CVE-2020-11231

Two threads call one or both functions concurrently leading to corruption of pointers and reference counters which in turn can lead to heap corruption in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Published: 2021-04-07 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2020-11231 is rated Low Risk (28.5/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.15%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2020-11231

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.05% 0.15% +0.11%
2 2025-03-30 0.09% 0.05% -0.04%
3 2025-03-29 0.09%

Full EPSS history (8 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2020-11231

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
6.7 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
0.8 5.9 [email protected]
6.7 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:H)
They need powerful rights—admin, root, or similar—before this pays off.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
0.8 5.9 [email protected]
4.6 2.0 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:L)
Requires local access to the target system.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
3.9 6.4 [email protected]

Weakness enumeration for CVE-2020-11231

Affected software / configurations for CVE-2020-11231

Vendor Product Version Raw CPE
qualcomm apq8017_firmware cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*
qualcomm apq8053_firmware cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*
qualcomm aqt1000_firmware cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*
qualcomm msm8917_firmware cpe:2.3:o:qualcomm:msm8917_firmware:-:*:*:*:*:*:*:*
qualcomm msm8953_firmware cpe:2.3:o:qualcomm:msm8953_firmware:-:*:*:*:*:*:*:*
qualcomm pm215_firmware cpe:2.3:o:qualcomm:pm215_firmware:-:*:*:*:*:*:*:*
qualcomm pm3003a_firmware cpe:2.3:o:qualcomm:pm3003a_firmware:-:*:*:*:*:*:*:*
qualcomm pm439_firmware cpe:2.3:o:qualcomm:pm439_firmware:-:*:*:*:*:*:*:*
qualcomm pm6125_firmware cpe:2.3:o:qualcomm:pm6125_firmware:-:*:*:*:*:*:*:*
qualcomm pm6150_firmware cpe:2.3:o:qualcomm:pm6150_firmware:-:*:*:*:*:*:*:*
qualcomm pm6150l_firmware cpe:2.3:o:qualcomm:pm6150l_firmware:-:*:*:*:*:*:*:*
qualcomm pm7150a_firmware cpe:2.3:o:qualcomm:pm7150a_firmware:-:*:*:*:*:*:*:*
qualcomm pm7150l_firmware cpe:2.3:o:qualcomm:pm7150l_firmware:-:*:*:*:*:*:*:*
qualcomm pm7250_firmware cpe:2.3:o:qualcomm:pm7250_firmware:-:*:*:*:*:*:*:*
qualcomm pm7250b_firmware cpe:2.3:o:qualcomm:pm7250b_firmware:-:*:*:*:*:*:*:*
qualcomm pm7350c_firmware cpe:2.3:o:qualcomm:pm7350c_firmware:-:*:*:*:*:*:*:*
qualcomm pm8008_firmware cpe:2.3:o:qualcomm:pm8008_firmware:-:*:*:*:*:*:*:*
qualcomm pm8009_firmware cpe:2.3:o:qualcomm:pm8009_firmware:-:*:*:*:*:*:*:*
qualcomm pm8150a_firmware cpe:2.3:o:qualcomm:pm8150a_firmware:-:*:*:*:*:*:*:*
qualcomm pm8150b_firmware cpe:2.3:o:qualcomm:pm8150b_firmware:-:*:*:*:*:*:*:*
qualcomm pm8150c_firmware cpe:2.3:o:qualcomm:pm8150c_firmware:-:*:*:*:*:*:*:*
qualcomm pm8150l_firmware cpe:2.3:o:qualcomm:pm8150l_firmware:-:*:*:*:*:*:*:*
qualcomm pm8250_firmware cpe:2.3:o:qualcomm:pm8250_firmware:-:*:*:*:*:*:*:*
qualcomm pm8350_firmware cpe:2.3:o:qualcomm:pm8350_firmware:-:*:*:*:*:*:*:*
qualcomm pm8350b_firmware cpe:2.3:o:qualcomm:pm8350b_firmware:-:*:*:*:*:*:*:*
qualcomm pm8350bh_firmware cpe:2.3:o:qualcomm:pm8350bh_firmware:-:*:*:*:*:*:*:*
qualcomm pm8350bhs_firmware cpe:2.3:o:qualcomm:pm8350bhs_firmware:-:*:*:*:*:*:*:*
qualcomm pm8350c_firmware cpe:2.3:o:qualcomm:pm8350c_firmware:-:*:*:*:*:*:*:*
qualcomm pm855_firmware cpe:2.3:o:qualcomm:pm855_firmware:-:*:*:*:*:*:*:*
qualcomm pm855b_firmware cpe:2.3:o:qualcomm:pm855b_firmware:-:*:*:*:*:*:*:*
qualcomm pm855l_firmware cpe:2.3:o:qualcomm:pm855l_firmware:-:*:*:*:*:*:*:*
qualcomm pm8937_firmware cpe:2.3:o:qualcomm:pm8937_firmware:-:*:*:*:*:*:*:*
qualcomm pm8953_firmware cpe:2.3:o:qualcomm:pm8953_firmware:-:*:*:*:*:*:*:*
qualcomm pmi632_firmware cpe:2.3:o:qualcomm:pmi632_firmware:-:*:*:*:*:*:*:*
qualcomm pmi8937_firmware cpe:2.3:o:qualcomm:pmi8937_firmware:-:*:*:*:*:*:*:*
qualcomm pmi8952_firmware cpe:2.3:o:qualcomm:pmi8952_firmware:-:*:*:*:*:*:*:*
qualcomm pmk7350_firmware cpe:2.3:o:qualcomm:pmk7350_firmware:-:*:*:*:*:*:*:*
qualcomm pmk8002_firmware cpe:2.3:o:qualcomm:pmk8002_firmware:-:*:*:*:*:*:*:*
qualcomm pmk8350_firmware cpe:2.3:o:qualcomm:pmk8350_firmware:-:*:*:*:*:*:*:*
qualcomm pmr525_firmware cpe:2.3:o:qualcomm:pmr525_firmware:-:*:*:*:*:*:*:*
qualcomm pmr735a_firmware cpe:2.3:o:qualcomm:pmr735a_firmware:-:*:*:*:*:*:*:*
qualcomm pmr735b_firmware cpe:2.3:o:qualcomm:pmr735b_firmware:-:*:*:*:*:*:*:*
qualcomm pmx55_firmware cpe:2.3:o:qualcomm:pmx55_firmware:-:*:*:*:*:*:*:*
qualcomm qat3514_firmware cpe:2.3:o:qualcomm:qat3514_firmware:-:*:*:*:*:*:*:*
qualcomm qat3516_firmware cpe:2.3:o:qualcomm:qat3516_firmware:-:*:*:*:*:*:*:*
qualcomm qat3518_firmware cpe:2.3:o:qualcomm:qat3518_firmware:-:*:*:*:*:*:*:*
qualcomm qat3519_firmware cpe:2.3:o:qualcomm:qat3519_firmware:-:*:*:*:*:*:*:*
qualcomm qat3522_firmware cpe:2.3:o:qualcomm:qat3522_firmware:-:*:*:*:*:*:*:*
qualcomm qat3555_firmware cpe:2.3:o:qualcomm:qat3555_firmware:-:*:*:*:*:*:*:*
qualcomm qat5515_firmware cpe:2.3:o:qualcomm:qat5515_firmware:-:*:*:*:*:*:*:*
qualcomm qat5516_firmware cpe:2.3:o:qualcomm:qat5516_firmware:-:*:*:*:*:*:*:*
qualcomm qat5522_firmware cpe:2.3:o:qualcomm:qat5522_firmware:-:*:*:*:*:*:*:*
qualcomm qat5533_firmware cpe:2.3:o:qualcomm:qat5533_firmware:-:*:*:*:*:*:*:*
qualcomm qat5568_firmware cpe:2.3:o:qualcomm:qat5568_firmware:-:*:*:*:*:*:*:*
qualcomm qbt1500_firmware cpe:2.3:o:qualcomm:qbt1500_firmware:-:*:*:*:*:*:*:*
qualcomm qbt2000_firmware cpe:2.3:o:qualcomm:qbt2000_firmware:-:*:*:*:*:*:*:*
qualcomm qca6390_firmware cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*
qualcomm qca6391_firmware cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*
qualcomm qca6421_firmware cpe:2.3:o:qualcomm:qca6421_firmware:-:*:*:*:*:*:*:*
qualcomm qca6426_firmware cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*
qualcomm qca6431_firmware cpe:2.3:o:qualcomm:qca6431_firmware:-:*:*:*:*:*:*:*
qualcomm qca6436_firmware cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*
qualcomm qcm4290_firmware cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*
qualcomm qcm6125_firmware cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*
qualcomm qcs4290_firmware cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*
qualcomm qcs610_firmware cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*
qualcomm qcs6125_firmware cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*
qualcomm qdm2301_firmware cpe:2.3:o:qualcomm:qdm2301_firmware:-:*:*:*:*:*:*:*
qualcomm qdm2302_firmware cpe:2.3:o:qualcomm:qdm2302_firmware:-:*:*:*:*:*:*:*
qualcomm qdm2305_firmware cpe:2.3:o:qualcomm:qdm2305_firmware:-:*:*:*:*:*:*:*
qualcomm qdm2307_firmware cpe:2.3:o:qualcomm:qdm2307_firmware:-:*:*:*:*:*:*:*
qualcomm qdm2308_firmware cpe:2.3:o:qualcomm:qdm2308_firmware:-:*:*:*:*:*:*:*
qualcomm qdm2310_firmware cpe:2.3:o:qualcomm:qdm2310_firmware:-:*:*:*:*:*:*:*
qualcomm qdm3301_firmware cpe:2.3:o:qualcomm:qdm3301_firmware:-:*:*:*:*:*:*:*
qualcomm qdm3302_firmware cpe:2.3:o:qualcomm:qdm3302_firmware:-:*:*:*:*:*:*:*
qualcomm qdm4643_firmware cpe:2.3:o:qualcomm:qdm4643_firmware:-:*:*:*:*:*:*:*
qualcomm qdm4650_firmware cpe:2.3:o:qualcomm:qdm4650_firmware:-:*:*:*:*:*:*:*
qualcomm qdm5579_firmware cpe:2.3:o:qualcomm:qdm5579_firmware:-:*:*:*:*:*:*:*
qualcomm qdm5620_firmware cpe:2.3:o:qualcomm:qdm5620_firmware:-:*:*:*:*:*:*:*
qualcomm qdm5621_firmware cpe:2.3:o:qualcomm:qdm5621_firmware:-:*:*:*:*:*:*:*

References for CVE-2020-11231

cvelogic Threat Intelligence