CVE-2020-3617
Severity Score
7.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130
Un problema de lectura excesiva del búfer en el framework Q6 testbus debido a que la longitud del paquete diag no es comprobada completamente antes de acceder al campo y conllevar a una divulgación de información en los productos Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile en versiones Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-17 CVE Reserved
- 2020-09-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-125: Out-of-bounds Read
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin | 2021-07-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qualcomm Search vendor "Qualcomm" | Kamorta Firmware Search vendor "Qualcomm" for product "Kamorta Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Kamorta Search vendor "Qualcomm" for product "Kamorta" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Nicobar Firmware Search vendor "Qualcomm" for product "Nicobar Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Nicobar Search vendor "Qualcomm" for product "Nicobar" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qcs605 Firmware Search vendor "Qualcomm" for product "Qcs605 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qcs605 Search vendor "Qualcomm" for product "Qcs605" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Qcs610 Firmware Search vendor "Qualcomm" for product "Qcs610 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Qcs610 Search vendor "Qualcomm" for product "Qcs610" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Rennell Firmware Search vendor "Qualcomm" for product "Rennell Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Rennell Search vendor "Qualcomm" for product "Rennell" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sc7180 Firmware Search vendor "Qualcomm" for product "Sc7180 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sc7180 Search vendor "Qualcomm" for product "Sc7180" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sda660 Firmware Search vendor "Qualcomm" for product "Sda660 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sda660 Search vendor "Qualcomm" for product "Sda660" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm630 Firmware Search vendor "Qualcomm" for product "Sdm630 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm630 Search vendor "Qualcomm" for product "Sdm630" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm636 Firmware Search vendor "Qualcomm" for product "Sdm636 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm636 Search vendor "Qualcomm" for product "Sdm636" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm660 Firmware Search vendor "Qualcomm" for product "Sdm660 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm660 Search vendor "Qualcomm" for product "Sdm660" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm670 Firmware Search vendor "Qualcomm" for product "Sdm670 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm670 Search vendor "Qualcomm" for product "Sdm670" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sdm710 Firmware Search vendor "Qualcomm" for product "Sdm710 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sdm710 Search vendor "Qualcomm" for product "Sdm710" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sm6150 Firmware Search vendor "Qualcomm" for product "Sm6150 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sm6150 Search vendor "Qualcomm" for product "Sm6150" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sm7150 Firmware Search vendor "Qualcomm" for product "Sm7150 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sm7150 Search vendor "Qualcomm" for product "Sm7150" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sm8150 Firmware Search vendor "Qualcomm" for product "Sm8150 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sm8150 Search vendor "Qualcomm" for product "Sm8150" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sxr1130 Firmware Search vendor "Qualcomm" for product "Sxr1130 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sxr1130 Search vendor "Qualcomm" for product "Sxr1130" | - | - |
Safe
|