Vulnerabilities > CVE-2020-11129 - Use After Free vulnerability in Qualcomm products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

qualcomm

CWE-416

NVD

Published: 2020-09-09

Updated: 2020-09-14

Summary

u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free' in Snapdragon Consumer IOT, Snapdragon Mobile in Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR2130

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Bitra Firmware - Qualcomm Kamorta Firmware - Qualcomm Qcs605 Firmware - Qualcomm Saipan Firmware - Qualcomm Sdm710 Firmware - Qualcomm Sm8250 Firmware - Qualcomm Sxr2130 Firmware -	7
Hardware	Qualcomm Qualcomm Bitra - Qualcomm Kamorta - Qualcomm Qcs605 - Qualcomm Saipan - Qualcomm Sdm710 - Qualcomm Sm8250 - Qualcomm Sxr2130 -	7

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin