CVE-2020-11228

CVE Database · CVE-2020-11228

CVE-2020-11228

· HIGHModified

CVSS v3.1

7.8

EPSS

0.21%

Published

Mar 17, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Part of RPM region was not protected from xblSec itself due to improper policy and leads to unprivileged access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products (262)

qualcomm · aqt1000_firmwarevulnerable

qualcomm · aqt1000

qualcomm · ar8035_firmwarevulnerable

qualcomm · ar8035

qualcomm · pm4125_firmwarevulnerable

qualcomm · pm4125

qualcomm · pm4250_firmwarevulnerable

qualcomm · pm4250

qualcomm · pm6125_firmwarevulnerable

qualcomm · pm6125

qualcomm · pm6150_firmwarevulnerable

· pm6150

References (2)

https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs