What is CVE-2020-11120?

CVE-2020-11120 is a high-severity vulnerability in Qualcomm Apq8096au, classified under Use After Free. CVSS score: 7.8/10. Published 2020-09-08.

How severe is CVE-2020-11120?

High severity. CVSS v3 base score is 7.8 out of 10.

Is CVE-2020-11120 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Use After Free in Qualcomm Apq8096au

CVE-2020-11120

u'Calling thread may free the data buffer pointer that was passed to the callback and later when event loop executes the callback, data buffer may not be valid and will lead to use after free scenario' in Snapdragon Auto, Snapdragon Comput…

Vulnerability class: Use-After-Free

EPSS: 0.002 (8.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

CWE-416 — Use After Free

Public proof-of-concept exploits

404notf0und/CVE-Flow

References

product-security@qualcomm.com (x_refsource_CONFIRM, Broken Link)
nvd@nist.gov (Vendor Advisory)

Frequently asked questions

What is CVE-2020-11120?: CVE-2020-11120 is a high-severity vulnerability in Qualcomm Apq8096au, classified under Use After Free. CVSS score: 7.8/10. Published 2020-09-08.
How severe is CVE-2020-11120?: High severity. CVSS v3 base score is 7.8 out of 10.
Is CVE-2020-11120 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.