CVE-2020-3618

NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, QCA8081, SC8180X, SXR2130

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca8081:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:ipq6018:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-06-02 15:15

Updated : 2024-02-28 17:47

NVD link : CVE-2020-3618

Mitre link : CVE-2020-3618

CVE.ORG link : CVE-2020-3618

JSON object : View

Products Affected

qualcomm

sxr2130
qca8081_firmware
sxr2130_firmware
ipq6018_firmware
qca8081
ipq8074_firmware
ipq6018
ipq8074
sc8180x
sc8180x_firmware

CWE

CWE-416

Use After Free

{"id": "CVE-2020-3618", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-06-02T15:15:13.697", "references": [{"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin", "tags": ["Vendor Advisory"], "source": "product-security@qualcomm.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, QCA8081, SC8180X, SXR2130"}, {"lang": "es", "value": "Una excepci\u00f3n NULL debido al acceso a un puntero incorrecto mientras se publican eventos RT FIFO en los productos Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure y Networking en las versiones IPQ6018, IPQ8074, QCA8081, SC8180X, SXR2130"}], "lastModified": "2020-06-02T20:10:29.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D1C53DC-D2F3-4C92-9725-9A85340AF026"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qca8081:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ED0585FF-E390-46E8-8701-70964A4057BB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "30A45C1A-C921-42B5-9237-367245023B45"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "56C9D979-F214-4CD4-8CF9-43BC804BB179"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B04589FF-F299-4EF6-A57B-1AD145372DBB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:ipq6018:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FDC1ADAD-DA77-47EF-8DB9-C36961C560C2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2914BF98-E69C-4C8D-8B10-759642ADD7B4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2118C404-402F-463C-8160-3CC3B703DF30"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F9FA3B1-E4E4-4D9B-A99C-7BF958D4B993"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "95762B01-2762-45BD-8388-5DB77EA6139C"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product-security@qualcomm.com"}