CVE-2020-3696

Published: Nov 2, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8996AU, QCA4531, QCA6574AU, QCA9531, QCM2150, QCS605, SDM429W, SDX20, SDX24

Affected (23)

Products: Qualcomm: Apq8009 Firmware, Apq8017 Firmware, Apq8053 Firmware, Apq8096au Firmware, Apq8098 Firmware, Ipq4019 Firmware, Ipq6018 Firmware, Ipq8064 Firmware, Ipq8074 Firmware, Mdm9206 Firmware, Mdm9207c Firmware, Mdm9607 Firmware, Msm8905 Firmware, Msm8909w Firmware, Msm8996au Firmware, Qca4531 Firmware, Qca6574au Firmware, Qca9531 Firmware, Qcm2150 Firmware, Qcs605 Firmware, Sdm429w Firmware, Sdx20 Firmware, Sdx24 Firmware

23 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8009 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8009	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8017 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8017	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8053 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8053	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8096au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8096au	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Apq8098 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Apq8098	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq4019 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq4019	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq6018 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq6018	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq8064 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq8064	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Ipq8074 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Ipq8074	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9206 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9206	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9207c Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9207c	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Mdm9607 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Mdm9607	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8905 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8905	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8909w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8909w	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Msm8996au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Msm8996au	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca4531 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca4531	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca6574au Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca6574au	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qca9531 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qca9531	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcm2150 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcm2150	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Qcs605 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Qcs605	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdm429w Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdm429w	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx20 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx20	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sdx24 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sdx24	All versions

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (3)

https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Source: product-security@qualcomm.com

Broken Link

https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

Source: nvd@nist.gov

PatchVendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.