Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in Qualcomm Chipsets



Published: 2020-07-10
Severity High
Patch available YES
Number of vulnerabilities 7
CVE ID CVE-2020-3700
CVE-2019-10580
CVE-2020-3701
CVE-2020-3688
CVE-2020-3671
CVE-2020-3698
CVE-2020-3699
CWE ID CWE-125
CWE-416
CWE-787
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
APQ8053
Hardware solutions / Firmware

QCA9980
Hardware solutions / Firmware

QCA9558
Hardware solutions / Firmware

QCA9531
Hardware solutions / Firmware

IPQ8074
Hardware solutions / Firmware

IPQ8064
Hardware solutions / Firmware

IPQ4019
Hardware solutions / Firmware

SXR2130
Hardware solutions / Firmware

SM8250
Hardware solutions / Firmware

SM8150
Hardware solutions / Firmware

SDX55
Hardware solutions / Firmware

SDM439
Hardware solutions / Firmware

SC8180X
Hardware solutions / Firmware

QCA6574AU
Hardware solutions / Firmware

MSM8996AU
Hardware solutions / Firmware

MSM8909W
Hardware solutions / Firmware

MDM9607
Hardware solutions / Firmware

APQ8096AU
Hardware solutions / Firmware

SDM429W
Hardware solutions / Firmware

Saipan
Hardware solutions / Firmware

QCS605
Hardware solutions / Firmware

QCS405
Hardware solutions / Firmware

QCM2150
Hardware solutions / Firmware

Nicobar
Hardware solutions / Firmware

APQ8009
Hardware solutions / Firmware

APQ8098
Hardware solutions / Firmware

APQ8017
Hardware solutions / Firmware

Kamorta
Hardware solutions / Firmware

MSM8953
Hardware solutions / Firmware

MSM8940
Hardware solutions / Firmware

MSM8937
Hardware solutions / Firmware

MSM8920
Hardware solutions / Firmware

MSM8917
Hardware solutions / Firmware

MSM8905
Hardware solutions / Firmware

MDM9207C
Hardware solutions / Firmware

MDM9206
Hardware solutions / Firmware

MSM8996
Hardware solutions / Firmware

MSM8998
Hardware solutions / Firmware

QM215
Hardware solutions / Firmware

SXR1130
Hardware solutions / Firmware

SDM710
Hardware solutions / Firmware

SDM670
Hardware solutions / Firmware

SDA660
Hardware solutions / Firmware

Rennell
Hardware solutions / Firmware

SM7150
Hardware solutions / Firmware

SM6150
Hardware solutions / Firmware

SDX20
Hardware solutions / Firmware

SDM845
Hardware solutions / Firmware

SDM660
Hardware solutions / Firmware

SDM636
Hardware solutions / Firmware

SDM632
Hardware solutions / Firmware

SDM630
Hardware solutions / Firmware

SDM450
Hardware solutions / Firmware

SDM429
Hardware solutions / Firmware

SDA845
Hardware solutions / Firmware

SA6155P
Hardware solutions / Firmware

QCN7605
Hardware solutions / Firmware

QCA9379
Hardware solutions / Firmware

QCA9377
Hardware solutions / Firmware

QCA6174A
Hardware solutions / Firmware

MDM9650
Hardware solutions / Firmware

MDM9150
Hardware solutions / Firmware

MDM9640
Hardware solutions / Firmware

Vendor Qualcomm

Security Advisory

1) Out-of-bounds read

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3700

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in WIN WLAN Host. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8053: -

QCA9980: -

QCA9558: -

QCA9531: -

IPQ8074: -

IPQ8064: -

IPQ4019: -

SXR2130: -

SM8250: -

SM8150: -

SDX55: -

SDM439: -

SC8180X: -

QCA6574AU: -

MSM8996AU: -

MSM8909W: -

MDM9607: -

APQ8096AU: -

CPE External links

https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin
https://source.codeaurora.org/quic/la/platform/external/wpa_supplicant_8/commit?id=c8d215c57c049ed7015ded342ebaaef21b438425

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

Severity: Low

CVSSv3: 7.3 [CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-10580

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in HLOS. A local attacker can gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MDM9607: -

SXR2130: -

SM8250: -

SM8150: -

SDX55: -

SDM429W: -

SC8180X: -

Saipan: -

QCS605: -

QCS405: -

QCM2150: -

Nicobar: -

MSM8909W: -

CPE External links

https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin
https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=a215c96a48843a731efc084d25c680c1cdb3bde2

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

Severity: High

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3701

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Camera Driver. A remote attacker can gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Saipan: -

SM8250: -

SXR2130: -

CPE External links

https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3688

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in Video while parsing mp4 clip with corrupted sample atoms. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8009: -

APQ8098: -

APQ8096AU: -

APQ8053: -

APQ8017: -

Kamorta: -

MSM8953: -, -

MSM8940: -, -

MSM8937: -, -

MSM8920: -, -

MSM8917: -, -

MSM8909W: -

MSM8905: -

MDM9607: -

MDM9207C: -

MDM9206: -

MSM8996: -, -

MSM8996AU: -, -

MSM8998: -

QM215: -

QCS605: -

QCS405: -

QCM2150: -

QCA6574AU: -

Nicobar: -

SXR1130: -

SDM710: -

SDM670: -

SDA660: -

Rennell: -

SM7150: -

SM6150: -

SXR2130: -

SM8250: -

SM8150: -

SDX20: -

SDM845: -

SDM660: -

SDM636: -

SDM632: -

SDM630: -

SDM450: -

SDM439: -

SDM429W: -

SDM429: -

SDA845: -

Saipan: -

SA6155P: -

CPE External links

https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

Severity: High

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3671

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Multimedia when generating a frame buffer in OpenGL ES. A remote attacker can gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8009: -

SXR2130: -

SM8250: -

SM8150: -

SDM845: -

Saipan: -

QCS405: -

QCM2150: -

Nicobar: -

CPE External links

https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

Severity: High

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3698

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in WLAN Host. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8009: -

SXR2130: -

SM8250: -

SM8150: -

SDX55: -

SDX20: -

SDM845: -

SDM660: -

SDM636: -

SDM632: -

SDM630: -

SDM450: -

SDM439: -

SDM429W: -

SDM429: -

SDA845: -

SC8180X: -

Saipan: -

SA6155P: -

QM215: -

QCS605: -

QCS405: -

QCN7605: -

QCM2150: -

QCA9379: -

QCA9377: -

QCA6574AU: -

QCA6174A: -

Nicobar: -

MSM8996AU: -

MSM8953: -

MSM8940: -

MSM8937: -

MSM8920: -

MSM8917: -

MSM8909W: -

MSM8905: -

MDM9650: -

MDM9607: -

MDM9207C: -

MDM9206: -

MDM9150: -

APQ8098: -

APQ8096AU: -

APQ8053: -

APQ8017: -

CPE External links

https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=df541cea94d83533ff8f34a9b8ae77964788b1c7

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

Severity: High

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-3699

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WLAN HOST. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8009: -, -

SM7150: -

SM6150: -

MDM9640: -

SXR2130: -

SM8250: -

SM8150: -

SDX55: -

SDX20: -

SDM845: -

SDM660: -

SDM636: -

SDM632: -

SDM630: -

SDM450: -

SDM439: -

SDM429W: -

SDM429: -

SDA845: -

SC8180X: -

Saipan: -

SA6155P: -

QM215: -

QCS605: -

QCS405: -

QCN7605: -

QCM2150: -

QCA9379: -

QCA9377: -

QCA6574AU: -

QCA6174A: -

Nicobar: -

MSM8996AU: -

MSM8953: -

MSM8940: -

MSM8937: -

MSM8920: -

MSM8917: -

MSM8909W: -

MSM8905: -

MDM9650: -

MDM9607: -

MDM9207C: -

MDM9206: -

APQ8096AU: -

APQ8053: -

APQ8017: -

CPE External links

https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin
https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=87baef651fcb908b334c0034e98adde90be848b0

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.