Vulnerability Description
Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Ipq6018 Firmware | - |
| Qualcomm | Ipq6018 | - |
| Qualcomm | Ipq8074 Firmware | - |
| Qualcomm | Ipq8074 | - |
| Qualcomm | Kamorta Firmware | - |
| Qualcomm | Kamorta | - |
| Qualcomm | Nicobar Firmware | - |
| Qualcomm | Nicobar | - |
| Qualcomm | Qca6390 Firmware | - |
| Qualcomm | Qca6390 | - |
| Qualcomm | Qca8081 Firmware | - |
| Qualcomm | Qca8081 | - |
| Qualcomm | Qcs404 Firmware | - |
| Qualcomm | Qcs404 | - |
| Qualcomm | Qcs405 Firmware | - |
| Qualcomm | Qcs405 | - |
| Qualcomm | Rennell Firmware | - |
| Qualcomm | Rennell | - |
| Qualcomm | Sc7180 Firmware | - |
| Qualcomm | Sc7180 | - |
Related Weaknesses (CWE)
References
- https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletinVendor Advisory
- https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletinVendor Advisory
FAQ
What is CVE-2020-3645?
CVE-2020-3645 is a vulnerability with a CVSS score of 7.5 (HIGH). Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics...
How severe is CVE-2020-3645?
CVE-2020-3645 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3645?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Ipq6018 Firmware, Qualcomm Ipq6018, Qualcomm Ipq8074 Firmware, Qualcomm Ipq8074, Qualcomm Kamorta Firmware.