CVE-2020-3702

Ubuntu Security Notice USN-5116-1

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

u'Specifically timed and handcrafted traffic can cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150

Un tráfico específicamente sincronizado y diseñado puede causar errores internos en un dispositivo WLAN que conllevan a un cifrado inapropiado del Wi-Fi de capa 2 con la consiguiente posibilidad de divulgación de información sobre el aire para un conjunto discreto de tráfico en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking versiones APQ8053, IPQ4019, IPQ8064, MSM8909W, MSM8996AU, QCA9531, QCN5502, QCS405, SDX20, SM6150, SM7150

It was discovered that a race condition existed in the Atheros Ath9k WiFi driver in the Linux kernel. An attacker could possibly use this to expose sensitive information. Alois Wohlschlager discovered that the overlay file system in the Linux kernel did not restrict private clones in some situations. An attacker could use this to expose sensitive information. It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly compute the access permissions for shadow pages in some situations. A local attacker could use this to cause a denial of service. Various other issues were also addressed.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-12-17 CVE Reserved
2020-09-08 CVE Published
2024-08-04 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-319: Cleartext Transmission of Sensitive Information

CAPEC

References (5)

URL	Tag	Source
https://lists.debian.org/debian-lts-announce/2021/10/msg00010.html	Mailing List
https://lists.debian.org/debian-lts-announce/2021/12/msg00012.html	Mailing List
https://www.arista.com/en/support/advisories-notices/security-advisories/11998-security-advisory-58	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.debian.org/security/2021/dsa-4978	2022-01-06
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin	2022-01-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Qualcomm Search vendor "Qualcomm"	Apq8053 Firmware Search vendor "Qualcomm" for product "Apq8053 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Apq8053 Search vendor "Qualcomm" for product "Apq8053"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Ipq4019 Firmware Search vendor "Qualcomm" for product "Ipq4019 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Ipq4019 Search vendor "Qualcomm" for product "Ipq4019"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Ipq8064 Firmware Search vendor "Qualcomm" for product "Ipq8064 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Ipq8064 Search vendor "Qualcomm" for product "Ipq8064"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Msm8909w Firmware Search vendor "Qualcomm" for product "Msm8909w Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8909w Search vendor "Qualcomm" for product "Msm8909w"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Msm8996au Firmware Search vendor "Qualcomm" for product "Msm8996au Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8996au Search vendor "Qualcomm" for product "Msm8996au"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qca9531 Firmware Search vendor "Qualcomm" for product "Qca9531 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qca9531 Search vendor "Qualcomm" for product "Qca9531"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qcn5502 Firmware Search vendor "Qualcomm" for product "Qcn5502 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qcn5502 Search vendor "Qualcomm" for product "Qcn5502"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Qcs405 Firmware Search vendor "Qualcomm" for product "Qcs405 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Qcs405 Search vendor "Qualcomm" for product "Qcs405"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sdx20 Firmware Search vendor "Qualcomm" for product "Sdx20 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sdx20 Search vendor "Qualcomm" for product "Sdx20"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sm6150 Firmware Search vendor "Qualcomm" for product "Sm6150 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sm6150 Search vendor "Qualcomm" for product "Sm6150"	-	-	Safe
Qualcomm Search vendor "Qualcomm"	Sm7150 Firmware Search vendor "Qualcomm" for product "Sm7150 Firmware"	-	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Sm7150 Search vendor "Qualcomm" for product "Sm7150"	-	-	Safe
Arista Search vendor "Arista"	Access Point Search vendor "Arista" for product "Access Point"	<= 8.8.3-12 Search vendor "Arista" for product "Access Point" and version " <= 8.8.3-12"	-	Affected	in	Arista Search vendor "Arista"	Av2 Search vendor "Arista" for product "Av2"	-	-	Safe
Arista Search vendor "Arista"	Access Point Search vendor "Arista" for product "Access Point"	<= 8.8.3-12 Search vendor "Arista" for product "Access Point" and version " <= 8.8.3-12"	-	Affected	in	Arista Search vendor "Arista"	C-75 Search vendor "Arista" for product "C-75"	-	-	Safe
Arista Search vendor "Arista"	Access Point Search vendor "Arista" for product "Access Point"	<= 8.8.3-12 Search vendor "Arista" for product "Access Point" and version " <= 8.8.3-12"	-	Affected	in	Arista Search vendor "Arista"	C75-e Search vendor "Arista" for product "C75-e"	-	-	Safe
Arista Search vendor "Arista"	Access Point Search vendor "Arista" for product "Access Point"	<= 8.8.3-12 Search vendor "Arista" for product "Access Point" and version " <= 8.8.3-12"	-	Affected	in	Arista Search vendor "Arista"	O-90 Search vendor "Arista" for product "O-90"	-	-	Safe
Arista Search vendor "Arista"	Access Point Search vendor "Arista" for product "Access Point"	<= 8.8.3-12 Search vendor "Arista" for product "Access Point" and version " <= 8.8.3-12"	-	Affected	in	Arista Search vendor "Arista"	O90e Search vendor "Arista" for product "O90e"	-	-	Safe
Arista Search vendor "Arista"	Access Point Search vendor "Arista" for product "Access Point"	<= 8.8.3-12 Search vendor "Arista" for product "Access Point" and version " <= 8.8.3-12"	-	Affected	in	Arista Search vendor "Arista"	W-68 Search vendor "Arista" for product "W-68"	-	-	Safe
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected