooth estack

Trust: 2.25

sources: NVD: CVE-2020-11156 // JVNDB: JVNDB-2020-012774 // CNNVD: CNNVD-202010-310 // VULMON: CVE-2020-11156

IOT TAXONOMY

category:	['other device', 'embedded device']	sub_category:	SoC	Trust: 0.1
category:	['other device', 'embedded device']	sub_category:	general	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sdx55	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sc8180x	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs404	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8250	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcn7605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6390	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa515m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa415m	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	sa515m	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sa415m	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qcn7605	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sm8250	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sdx55	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	sc8180x	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qca6390	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	qcs404	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012774 // NVD: CVE-2020-11156

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-11156
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-11156
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-310
value:	HIGH
Trust: 0.6
VULMON:	CVE-2020-11156
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-11156
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2020-11156
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2020-11156
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-11156 // JVNDB: JVNDB-2020-012774 // CNNVD: CNNVD-202010-310 // NVD: CVE-2020-11156

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-125	Trust: 1.0
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012774 // NVD: CVE-2020-11156

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202010-310

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202010-310

PATCH

title:	October 2020 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin	Trust: 0.8
title:	Google Android Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129607	Trust: 0.6

sources: JVNDB: JVNDB-2020-012774 // CNNVD: CNNVD-202010-310

EXTERNAL IDS

db:	NVD	id:	CVE-2020-11156	Trust: 2.6
db:	JVNDB	id:	JVNDB-2020-012774	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.3453	Trust: 0.6
db:	CNNVD	id:	CNNVD-202010-310	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	VULMON	id:	CVE-2020-11156	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-11156 // JVNDB: JVNDB-2020-012774 // CNNVD: CNNVD-202010-310 // NVD: CVE-2020-11156

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin	Trust: 1.7
url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11156	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3453/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-multiple-vulnerabilities-of-october-2020-33491	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/20.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-11156 // JVNDB: JVNDB-2020-012774 // CNNVD: CNNVD-202010-310 // NVD: CVE-2020-11156

SOURCES

db:	OTHER	id:	-
db:	VULMON	id:	CVE-2020-11156
db:	JVNDB	id:	JVNDB-2020-012774
db:	CNNVD	id:	CNNVD-202010-310
db:	NVD	id:	CVE-2020-11156

LAST UPDATE DATE

2025-01-30T22:05:02.926000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-11156	date:	2020-11-03T00:00:00
db:	JVNDB	id:	JVNDB-2020-012774	date:	2021-05-31T07:26:00
db:	CNNVD	id:	CNNVD-202010-310	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2020-11156	date:	2024-11-21T04:56:57.347

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-11156	date:	2020-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-012774	date:	2021-05-31T00:00:00
db:	CNNVD	id:	CNNVD-202010-310	date:	2020-10-06T00:00:00
db:	NVD	id:	CVE-2020-11156	date:	2020-11-02T07:15:13.733