cvelist/2020/11xxx/CVE-2020-11284.json

{
   "CVE_data_meta": {
      "ASSIGNER": "product-security@qualcomm.com",
      "ID": "CVE-2020-11284",
      "STATE": "PUBLIC"
   },
   "affects": {
      "vendor": {
         "vendor_data": [
            {
               "product": {
                  "product_data": [
                     {
                        "product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
                        "version": {
                           "version_data": [
                              {
                                 "version_value": "AQT1000, AR8035, PM3003A, PM4125, PM4250, PM6125, PM6150, PM6150A, PM6150L, PM6350, PM640A, PM640L, PM640P, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM855, PM855B, PM855L, PM855P, PM8998, PMD9655, PMI632, PMI8998, PMK8002, PMK8003, PMM8195AU, PMM855AU, PMR525, PMX24, PMX55, QAT3522, QAT3550, QBT1500, QBT2000, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6574AU, QCA6595, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS4290, QET4101, QET5100, QET6100, QET6105, QFS2530, QFS2580, QPA4360, QPA5460, QPA6560, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, SA6155P, SA8195P, SD 8C, SD 8CX, SD460, SD480, SD662, SD675, SD855, SD865 5G, SD870, SD888 5G, SDM830, SDR425, SDR660, SDR660G, SDR735, SDR735G, SDR8150, SDR8250, SDR865, SDX24, SDX55, SDX55M, SDXR2 5G, SM4125, SMB1351, SMB1354, SMB1355, SMB1390, SMB1396, SMR525, SMR526, SMR545, SMR546, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WGR7640, WHS9410, WSA8810, WSA8815, WTR2965, WTR3925, WTR5975"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name": "Qualcomm, Inc."
            }
         ]
      }
   },
   "data_format": "MITRE",
   "data_type": "CVE",
   "data_version": "4.0",
   "description": {
      "description_data": [
         {
            "lang": "eng",
            "value": "Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking"
         }
      ]
   },
   "impact": {
        "cvss": {
            "baseScore": "8.4",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
        }
    },    
   "problemtype": {
      "problemtype_data": [
         {
            "description": [
               {
                  "lang": "eng",
                  "value": "Improper Restriction of Operation Within Bounds of Memory Buffer in QTEE"
               }
            ]
         }
      ]
   },
   "references": {
      "reference_data": [
         {
            "name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
            "refsource": "CONFIRM",
            "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
         }
      ]
   }
}