CVE-2020-3611 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qualcomm	Apq8098 Firmware	-
Qualcomm	Apq8098	-
Qualcomm	Kamorta Firmware	-
Qualcomm	Kamorta	-
Qualcomm	Msm8998 Firmware	-
Qualcomm	Msm8998	-
Qualcomm	Qcs404 Firmware	-
Qualcomm	Qcs404	-
Qualcomm	Qcs605 Firmware	-
Qualcomm	Qcs605	-
Qualcomm	Sda660 Firmware	-
Qualcomm	Sda660	-
Qualcomm	Sda845 Firmware	-
Qualcomm	Sda845	-
Qualcomm	Sdm630 Firmware	-
Qualcomm	Sdm630	-
Qualcomm	Sdm636 Firmware	-
Qualcomm	Sdm636	-
Qualcomm	Sdm660 Firmware	-
Qualcomm	Sdm660	-

References

FAQ

What is CVE-2020-3611?

CVE-2020-3611 is a vulnerability with a CVSS score of 7.8 (HIGH). u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, S...

How severe is CVE-2020-3611?

CVE-2020-3611 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3611?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Apq8098 Firmware, Qualcomm Apq8098, Qualcomm Kamorta Firmware, Qualcomm Kamorta, Qualcomm Msm8998 Firmware.