Skip to main content

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 02, 2020 - 07:15 nvd
CRITICAL 9.8

DescriptionNVD

u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

AnalysisAI

u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-129. u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6390, QCA6574AU, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 Affected products include: Qualcomm Agatti Firmware, Qualcomm Apq8053 Firmware, Qualcomm Apq8096Au Firmware, Qualcomm Apq8098 Firmware, Qualcomm Bitra Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-3692 CRITICAL
9.8 Nov 02

u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input valid

CVE-2020-3673 CRITICAL
9.8 Nov 02

u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check

CVE-2020-3670 CRITICAL
9.1 Nov 02

u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Informati

CVE-2020-3690 HIGH
7.8 Nov 02

u'Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor' in Snapdrag

CVE-2020-3684 HIGH
7.8 Nov 02

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader

CVE-2020-3678 HIGH
7.8 Nov 02

u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in

CVE-2020-3638 HIGH
7.8 Nov 02

u'An Unaligned address or size can propagate to the database due to improper page permissions and can lead to improper a

CVE-2020-11174 HIGH
7.8 Nov 02

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdra

CVE-2020-11164 HIGH
7.8 Nov 02

u'Third-party app may also call the broadcasts in Perfdump and cause privilege escalation issue due to improper access c

CVE-2020-11162 HIGH
7.8 Nov 02

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI devic

CVE-2020-11125 HIGH
7.8 Nov 02

u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devic

CVE-2020-3704 HIGH
7.5 Nov 02

u'While processing invalid connection request PDU which is nonstandard (interval or timeout is 0) from central device ma

Share

CVE-2020-3654 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy