CVE-2020-11123 Information

Description

u’information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting user`s lock-screen password can be bypassed by performing the standard gatekeeper operations.’ in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon IoT Snapdragon Mobile Snapdragon Voice & Music Snapdragon Wearables Snapdragon Wired Infrastructure and Networking in APQ8009 APQ8009W APQ8017 APQ8037 APQ8053 APQ8064AU APQ8096 APQ8096AU APQ8096SG APQ8098 MDM8207 MDM9150 MDM9205 MDM9206 MDM9207 MDM9250 MDM9607 MDM9628 MDM9640 MDM9650 MDM9655 MSM8108 MSM8208 MSM8209 MSM8608 MSM8905 MSM8909 MSM8909W MSM8917 MSM8920 MSM8937 MSM8940 MSM8953 MSM8996 MSM8996AU MSM8996SG MSM8998 QCM4290 QCS405 QCS410 QCS4290 QCS603 QCS605 QCS610 QM215 QSM8250 QSM8350 SA415M SA515M SA6145P SA6150P SA6155 SA6155P SA8150P SA8155 SA8155P SA8195P SC7180 SC8180X SC8180XP SDA429W SDA640 SDA660 SDA670 SDA845 SDA855 SDM1000 SDM429 SDM429W SDM439 SDM450 SDM455 SDM630 SDM632 SDM636 SDM640 SDM660 SDM670 SDM710 SDM712 SDM830 SDM845 SDM850 SDW2500 SDX24 SDX50M SDX55 SDX55M SM4125 SM4250 SM4250P SM6115 SM6115P SM6125 SM6150 SM6150P SM6250 SM6250P SM6350 SM7125 SM7150 SM7150P SM7225 SM7250 SM7250P SM8150 SM8150P SM8250 SM8350 SM8350P SXR1120 SXR1130 SXR2130 SXR2130P WCD9330

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Reference

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5