CVE-2020-3653 — CRITICAL (9.1)

Vulnerability Description

Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Qualcomm	Msm8998 Firmware	-
Qualcomm	Msm8998	-
Qualcomm	Qca6390 Firmware	-
Qualcomm	Qca6390	-
Qualcomm	Sc7180 Firmware	-
Qualcomm	Sc7180	-
Qualcomm	Sc8180X Firmware	-
Qualcomm	Sc8180X	-
Qualcomm	Sdm850 Firmware	-
Qualcomm	Sdm850	-

Related Weaknesses (CWE)

CWE-20 CWE-125

References

https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletinVendor Advisory
https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletinVendor Advisory

FAQ

What is CVE-2020-3653?

CVE-2020-3653 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180,...

How severe is CVE-2020-3653?

CVE-2020-3653 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-3653?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Msm8998 Firmware, Qualcomm Msm8998, Qualcomm Qca6390 Firmware, Qualcomm Qca6390, Qualcomm Sc7180 Firmware.