CVE-2020-3629 — HIGH (7.8) — White Hats Nepal

Vulnerability Description

u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for the DSP attributes' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, Kamorta, Rennell, SC7180, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qualcomm	Bitra Firmware	-
Qualcomm	Bitra	-
Qualcomm	Kamorta Firmware	-
Qualcomm	Kamorta	-
Qualcomm	Rennell Firmware	-
Qualcomm	Rennell	-
Qualcomm	Sc7180 Firmware	-
Qualcomm	Sc7180	-
Qualcomm	Sdm845 Firmware	-
Qualcomm	Sdm845	-
Qualcomm	Sm6150 Firmware	-
Qualcomm	Sm6150	-
Qualcomm	Sm7150 Firmware	-
Qualcomm	Sm7150	-
Qualcomm	Sm8150 Firmware	-
Qualcomm	Sm8150	-
Qualcomm	Sm8250 Firmware	-
Qualcomm	Sm8250	-
Qualcomm	Sxr2130 Firmware	-
Qualcomm	Sxr2130	-

Related Weaknesses (CWE)

CWE-120

References

FAQ

What is CVE-2020-3629?

CVE-2020-3629 is a vulnerability with a CVSS score of 7.8 (HIGH). u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for the DSP attributes' in Snapdragon Auto, Snapdragon Compute, ...

How severe is CVE-2020-3629?

CVE-2020-3629 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3629?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Bitra Firmware, Qualcomm Bitra, Qualcomm Kamorta Firmware, Qualcomm Kamorta, Qualcomm Rennell Firmware.