CVE-2020-3701

Published: Jul 30, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Use after free issue while processing error notification from camx driver due to not properly releasing the sequence data in Snapdragon Mobile in Saipan, SM8250, SXR2130

Affected (3)

Products: Qualcomm: Saipan Firmware, Sm8250 Firmware, Sxr2130 Firmware

3 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Saipan Firmware	All versions

Running on/with	Platform Versions
Qualcomm Saipan	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sm8250 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sm8250	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Qualcomm Sxr2130 Firmware	All versions

Running on/with	Platform Versions
Qualcomm Sxr2130	All versions

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (3)

https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin

Source: product-security@qualcomm.com

Broken Link

https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin

Source: nvd@nist.gov

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.