CVE-2020-3632

Published: Nov 12, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P

Affected (19)

Products: Qualcomm: Qsm8350 Firmware, Sc7180 Firmware, Sdx55 Firmware, Sdx55m Firmware, Sm6150 Firmware, Sm6250 Firmware, Sm6250p Firmware, Sm7125 Firmware, Sm7150 Firmware, Sm7150p Firmware, Sm7250 Firmware, Sm7250p Firmware, Sm8150 Firmware, Sm8150p Firmware, Sm8250 Firmware, Sm8350 Firmware, Sm8350p Firmware, Sxr2130 Firmware, Sxr2130p Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qsm8350 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qsm8350	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sc7180 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sc7180	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx55 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx55	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx55m Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx55m	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm6150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm6150	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm6250 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm6250	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm6250p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm6250p	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7125 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7125	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7150	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7150p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7150p	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7250 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7250	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7250p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7250p	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8150	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8150p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8150p	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8250 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8250	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8350 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8350	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8350p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8350p	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sxr2130 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sxr2130	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sxr2130p Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sxr2130p	All versions

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (2)

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Source: product-security@qualcomm.com

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.