CVE-2020-3700

30.07.2020, 12:15

Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with no additional execution privileges needed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCA9531, QCA9558, QCA9980, SC8180X, SDM439, SDX55, SM8150, SM8250, SXR2130

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
qualcomm	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 62%

Vendor	Product	Version
qualcomm	apq8053_firmware	-
qualcomm	apq8096au_firmware	-
qualcomm	ipq4019_firmware	-
qualcomm	ipq8064_firmware	-
qualcomm	ipq8074_firmware	-
qualcomm	mdm9607_firmware	-
qualcomm	msm8909w_firmware	-
qualcomm	msm8996au_firmware	-
qualcomm	qca6574au_firmware	-
qualcomm	qca9531_firmware	-
qualcomm	qca9558_firmware	-
qualcomm	qca9980_firmware	-
qualcomm	sc8180x_firmware	-
qualcomm	sdm439_firmware	-
qualcomm	sdx55_firmware	-
qualcomm	sm8150_firmware	-
qualcomm	sm8250_firmware	-
qualcomm	sxr2130_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin

https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin

https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin