An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface & endpoint are made together. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Conclusion & alert: CVE-2020-11286 is rated Low Risk (29.1/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.16%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.04% | 0.16% | +0.11% |
| 2 | 2025-03-30 | 0.09% | 0.04% | -0.04% |
| 3 | 2025-03-29 | — | 0.09% | — |
Full EPSS history (9 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 6.8 | 3.1 | MEDIUM |
|
0.9 | 5.9 | [email protected] |
| 4.6 | 2.0 | MEDIUM |
|
3.9 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| qualcomm | apq8009 | — | cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:* |
| qualcomm | apq8009w | — | cpe:2.3:h:qualcomm:apq8009w:-:*:*:*:*:*:*:* |
| qualcomm | apq8017 | — | cpe:2.3:h:qualcomm:apq8017:-:*:*:*:*:*:*:* |
| qualcomm | apq8053 | — | cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:* |
| qualcomm | apq8064au | — | cpe:2.3:h:qualcomm:apq8064au:-:*:*:*:*:*:*:* |
| qualcomm | apq8076 | — | cpe:2.3:h:qualcomm:apq8076:-:*:*:*:*:*:*:* |
| qualcomm | apq8096au | — | cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:* |
| qualcomm | ar8151 | — | cpe:2.3:h:qualcomm:ar8151:-:*:*:*:*:*:*:* |
| qualcomm | csr6030 | — | cpe:2.3:h:qualcomm:csr6030:-:*:*:*:*:*:*:* |
| qualcomm | mdm9206 | — | cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:* |
| qualcomm | mdm9230 | — | cpe:2.3:h:qualcomm:mdm9230:-:*:*:*:*:*:*:* |
| qualcomm | mdm9250 | — | cpe:2.3:h:qualcomm:mdm9250:-:*:*:*:*:*:*:* |
| qualcomm | mdm9330 | — | cpe:2.3:h:qualcomm:mdm9330:-:*:*:*:*:*:*:* |
| qualcomm | mdm9607 | — | cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:* |
| qualcomm | mdm9626 | — | cpe:2.3:h:qualcomm:mdm9626:-:*:*:*:*:*:*:* |
| qualcomm | mdm9628 | — | cpe:2.3:h:qualcomm:mdm9628:-:*:*:*:*:*:*:* |
| qualcomm | mdm9630 | — | cpe:2.3:h:qualcomm:mdm9630:-:*:*:*:*:*:*:* |
| qualcomm | mdm9640 | — | cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:* |
| qualcomm | mdm9650 | — | cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:* |
| qualcomm | mdm9655 | — | cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:* |
| qualcomm | msm8909w | — | cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:* |
| qualcomm | msm8937 | — | cpe:2.3:h:qualcomm:msm8937:-:*:*:*:*:*:*:* |
| qualcomm | msm8996au | — | cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:* |
| qualcomm | pm660 | — | cpe:2.3:h:qualcomm:pm660:-:*:*:*:*:*:*:* |
| qualcomm | pm660a | — | cpe:2.3:h:qualcomm:pm660a:-:*:*:*:*:*:*:* |
| qualcomm | pm660l | — | cpe:2.3:h:qualcomm:pm660l:-:*:*:*:*:*:*:* |
| qualcomm | pm8004 | — | cpe:2.3:h:qualcomm:pm8004:-:*:*:*:*:*:*:* |
| qualcomm | pm8005 | — | cpe:2.3:h:qualcomm:pm8005:-:*:*:*:*:*:*:* |
| qualcomm | pm8909 | — | cpe:2.3:h:qualcomm:pm8909:-:*:*:*:*:*:*:* |
| qualcomm | pm8916 | — | cpe:2.3:h:qualcomm:pm8916:-:*:*:*:*:*:*:* |
| qualcomm | pm8937 | — | cpe:2.3:h:qualcomm:pm8937:-:*:*:*:*:*:*:* |
| qualcomm | pm8952 | — | cpe:2.3:h:qualcomm:pm8952:-:*:*:*:*:*:*:* |
| qualcomm | pm8953 | — | cpe:2.3:h:qualcomm:pm8953:-:*:*:*:*:*:*:* |
| qualcomm | pm8956 | — | cpe:2.3:h:qualcomm:pm8956:-:*:*:*:*:*:*:* |
| qualcomm | pm8996 | — | cpe:2.3:h:qualcomm:pm8996:-:*:*:*:*:*:*:* |
| qualcomm | pm8998 | — | cpe:2.3:h:qualcomm:pm8998:-:*:*:*:*:*:*:* |
| qualcomm | pmd9607 | — | cpe:2.3:h:qualcomm:pmd9607:-:*:*:*:*:*:*:* |
| qualcomm | pmd9635 | — | cpe:2.3:h:qualcomm:pmd9635:-:*:*:*:*:*:*:* |
| qualcomm | pmd9645 | — | cpe:2.3:h:qualcomm:pmd9645:-:*:*:*:*:*:*:* |
| qualcomm | pmd9655 | — | cpe:2.3:h:qualcomm:pmd9655:-:*:*:*:*:*:*:* |
| qualcomm | pmi8937 | — | cpe:2.3:h:qualcomm:pmi8937:-:*:*:*:*:*:*:* |
| qualcomm | pmi8952 | — | cpe:2.3:h:qualcomm:pmi8952:-:*:*:*:*:*:*:* |
| qualcomm | pmi8994 | — | cpe:2.3:h:qualcomm:pmi8994:-:*:*:*:*:*:*:* |
| qualcomm | pmi8996 | — | cpe:2.3:h:qualcomm:pmi8996:-:*:*:*:*:*:*:* |
| qualcomm | pmi8998 | — | cpe:2.3:h:qualcomm:pmi8998:-:*:*:*:*:*:*:* |
| qualcomm | pmk8001 | — | cpe:2.3:h:qualcomm:pmk8001:-:*:*:*:*:*:*:* |
| qualcomm | pmm8996au | — | cpe:2.3:h:qualcomm:pmm8996au:-:*:*:*:*:*:*:* |
| qualcomm | pmx20 | — | cpe:2.3:h:qualcomm:pmx20:-:*:*:*:*:*:*:* |
| qualcomm | qat3514 | — | cpe:2.3:h:qualcomm:qat3514:-:*:*:*:*:*:*:* |
| qualcomm | qat3522 | — | cpe:2.3:h:qualcomm:qat3522:-:*:*:*:*:*:*:* |
| qualcomm | qat3550 | — | cpe:2.3:h:qualcomm:qat3550:-:*:*:*:*:*:*:* |
| qualcomm | qbt1000 | — | cpe:2.3:h:qualcomm:qbt1000:-:*:*:*:*:*:*:* |
| qualcomm | qbt1500 | — | cpe:2.3:h:qualcomm:qbt1500:-:*:*:*:*:*:*:* |
| qualcomm | qca6174 | — | cpe:2.3:h:qualcomm:qca6174:-:*:*:*:*:*:*:* |
| qualcomm | qca6174a | — | cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:* |
| qualcomm | qca6310 | — | cpe:2.3:h:qualcomm:qca6310:-:*:*:*:*:*:*:* |
| qualcomm | qca6320 | — | cpe:2.3:h:qualcomm:qca6320:-:*:*:*:*:*:*:* |
| qualcomm | qca6564a | — | cpe:2.3:h:qualcomm:qca6564a:-:*:*:*:*:*:*:* |
| qualcomm | qca6564au | — | cpe:2.3:h:qualcomm:qca6564au:-:*:*:*:*:*:*:* |
| qualcomm | qca6574 | — | cpe:2.3:h:qualcomm:qca6574:-:*:*:*:*:*:*:* |
| qualcomm | qca6574a | — | cpe:2.3:h:qualcomm:qca6574a:-:*:*:*:*:*:*:* |
| qualcomm | qca6574au | — | cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:* |
| qualcomm | qca6584 | — | cpe:2.3:h:qualcomm:qca6584:-:*:*:*:*:*:*:* |
| qualcomm | qca6584au | — | cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:* |
| qualcomm | qca9367 | — | cpe:2.3:h:qualcomm:qca9367:-:*:*:*:*:*:*:* |
| qualcomm | qca9377 | — | cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:* |
| qualcomm | qet4100 | — | cpe:2.3:h:qualcomm:qet4100:-:*:*:*:*:*:*:* |
| qualcomm | qet4101 | — | cpe:2.3:h:qualcomm:qet4101:-:*:*:*:*:*:*:* |
| qualcomm | qet4200aq | — | cpe:2.3:h:qualcomm:qet4200aq:-:*:*:*:*:*:*:* |
| qualcomm | qfe1035 | — | cpe:2.3:h:qualcomm:qfe1035:-:*:*:*:*:*:*:* |
| qualcomm | qfe1040 | — | cpe:2.3:h:qualcomm:qfe1040:-:*:*:*:*:*:*:* |
| qualcomm | qfe1045 | — | cpe:2.3:h:qualcomm:qfe1045:-:*:*:*:*:*:*:* |
| qualcomm | qfe2340 | — | cpe:2.3:h:qualcomm:qfe2340:-:*:*:*:*:*:*:* |
| qualcomm | qfe2550 | — | cpe:2.3:h:qualcomm:qfe2550:-:*:*:*:*:*:*:* |
| qualcomm | qfe3100 | — | cpe:2.3:h:qualcomm:qfe3100:-:*:*:*:*:*:*:* |
| qualcomm | qfe3320 | — | cpe:2.3:h:qualcomm:qfe3320:-:*:*:*:*:*:*:* |
| qualcomm | qfe3335 | — | cpe:2.3:h:qualcomm:qfe3335:-:*:*:*:*:*:*:* |
| qualcomm | qfe3345 | — | cpe:2.3:h:qualcomm:qfe3345:-:*:*:*:*:*:*:* |
| qualcomm | qln1021aq | — | cpe:2.3:h:qualcomm:qln1021aq:-:*:*:*:*:*:*:* |
| qualcomm | qln1030 | — | cpe:2.3:h:qualcomm:qln1030:-:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin | Patch Vendor Advisory |