← Back

CVE-2020-3653

nvd nist
Published: Apr 16, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Exploitability: 3.9 / Impact: 5.2
Source: NVD

Description

Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850

Affected (5)

Qualcomm
5 products
Msm8998 Firmware
Qca6390 Firmware
Sc7180 Firmware
Sc8180x Firmware
Sdm850 Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Msm8998 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Msm8998
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Qca6390 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Qca6390
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sc7180 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sc7180
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sc8180x Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sc8180x
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sdm850 Firmware
All versions
Running on/withPlatform Versions
Qualcomm
Sdm850
All versions

Related CWEs

CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

Source: product-security@qualcomm.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.