CVE-2020-3652 — CRITICAL (9.1)

Vulnerability Description

Possible buffer over-read issue in windows x86 wlan driver function while processing beacon or request frame due to lack of check of length of variable received. in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qualcomm	Msm8998 Firmware	-
Qualcomm	Msm8998	-
Qualcomm	Qca6390 Firmware	-
Qualcomm	Qca6390	-
Qualcomm	Sc7180 Firmware	-
Qualcomm	Sc7180	-
Qualcomm	Sc8180X Firmware	-
Qualcomm	Sc8180X	-
Qualcomm	Sdm850 Firmware	-
Qualcomm	Sdm850	-

Related Weaknesses (CWE)

CWE-20 CWE-125

References

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletinVendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletinVendor Advisory

FAQ

What is CVE-2020-3652?

CVE-2020-3652 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Possible buffer over-read issue in windows x86 wlan driver function while processing beacon or request frame due to lack of check of length of variable received. in Snapdragon Compute, Snapdragon Conn...

How severe is CVE-2020-3652?

CVE-2020-3652 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-3652?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Msm8998 Firmware, Qualcomm Msm8998, Qualcomm Qca6390 Firmware, Qualcomm Qca6390, Qualcomm Sc7180 Firmware.