Vulnerability Name: CVE-2020-3632 (CCN-191673) Assigned: 2019-12-17 Published: 2020-11-02 Updated: 2020-11-19 Summary: u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-129 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2020-3632 qualcomm-cve20203632-code-exec(191673) https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin November 2020 Security Bulletin Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:qsm8350_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qsm8350:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sc7180:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdx55:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdx55m:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm6150:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm6250:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm6250p:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sm7125_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm7125:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm7150:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:qualcomm:sm7150p_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm7150p:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:qualcomm:sm7250_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm7250:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm7250p:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm8150:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:qualcomm:sm8150p_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm8150p:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm8250:-:*:*:*:*:*:*:* Configuration 16 :cpe:/o:qualcomm:sm8350_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm8350:-:*:*:*:*:*:*:* Configuration 17 :cpe:/o:qualcomm:sm8350p_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm8350p:-:*:*:*:*:*:*:* Configuration 18 :cpe:/o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sxr2130:-:*:*:*:*:*:*:* Configuration 19 :cpe:/o:qualcomm:sxr2130p_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sxr2130p:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_compute:-:*:*:*:*:*:*:* BACK
qualcomm qsm8350 firmware -
qualcomm qsm8350 -
qualcomm sc7180 firmware -
qualcomm sc7180 -
qualcomm sdx55 firmware -
qualcomm sdx55 -
qualcomm sdx55m firmware -
qualcomm sdx55m -
qualcomm sm6150 firmware -
qualcomm sm6150 -
qualcomm sm6250 firmware -
qualcomm sm6250 -
qualcomm sm6250p firmware -
qualcomm sm6250p -
qualcomm sm7125 firmware -
qualcomm sm7125 -
qualcomm sm7150 firmware -
qualcomm sm7150 -
qualcomm sm7150p firmware -
qualcomm sm7150p -
qualcomm sm7250 firmware -
qualcomm sm7250 -
qualcomm sm7250p firmware -
qualcomm sm7250p -
qualcomm sm8150 firmware -
qualcomm sm8150 -
qualcomm sm8150p firmware -
qualcomm sm8150p -
qualcomm sm8250 firmware -
qualcomm sm8250 -
qualcomm sm8350 firmware -
qualcomm sm8350 -
qualcomm sm8350p firmware -
qualcomm sm8350p -
qualcomm sxr2130 firmware -
qualcomm sxr2130 -
qualcomm sxr2130p firmware -
qualcomm sxr2130p -
qualcomm snapdragon mobile -
qualcomm snapdragon compute -
Denotes that component is vulnerable