ACTIVELY EXPLOITED3 sources verified·1 min read
By Lyrie Threat Intelligence·12/1/2021
CVE-2020-11261 added to CISA KEV: Qualcomm Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Status: ✅ Confirmed exploited in the wild
Date added: 2021-12-01
Required action: Apply updates per vendor instructions.
Due date: 2022-06-01
Why this matters
Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Sources
Lyrie Verdict
Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.
#qualcomm#snapdragon-auto-snapdragon-compute-snapdragon-connectivity-snapdragon-consumer-i#cisa-kev#exploited-itw