ID
VAR-202006-1571
CVE
CVE-2020-3665
TITLE
plural Snapdragon Product Index Validation Vulnerability
Trust: 0.8
DESCRIPTION
A possible buffer overflow would occur while processing command from firmware due to the group_id obtained from the firmware being out of range in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909W, MSM8996, MSM8996AU, QCA6174A, QCA9377, QCA9379, SDM439, SDM636, SDM660, SDX20, SDX24, SM8150. plural Snapdragon The product contains a vulnerability in array index validation.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state
Trust: 1.62
IOT TAXONOMY
| category: | ['other device', 'embedded device'] | sub_category: | SoC | Trust: 0.1 |
| category: | ['other device', 'embedded device'] | sub_category: | general | Trust: 0.1 |
AFFECTED PRODUCTS
| vendor: | qualcomm | model: | sm8150 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8053 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm636 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca9379 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8096au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8996au | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx24 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8009 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8996 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9615 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9607 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca9377 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9650 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9206 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm660 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | qca6174a | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdm439 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9640 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | msm8909w | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | mdm9207c | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | sdx20 | scope: | eq | version: | - | Trust: 1.0 |
| vendor: | qualcomm | model: | apq8009 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | apq8053 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | apq8096au | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9206 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9207c | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9607 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9615 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9640 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | mdm9650 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | qualcomm | model: | msm8909w | scope: | - | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-129 | Trust: 1.8 |
THREAT TYPE
local
Trust: 0.6
TYPE
input validation error
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | June 2020 Security Bulletin | url: | https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2020-3665 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2020-006957 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2020.1910 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202006-068 | Trust: 0.6 |
| db: | OTHER | id: | NONE | Trust: 0.1 |
REFERENCES
| url: | https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin | Trust: 1.6 |
| url: | https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin | Trust: 1.6 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2020-3665 | Trust: 1.4 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3665 | Trust: 0.8 |
| url: | https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-june-2020-32386 | Trust: 0.6 |
| url: | https://source.android.com/security/bulletin/2020-06-01 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2020.1910/ | Trust: 0.6 |
| url: | https://ieeexplore.ieee.org/abstract/document/10769424 | Trust: 0.1 |
SOURCES
| db: | OTHER | id: | - |
| db: | JVNDB | id: | JVNDB-2020-006957 |
| db: | CNNVD | id: | CNNVD-202006-068 |
| db: | NVD | id: | CVE-2020-3665 |
LAST UPDATE DATE
2025-01-30T21:41:58.981000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2020-006957 | date: | 2020-07-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-202006-068 | date: | 2020-06-30T00:00:00 |
| db: | NVD | id: | CVE-2020-3665 | date: | 2024-11-21T05:31:31.897 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2020-006957 | date: | 2020-07-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-202006-068 | date: | 2020-06-01T00:00:00 |
| db: | NVD | id: | CVE-2020-3665 | date: | 2020-06-22T07:15:12.413 |