What is CVE-2020-11284?

CVE-2020-11284 is a high-severity vulnerability in Qualcomm Aqt1000, classified under Improper Locking. CVSS score: 8.4/10. Published 2021-05-07.

How severe is CVE-2020-11284?

High severity. CVSS v3 base score is 8.4 out of 10.

Vulnerability in Qualcomm Aqt1000

CVE-2020-11284

Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Industr…

EPSS: 0.002 (5.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Qualcomm Aqt1000
Qualcomm Aqt1000_firmware
Qualcomm Ar8035
Qualcomm Ar8035_firmware
Qualcomm Pm3003a
Qualcomm Pm3003a_firmware
Qualcomm Pm4125
Qualcomm Pm4125_firmware
Qualcomm Pm4250
Qualcomm Pm4250_firmware

Weakness classification (CWE)

CWE-667 — Improper Locking

References

product-security@qualcomm.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2020-11284?: CVE-2020-11284 is a high-severity vulnerability in Qualcomm Aqt1000, classified under Improper Locking. CVSS score: 8.4/10. Published 2021-05-07.
How severe is CVE-2020-11284?: High severity. CVSS v3 base score is 8.4 out of 10.