Skip to main content

Apq8009 CVE-2020-3622

HIGH
Out-of-bounds Write (CWE-787)
2020-09-08 product-security@qualcomm.com
Buffer Overflow Qualcomm Memory Corruption Apq8009 Apq8017 Apq8053 Apq8096Au Apq8098 Bitra Ipq6018 Ipq8074 Kamorta Mdm9150 Mdm9205 Mdm9206 Mdm9607 Mdm9640 Mdm9645 Mdm9650 Mdm9655 Msm8905 Msm8909 Msm8917 Msm8920 Msm8937 Msm8940 Msm8953 Msm8996 Msm8996Au Msm8998 Nicobar Qca8081 Qcm2150 Qcn7605 Qcs404 Qcs405 Qcs605 Qcs610 Qm215 Rennell Sa415M Sa6155P Saipan Sc7180 Sc8180X Sda660 Sda845 Sdm429 Sdm429W Sdm439 Sdm450 Sdm630 Sdm632 Sdm636 Sdm660 Sdm670 Sdm710 Sdm845 Sdm850 Sdx20 Sdx24 Sdx55 Sm6150 Sm7150 Sm8150 Sm8250 Sxr1130 Sxr2130 Apq8009 Firmware Apq8017 Firmware Apq8053 Firmware Apq8096Au Firmware Apq8098 Firmware Bitra Firmware Ipq6018 Firmware Ipq8074 Firmware Kamorta Firmware Mdm9150 Firmware Mdm9205 Firmware Mdm9206 Firmware Mdm9607 Firmware Mdm9640 Firmware Mdm9645 Firmware Mdm9650 Firmware Mdm9655 Firmware Msm8905 Firmware Msm8909 Firmware Msm8917 Firmware Msm8920 Firmware Msm8937 Firmware Msm8940 Firmware Msm8953 Firmware Msm8996 Firmware Msm8996au Firmware Msm8998 Firmware Nicobar Firmware Qca8081 Firmware Qcm2150 Firmware Qcn7605 Firmware Qcs404 Firmware Qcs405 Firmware Qcs605 Firmware Qcs610 Firmware Qm215 Firmware Rennell Firmware Sa415M Firmware Sa6155p Firmware Saipan Firmware Sc7180 Firmware Sc8180X Firmware Sda660 Firmware Sda845 Firmware Sdm429 Firmware Sdm429w Firmware Sdm439 Firmware Sdm450 Firmware Sdm630 Firmware Sdm632 Firmware Sdm636 Firmware Sdm660 Firmware Sdm670 Firmware Sdm710 Firmware Sdm845 Firmware Sdm850 Firmware Sdx20 Firmware Sdx24 Firmware Sdx55 Firmware Sm6150 Firmware Sm7150 Firmware Sm8150 Firmware Sm8250 Firmware Sxr1130 Firmware Sxr2130 Firmware
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 08, 2020 - 10:15 nvd
HIGH 7.8

DescriptionNVD

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

AnalysisAI

u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA8081, QCM2150, QCN7605, QCS404, QCS405, QCS605, QCS610, QM215, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 Affected products include: Qualcomm Apq8009, Qualcomm Apq8017, Qualcomm Apq8053, Qualcomm Apq8096Au, Qualcomm Apq8098.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

Share

CVE-2020-3622 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy