| Vulnerability Name: | CVE-2020-3646 (CCN-187954) |
| Assigned: | 2019-12-17 |
| Published: | 2020-08-05 |
| Updated: | 2020-09-14 |
| Summary: | u'Buffer overflow seen as the destination buffer size is lesser than the source buffer size in video application' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, MSM8909W, QCM2150, QCS405, QCS605, Saipan, SC8180X, SDA845, SDM429W, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
|
| CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): High
Availibility (A): High |
|
| CVSS v2 Severity: | 4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
|
| Vulnerability Type: | CWE-120
|
| Vulnerability Consequences: | Gain Access |
| References: | Source: MITRE
Type: CNA
CVE-2020-3646
Source: XF
Type: UNKNOWN
qualcomm-cve20203646-bo(187954)
Source: CONFIRM
Type: Broken Link
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
Source: CCN
Type: Qualcomm Web site
August 2020 Security Bulletin
Source: MISC
Type: Patch, Vendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
|
| Vulnerable Configuration: | Configuration 1:
cpe:/o:qualcomm:bitra_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:bitra:-:*:*:*:*:*:*:*
Configuration 2:
cpe:/o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:msm8909w:-:*:*:*:*:*:*:*
Configuration 3:
cpe:/o:qualcomm:qcm2150_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:qcm2150:-:*:*:*:*:*:*:*
Configuration 4:
cpe:/o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:qcs405:-:*:*:*:*:*:*:*
Configuration 5:
cpe:/o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:qcs605:-:*:*:*:*:*:*:*
Configuration 6:
cpe:/o:qualcomm:saipan_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:saipan:-:*:*:*:*:*:*:*
Configuration 7:
cpe:/o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sc8180x:-:*:*:*:*:*:*:*
Configuration 8:
cpe:/o:qualcomm:sda845_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sda845:-:*:*:*:*:*:*:*
Configuration 9:
cpe:/o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdm429w:-:*:*:*:*:*:*:*
Configuration 10:
cpe:/o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdx24:-:*:*:*:*:*:*:*
Configuration 11:
cpe:/o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdx55:-:*:*:*:*:*:*:*
Configuration 12:
cpe:/o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sm6150:-:*:*:*:*:*:*:*
Configuration 13:
cpe:/o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sm7150:-:*:*:*:*:*:*:*
Configuration 14:
cpe:/o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sm8150:-:*:*:*:*:*:*:*
Configuration 15:
cpe:/o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sm8250:-:*:*:*:*:*:*:*
Configuration 16:
cpe:/o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sxr2130:-:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_compute:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_industrial_internet_of_things:-:*:*:*:*:*:*:*OR cpe:/h:qualcomm:snapdragon_voice_&_music:-:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| BACK |
qualcomm bitra firmware -
qualcomm bitra -
qualcomm msm8909w firmware -
qualcomm msm8909w -
qualcomm qcm2150 firmware -
qualcomm qcm2150 -
qualcomm qcs405 firmware -
qualcomm qcs405 -
qualcomm qcs605 firmware -
qualcomm qcs605 -
qualcomm saipan firmware -
qualcomm saipan -
qualcomm sc8180x firmware -
qualcomm sc8180x -
qualcomm sda845 firmware -
qualcomm sda845 -
qualcomm sdm429w firmware -
qualcomm sdm429w -
qualcomm sdx24 firmware -
qualcomm sdx24 -
qualcomm sdx55 firmware -
qualcomm sdx55 -
qualcomm sm6150 firmware -
qualcomm sm6150 -
qualcomm sm7150 firmware -
qualcomm sm7150 -
qualcomm sm8150 firmware -
qualcomm sm8150 -
qualcomm sm8250 firmware -
qualcomm sm8250 -
qualcomm sxr2130 firmware -
qualcomm sxr2130 -
qualcomm snapdragon mobile -
qualcomm snapdragon compute -
qualcomm snapdragon industrial internet of things -
qualcomm snapdragon voice & music -