Vulnerability Name: CVE-2020-3671 (CCN-186123) Assigned: 2019-12-17 Published: 2020-07-07 Updated: 2020-07-30 Summary: Use-after-free issue could occur due to dangling pointer when generating a frame buffer in OpenGL ES in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, Nicobar, QCM2150, QCS405, Saipan, SDM845, SM8150, SM8250, SXR2130 CVSS v3 Severity: 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-416 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2020-3671 qualcomm-cve20203671-code-exec(186123) https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin Qualcomm https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:apq8009:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:nicobar:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:qcm2150_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qcm2150:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:qcs405:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:saipan_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:saipan:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:sdm845_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sdm845:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm8150:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sm8250:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sxr2130:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/h:qualcomm:snapdragon_mobile:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_compute:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_consumer_internet_of_things:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_industrial_internet_of_things:-:*:*:*:*:*:*:* OR cpe:/h:qualcomm:snapdragon_voice_&_music:-:*:*:*:*:*:*:* BACK
qualcomm apq8009 firmware -
qualcomm apq8009 -
qualcomm nicobar firmware -
qualcomm nicobar -
qualcomm qcm2150 firmware -
qualcomm qcm2150 -
qualcomm qcs405 firmware -
qualcomm qcs405 -
qualcomm saipan firmware -
qualcomm saipan -
qualcomm sdm845 firmware -
qualcomm sdm845 -
qualcomm sm8150 firmware -
qualcomm sm8150 -
qualcomm sm8250 firmware -
qualcomm sm8250 -
qualcomm sxr2130 firmware -
qualcomm sxr2130 -
qualcomm snapdragon mobile -
qualcomm snapdragon compute -
qualcomm snapdragon consumer internet of things -
qualcomm snapdragon industrial internet of things -
qualcomm snapdragon voice & music -
Denotes that component is vulnerable