CVE-2020-11236

Memory corruption due to invalid value of total dimension in the non-histogram type KPI could lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Published: 2021-04-07 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2020-11236 is rated Moderate Risk (46.3/100): CVSS High severity, with low exploitation likelihood (EPSS 0.45%). Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2020-11236

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.17% 0.45% +0.28%
2 2025-03-30 0.25% 0.17% -0.09%
3 2025-03-29 0.25%

Full EPSS history (9 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2020-11236

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
8.4 3.1 HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H)
Serious risk that confidential data gets exposed in a big way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
2.5 5.9 [email protected]
5.5 3.1 MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Click to expand
Attack vector (AV:L)
They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:N)
Data isn’t meaningfully altered or forged.
Availability (A:H)
Could take the service down hard or make it unusable for people who depend on it.
1.8 3.6 [email protected]
7.8 2.0 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:C)
Complete availability impact.
10.0 6.9 [email protected]

Weakness enumeration for CVE-2020-11236

Affected software / configurations for CVE-2020-11236

Vendor Product Version Raw CPE
qualcomm csrb31024_firmware cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*
qualcomm pm3003a_firmware cpe:2.3:o:qualcomm:pm3003a_firmware:-:*:*:*:*:*:*:*
qualcomm pm6150a_firmware cpe:2.3:o:qualcomm:pm6150a_firmware:-:*:*:*:*:*:*:*
qualcomm pm6150l_firmware cpe:2.3:o:qualcomm:pm6150l_firmware:-:*:*:*:*:*:*:*
qualcomm pm6350_firmware cpe:2.3:o:qualcomm:pm6350_firmware:-:*:*:*:*:*:*:*
qualcomm pm7150a_firmware cpe:2.3:o:qualcomm:pm7150a_firmware:-:*:*:*:*:*:*:*
qualcomm pm7150l_firmware cpe:2.3:o:qualcomm:pm7150l_firmware:-:*:*:*:*:*:*:*
qualcomm pm7250_firmware cpe:2.3:o:qualcomm:pm7250_firmware:-:*:*:*:*:*:*:*
qualcomm pm7250b_firmware cpe:2.3:o:qualcomm:pm7250b_firmware:-:*:*:*:*:*:*:*
qualcomm pm8008_firmware cpe:2.3:o:qualcomm:pm8008_firmware:-:*:*:*:*:*:*:*
qualcomm pm8009_firmware cpe:2.3:o:qualcomm:pm8009_firmware:-:*:*:*:*:*:*:*
qualcomm pm8150a_firmware cpe:2.3:o:qualcomm:pm8150a_firmware:-:*:*:*:*:*:*:*
qualcomm pm8150b_firmware cpe:2.3:o:qualcomm:pm8150b_firmware:-:*:*:*:*:*:*:*
qualcomm pm8150c_firmware cpe:2.3:o:qualcomm:pm8150c_firmware:-:*:*:*:*:*:*:*
qualcomm pm8150l_firmware cpe:2.3:o:qualcomm:pm8150l_firmware:-:*:*:*:*:*:*:*
qualcomm pm8250_firmware cpe:2.3:o:qualcomm:pm8250_firmware:-:*:*:*:*:*:*:*
qualcomm pm8350_firmware cpe:2.3:o:qualcomm:pm8350_firmware:-:*:*:*:*:*:*:*
qualcomm pm8350b_firmware cpe:2.3:o:qualcomm:pm8350b_firmware:-:*:*:*:*:*:*:*
qualcomm pm8350bh_firmware cpe:2.3:o:qualcomm:pm8350bh_firmware:-:*:*:*:*:*:*:*
qualcomm pm8350c_firmware cpe:2.3:o:qualcomm:pm8350c_firmware:-:*:*:*:*:*:*:*
qualcomm pm855_firmware cpe:2.3:o:qualcomm:pm855_firmware:-:*:*:*:*:*:*:*
qualcomm pm855b_firmware cpe:2.3:o:qualcomm:pm855b_firmware:-:*:*:*:*:*:*:*
qualcomm pm855l_firmware cpe:2.3:o:qualcomm:pm855l_firmware:-:*:*:*:*:*:*:*
qualcomm pmk8002_firmware cpe:2.3:o:qualcomm:pmk8002_firmware:-:*:*:*:*:*:*:*
qualcomm pmk8003_firmware cpe:2.3:o:qualcomm:pmk8003_firmware:-:*:*:*:*:*:*:*
qualcomm pmk8350_firmware cpe:2.3:o:qualcomm:pmk8350_firmware:-:*:*:*:*:*:*:*
qualcomm pmr525_firmware cpe:2.3:o:qualcomm:pmr525_firmware:-:*:*:*:*:*:*:*
qualcomm pmr735a_firmware cpe:2.3:o:qualcomm:pmr735a_firmware:-:*:*:*:*:*:*:*
qualcomm pmr735b_firmware cpe:2.3:o:qualcomm:pmr735b_firmware:-:*:*:*:*:*:*:*
qualcomm pmx24_firmware cpe:2.3:o:qualcomm:pmx24_firmware:-:*:*:*:*:*:*:*
qualcomm pmx55_firmware cpe:2.3:o:qualcomm:pmx55_firmware:-:*:*:*:*:*:*:*
qualcomm pmx60_firmware cpe:2.3:o:qualcomm:pmx60_firmware:-:*:*:*:*:*:*:*
qualcomm qat3516_firmware cpe:2.3:o:qualcomm:qat3516_firmware:-:*:*:*:*:*:*:*
qualcomm qat3518_firmware cpe:2.3:o:qualcomm:qat3518_firmware:-:*:*:*:*:*:*:*
qualcomm qat3519_firmware cpe:2.3:o:qualcomm:qat3519_firmware:-:*:*:*:*:*:*:*
qualcomm qat3555_firmware cpe:2.3:o:qualcomm:qat3555_firmware:-:*:*:*:*:*:*:*
qualcomm qat5515_firmware cpe:2.3:o:qualcomm:qat5515_firmware:-:*:*:*:*:*:*:*
qualcomm qat5516_firmware cpe:2.3:o:qualcomm:qat5516_firmware:-:*:*:*:*:*:*:*
qualcomm qat5522_firmware cpe:2.3:o:qualcomm:qat5522_firmware:-:*:*:*:*:*:*:*
qualcomm qat5533_firmware cpe:2.3:o:qualcomm:qat5533_firmware:-:*:*:*:*:*:*:*
qualcomm qat5568_firmware cpe:2.3:o:qualcomm:qat5568_firmware:-:*:*:*:*:*:*:*
qualcomm qbt2000_firmware cpe:2.3:o:qualcomm:qbt2000_firmware:-:*:*:*:*:*:*:*
qualcomm qca6390_firmware cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*
qualcomm qca6391_firmware cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*
qualcomm qca6421_firmware cpe:2.3:o:qualcomm:qca6421_firmware:-:*:*:*:*:*:*:*
qualcomm qca6426_firmware cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*
qualcomm qca6431_firmware cpe:2.3:o:qualcomm:qca6431_firmware:-:*:*:*:*:*:*:*
qualcomm qca6436_firmware cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*
qualcomm qca6564au_firmware cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*
qualcomm qca6574a_firmware cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*
qualcomm qca6574au_firmware cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
qualcomm qca6584au_firmware cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*
qualcomm qca6595au_firmware cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*
qualcomm qca6696_firmware cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*
qualcomm qca8337_firmware cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*
qualcomm qdm2301_firmware cpe:2.3:o:qualcomm:qdm2301_firmware:-:*:*:*:*:*:*:*
qualcomm qdm2305_firmware cpe:2.3:o:qualcomm:qdm2305_firmware:-:*:*:*:*:*:*:*
qualcomm qdm2307_firmware cpe:2.3:o:qualcomm:qdm2307_firmware:-:*:*:*:*:*:*:*
qualcomm qdm2308_firmware cpe:2.3:o:qualcomm:qdm2308_firmware:-:*:*:*:*:*:*:*
qualcomm qdm2310_firmware cpe:2.3:o:qualcomm:qdm2310_firmware:-:*:*:*:*:*:*:*
qualcomm qdm3301_firmware cpe:2.3:o:qualcomm:qdm3301_firmware:-:*:*:*:*:*:*:*
qualcomm qdm4643_firmware cpe:2.3:o:qualcomm:qdm4643_firmware:-:*:*:*:*:*:*:*
qualcomm qdm4650_firmware cpe:2.3:o:qualcomm:qdm4650_firmware:-:*:*:*:*:*:*:*
qualcomm qdm5620_firmware cpe:2.3:o:qualcomm:qdm5620_firmware:-:*:*:*:*:*:*:*
qualcomm qdm5621_firmware cpe:2.3:o:qualcomm:qdm5621_firmware:-:*:*:*:*:*:*:*
qualcomm qdm5650_firmware cpe:2.3:o:qualcomm:qdm5650_firmware:-:*:*:*:*:*:*:*
qualcomm qdm5652_firmware cpe:2.3:o:qualcomm:qdm5652_firmware:-:*:*:*:*:*:*:*
qualcomm qdm5670_firmware cpe:2.3:o:qualcomm:qdm5670_firmware:-:*:*:*:*:*:*:*
qualcomm qdm5671_firmware cpe:2.3:o:qualcomm:qdm5671_firmware:-:*:*:*:*:*:*:*
qualcomm qdm5677_firmware cpe:2.3:o:qualcomm:qdm5677_firmware:-:*:*:*:*:*:*:*
qualcomm qdm5679_firmware cpe:2.3:o:qualcomm:qdm5679_firmware:-:*:*:*:*:*:*:*
qualcomm qet4101_firmware cpe:2.3:o:qualcomm:qet4101_firmware:-:*:*:*:*:*:*:*
qualcomm qet5100_firmware cpe:2.3:o:qualcomm:qet5100_firmware:-:*:*:*:*:*:*:*
qualcomm qet5100m_firmware cpe:2.3:o:qualcomm:qet5100m_firmware:-:*:*:*:*:*:*:*
qualcomm qet6100_firmware cpe:2.3:o:qualcomm:qet6100_firmware:-:*:*:*:*:*:*:*
qualcomm qet6110_firmware cpe:2.3:o:qualcomm:qet6110_firmware:-:*:*:*:*:*:*:*
qualcomm qfs2530_firmware cpe:2.3:o:qualcomm:qfs2530_firmware:-:*:*:*:*:*:*:*
qualcomm qfs2580_firmware cpe:2.3:o:qualcomm:qfs2580_firmware:-:*:*:*:*:*:*:*
qualcomm qfs2608_firmware cpe:2.3:o:qualcomm:qfs2608_firmware:-:*:*:*:*:*:*:*
qualcomm qfs2630_firmware cpe:2.3:o:qualcomm:qfs2630_firmware:-:*:*:*:*:*:*:*

References for CVE-2020-11236

cvelogic Threat Intelligence