Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3617

u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130

Published

2020-09-09T07:15:10.017

Last Modified

2024-11-21T05:31:24.937

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.1 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:N/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

9.2

Weaknesses

Type: Primary
CWE-20
CWE-125

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qualcomm	kamorta_firmware	-	Yes
Hardware	qualcomm	kamorta	-	No
Operating System	qualcomm	nicobar_firmware	-	Yes
Hardware	qualcomm	nicobar	-	No
Operating System	qualcomm	qcs605_firmware	-	Yes
Hardware	qualcomm	qcs605	-	No
Operating System	qualcomm	qcs610_firmware	-	Yes
Hardware	qualcomm	qcs610	-	No
Operating System	qualcomm	rennell_firmware	-	Yes
Hardware	qualcomm	rennell	-	No
Operating System	qualcomm	sc7180_firmware	-	Yes
Hardware	qualcomm	sc7180	-	No
Operating System	qualcomm	sda660_firmware	-	Yes
Hardware	qualcomm	sda660	-	No
Operating System	qualcomm	sdm630_firmware	-	Yes
Hardware	qualcomm	sdm630	-	No
Operating System	qualcomm	sdm636_firmware	-	Yes
Hardware	qualcomm	sdm636	-	No
Operating System	qualcomm	sdm660_firmware	-	Yes
Hardware	qualcomm	sdm660	-	No
Operating System	qualcomm	sdm670_firmware	-	Yes
Hardware	qualcomm	sdm670	-	No
Operating System	qualcomm	sdm710_firmware	-	Yes
Hardware	qualcomm	sdm710	-	No
Operating System	qualcomm	sm6150_firmware	-	Yes
Hardware	qualcomm	sm6150	-	No
Operating System	qualcomm	sm7150_firmware	-	Yes
Hardware	qualcomm	sm7150	-	No
Operating System	qualcomm	sm8150_firmware	-	Yes
Hardware	qualcomm	sm8150	-	No
Operating System	qualcomm	sxr1130_firmware	-	Yes
Hardware	qualcomm	sxr1130	-	No

References

https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin Vendor Advisory ([email protected])
https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)