CVE Published: 07/04/2021 |
CVE Updated: 04/08/2024 |
CVE Year: 2020 Source: qualcomm |
Vendor: Qualcomm, Inc. |
Product: Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile Status : PUBLISHED
CVE-2020-11231 Description
Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
Metrics
CVSS Version: 3.1 |
Base Score: 6.7 MEDIUM Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
l➤ Exploitability Metrics: Attack Vector (AV)* LOCAL Attack Complexity (AC)* LOW Privileges Required (PR)* HIGH User Interaction (UI)* NONE Scope (S)* UNCHANGED
l➤ Impact Metrics: Confidentiality Impact (C)* HIGH Integrity Impact (I)* HIGH Availability Impact (A)* HIGH
Weakness Enumeration (CWE)
CWE-ID: CWE Name: Double free Issue in GPS Source: Qualcomm, Inc.
Common Attack Pattern Enumeration and Classification (CAPEC)