Lucene search

[email protected]CVE-2020-3632

HistoryNov 12, 2020 - 10:15 a.m.

CVE-2020-3632

2020-11-1210:15:13

CWE-129

[email protected]

web.nvd.nist.gov

cve-2020-3632

incorrect validation

ring context

memory overflow

snapdragon

compute

mobile

qsm8350

sc7180

sdx55

sdx55m

sm6150

sm6250

sm6250p

sm7125

sm7150

sm7150p

sm7250

sm7250p

sm8150

sm8150p

sm8250

sm8350

sm8350p

sxr2130

sxr2130p

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

u’Incorrect validation of ring context fetched from host memory can lead to memory overflow’ in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

Affected configurations

NVD

Node

qualcommqsm8350_firmwareMatch-

AND

qualcommqsm8350Match-

Node

qualcommsc7180_firmwareMatch-

AND

qualcommsc7180Match-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsdx55m_firmwareMatch-

AND

qualcommsdx55mMatch-

Node

qualcommsm6150_firmwareMatch-

AND

qualcommsm6150Match-

Node

qualcommsm6250_firmwareMatch-

AND

qualcommsm6250Match-

Node

qualcommsm6250p_firmwareMatch-

AND

qualcommsm6250pMatch-

Node

qualcommsm7125_firmwareMatch-

AND

qualcommsm7125Match-

Node

qualcommsm7150_firmwareMatch-

AND

qualcommsm7150Match-

Node

qualcommsm7150p_firmwareMatch-

AND

qualcommsm7150pMatch-

Node

qualcommsm7250_firmwareMatch-

AND

qualcommsm7250Match-

Node

qualcommsm7250p_firmwareMatch-

AND

qualcommsm7250pMatch-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

Node

qualcommsm8150p_firmwareMatch-

AND

qualcommsm8150pMatch-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsm8350_firmwareMatch-

AND

qualcommsm8350Match-

Node

qualcommsm8350p_firmwareMatch-

AND

qualcommsm8350pMatch-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

Node

qualcommsxr2130p_firmwareMatch-

AND

qualcommsxr2130pMatch-

CPENameOperatorVersion
qualcomm:qsm8350_firmwarequalcomm qsm8350 firmwareeq-

CPE	Name	Operator	Version
qualcomm:qsm8350_firmware	qualcomm qsm8350 firmware	eq	-

CNA Affected

[
  {
    "product": "Snapdragon Compute, Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.6%

JSON

Related for CVE-2020-3632

cvelist1 nvd1 prion1