CVE-2020-3679

EUVD-2020-24950
u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including code segments' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, Nicobar, QCS404, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
Affected Products (NVD)
VendorProductVersion
qualcommbitra_firmware
-
qualcommkamorta_firmware
-
qualcommnicobar_firmware
-
qualcommqcs404_firmware
-
qualcommqcs610_firmware
-
qualcommrennell_firmware
-
qualcommsa6155p_firmware
-
qualcommsa8155p_firmware
-
qualcommsaipan_firmware
-
qualcommsc7180_firmware
-
qualcommsc8180x_firmware
-
qualcommsdx55_firmware
-
qualcommsm6150_firmware
-
qualcommsm7150_firmware
-
qualcommsm8150_firmware
-
qualcommsm8250_firmware
-
qualcommsxr2130_firmware
-
𝑥
= Vulnerable software versions
References
https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin
https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin