Memory Corruption Vulnerability in Qualcomm Snapdragon Devices
CVE-2020-3622
Key Information:
- Vendor
- Qualcomm
- Vendor
- CVE Published:
- 8 September 2020
Summary
The vulnerability involves a flaw in Qualcomm Snapdragon products where a channel name string read from shared memory may not be properly validated for NULL termination. This oversight can lead to memory corruption, potentially allowing attackers to exploit the flaw to manipulate memory and execute arbitrary code. Affected devices span various Snapdragon categories including mobile, consumer electronics, and IoT, highlighting the importance of applying security updates to mitigate risks associated with this vulnerability.
Affected Version(s)
Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved