Vulnerability Name:

CVE-2020-3618 (CCN-183101)

Assigned:2019-12-17
Published:2020-05-04
Updated:2020-06-02
Summary:NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, QCA8081, SC8180X, SXR2130
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-416
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-3618

Source: XF
Type: UNKNOWN
qualcomm-cve20203618-dos(183101)

Source: CONFIRM
Type: Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin

Source: CCN
Type: Qualcomm Web site
May 2020 Security Bulletin

Vulnerable Configuration:Configuration 1:
  • cpe:/o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:qca8081:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sc8180x:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:ipq6018:-:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:ipq8074:-:*:*:*:*:*:*:*

    • Configuration 5:
  • cpe:/o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:qualcomm:sxr2130:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:*
  • OR cpe:/h:qualcomm:snapdragon_compute:-:*:*:*:*:*:*:*
  • OR cpe:/o:qualcomm:snapdragon_wired_infrastructure_&_networking:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    qualcomm qca8081 firmware -
    qualcomm qca8081 -
    qualcomm sc8180x firmware -
    qualcomm sc8180x -
    qualcomm ipq6018 firmware -
    qualcomm ipq6018 -
    qualcomm ipq8074 firmware -
    qualcomm ipq8074 -
    qualcomm sxr2130 firmware -
    qualcomm sxr2130 -
    qualcomm snapdragon mobile -
    qualcomm snapdragon compute -
    qualcomm snapdragon wired infrastructure & networking -