Lucene search

QualcommCVE-2020-3636

HistorySep 08, 2020 - 10:15 a.m.

CVE-2020-3636

2020-09-0810:15:15

qualcomm

web.nvd.nist.gov

cve-2020-3636

out of bound writes

usage_table

snapdragon auto

snapdragon compute

snapdragon consumer iot

snapdragon mobile

snapdragon wired infrastructure and networking

kamorta

qcs404

qcs610

rennell

sc7180

sdx55

sm6150

sm7150

sm8250

sxr2130

nvd

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

u’Out of bound writes happen when accessing usage_table header entry beyond the memory allocated for the header’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130

Affected configurations

Nvd

Node

qualcommkamorta_firmwareMatch-

AND

qualcommkamortaMatch-

Node

qualcommqcs404_firmwareMatch-

AND

qualcommqcs404Match-

Node

qualcommqcs610_firmwareMatch-

AND

qualcommqcs610Match-

Node

qualcommrennell_firmwareMatch-

AND

qualcommrennellMatch-

Node

qualcommsc7180_firmwareMatch-

AND

qualcommsc7180Match-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsm6150_firmwareMatch-

AND

qualcommsm6150Match-

Node

qualcommsm7150_firmwareMatch-

AND

qualcommsm7150Match-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

VendorProductVersionCPE
qualcommkamorta_firmware-cpe:2.3:o:qualcomm:kamorta_firmware:-:*:*:*:*:*:*:*
qualcommkamorta-cpe:2.3:h:qualcomm:kamorta:-:*:*:*:*:*:*:*
qualcommqcs404_firmware-cpe:2.3:o:qualcomm:qcs404_firmware:-:*:*:*:*:*:*:*
qualcommqcs404-cpe:2.3:h:qualcomm:qcs404:-:*:*:*:*:*:*:*
qualcommqcs610_firmware-cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*
qualcommqcs610-cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*
qualcommrennell_firmware-cpe:2.3:o:qualcomm:rennell_firmware:-:*:*:*:*:*:*:*
qualcommrennell-cpe:2.3:h:qualcomm:rennell:-:*:*:*:*:*:*:*
qualcommsc7180_firmware-cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*
qualcommsc7180-cpe:2.3:h:qualcomm:sc7180:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	kamorta_firmware	-	cpe:2.3:o:qualcomm:kamorta_firmware:-:::::::*
qualcomm	kamorta	-	cpe:2.3:h:qualcomm:kamorta:-:::::::*
qualcomm	qcs404_firmware	-	cpe:2.3:o:qualcomm:qcs404_firmware:-:::::::*
qualcomm	qcs404	-	cpe:2.3:h:qualcomm:qcs404:-:::::::*
qualcomm	qcs610_firmware	-	cpe:2.3:o:qualcomm:qcs610_firmware:-:::::::*
qualcomm	qcs610	-	cpe:2.3:h:qualcomm:qcs610:-:::::::*
qualcomm	rennell_firmware	-	cpe:2.3:o:qualcomm:rennell_firmware:-:::::::*
qualcomm	rennell	-	cpe:2.3:h:qualcomm:rennell:-:::::::*
qualcomm	sc7180_firmware	-	cpe:2.3:o:qualcomm:sc7180_firmware:-:::::::*
qualcomm	sc7180	-	cpe:2.3:h:qualcomm:sc7180:-:::::::*

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Kamorta, QCS404, QCS610, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2020-3636