CVE-2020-3645

Published: Jun 2, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130

Affected (23)

Products: Qualcomm: Ipq6018 Firmware, Ipq8074 Firmware, Kamorta Firmware, Nicobar Firmware, Qca6390 Firmware, Qca8081 Firmware, Qcs404 Firmware, Qcs405 Firmware, Rennell Firmware, Sc7180 Firmware, Sc8180x Firmware, Sda845 Firmware, Sdm670 Firmware, Sdm710 Firmware, Sdm850 Firmware, Sm6150 Firmware, Sm7150 Firmware, Sm8150 Firmware, Sxr1130 Firmware, Sxr2130 Firmware, Qcn7605 Firmware, Qcs605 Firmware, Sdm845 Firmware

23 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq6018 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq6018	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq8074 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq8074	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Kamorta Firmware	All versions

Running on/with	Platform Versions
Qualcomm Kamorta	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Nicobar Firmware	All versions

Running on/with	Platform Versions
Qualcomm Nicobar	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6390 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6390	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca8081 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca8081	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs404 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs404	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs405 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs405	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Rennell Firmware	All versions

Running on/with	Platform Versions
Qualcomm Rennell	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sc7180 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sc7180	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sc8180x Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sc8180x	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sda845 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sda845	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm670 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm670	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm710 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm710	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm850 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm850	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm6150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm6150	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm7150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm7150	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8150	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sxr1130 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sxr1130	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sxr2130 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sxr2130	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcn7605 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcn7605	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs605 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs605	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm845 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm845	All versions

Related CWEs

CWE-617

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References (2)

https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin

Source: product-security@qualcomm.com

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.