What is CVE-2020-11153?

CVE-2020-11153 is a critical-severity vulnerability in Qualcomm Apq8053, classified under Out-of-bounds Write. CVSS score: 9.8/10. Published 2020-11-02.

How severe is CVE-2020-11153?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Buffer overflow in Qualcomm Apq8053

CVE-2020-11153

u'Out of bound memory access while processing GATT data received due to lack of check of pdu data length and leads to remote code execution' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics C…

Vulnerability class: Buffer Overflow

EPSS: 0.022 (80.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Qualcomm Apq8053
Qualcomm Apq8053_firmware
Qualcomm Qca6390
Qualcomm Qca6390_firmware
Qualcomm Qca9379
Qualcomm Qca9379_firmware
Qualcomm Qcn7605
Qualcomm Qcn7605_firmware
Qualcomm Sc8180x
Qualcomm Sc8180x_firmware

Weakness classification (CWE)

CWE-787 — Out-of-bounds Write

References

product-security@qualcomm.com (x_refsource_CONFIRM, Broken Link)
nvd@nist.gov (Vendor Advisory)

Frequently asked questions

What is CVE-2020-11153?: CVE-2020-11153 is a critical-severity vulnerability in Qualcomm Apq8053, classified under Out-of-bounds Write. CVSS score: 9.8/10. Published 2020-11-02.
How severe is CVE-2020-11153?: Critical severity. CVSS v3 base score is 9.8 out of 10.