CVE-2020-3617

u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130

CVSS v3 7.1 HIGH
CVSS v2.0 6.6 MEDIUM

7.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:C

Exploitability : 3.9 / Impact : 9.2

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin	Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:kamorta_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:kamorta:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:nicobar:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qcs610:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:rennell_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:rennell:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sc7180:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:qualcomm:sdm670_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm670:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm710:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:qualcomm:sxr1130_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sxr1130:-:*:*:*:*:*:*:*

History

21 Nov 2024, 05:31

Type	Values Removed	Values Added
References	~~() https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin - Vendor Advisory~~	() https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin - Vendor Advisory

Information

Published : 2020-09-09 07:15

Updated : 2024-11-21 05:31

NVD link : CVE-2020-3617

Mitre link : CVE-2020-3617

CVE.ORG link : CVE-2020-3617

JSON object : View

Products Affected

qualcomm

sdm660
sm7150
nicobar_firmware
sdm670
sc7180
rennell_firmware
sda660
sdm710
sdm636
kamorta
sda660_firmware
qcs605
sxr1130_firmware
qcs610
sdm636_firmware
sm7150_firmware
sm6150_firmware
sxr1130
kamorta_firmware
sdm710_firmware
nicobar
sdm670_firmware
sdm630
qcs610_firmware
sm8150
sc7180_firmware
sdm660_firmware
sm6150
qcs605_firmware
rennell
sdm630_firmware
sm8150_firmware

CWE

CWE-20

Improper Input Validation

CWE-125

Out-of-bounds Read

7.1 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.6 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2020-3617

7.1^/10

6.6^/10

Attach tags to `CVE-2020-3617`