CVE-2020-11114 Information

Description

u’Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to CVE-2019-17060CVE-2019-17061 and CVE-2019-17517 in Sweyntooth paper)’ in Snapdragon Compute Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon IoT Snapdragon Mobile Snapdragon Voice & Music in AR9344

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8