Multiple vulnerabilities in Qualcomm Chipsets



Published: 2020-07-10
Risk High
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2020-3700
CVE-2019-10580
CVE-2020-3701
CVE-2020-3688
CVE-2020-3671
CVE-2020-3698
CVE-2020-3699
CWE-ID CWE-125
CWE-416
CWE-787
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe 		APQ8053
Hardware solutions / Firmware

QCA9980
Hardware solutions / Firmware

QCA9558
Hardware solutions / Firmware

QCA9531
Hardware solutions / Firmware

IPQ8074
Hardware solutions / Firmware

IPQ8064
Hardware solutions / Firmware

IPQ4019
Hardware solutions / Firmware

SXR2130
Hardware solutions / Firmware

SM8250
Hardware solutions / Firmware

SM8150
Hardware solutions / Firmware

SDX55
Hardware solutions / Firmware

SDM439
Hardware solutions / Firmware

SC8180X
Hardware solutions / Firmware

QCA6574AU
Hardware solutions / Firmware

MSM8996AU
Hardware solutions / Firmware

MSM8909W
Hardware solutions / Firmware

MDM9607
Hardware solutions / Firmware

APQ8096AU
Hardware solutions / Firmware

SDM429W
Hardware solutions / Firmware

Saipan
Hardware solutions / Firmware

QCS605
Hardware solutions / Firmware

QCS405
Hardware solutions / Firmware

QCM2150
Hardware solutions / Firmware

Nicobar
Hardware solutions / Firmware

APQ8009
Hardware solutions / Firmware

APQ8098
Hardware solutions / Firmware

APQ8017
Hardware solutions / Firmware

Kamorta
Hardware solutions / Firmware

MSM8953
Hardware solutions / Firmware

MSM8940
Hardware solutions / Firmware

MSM8937
Hardware solutions / Firmware

MSM8920
Hardware solutions / Firmware

MSM8917
Hardware solutions / Firmware

MSM8905
Hardware solutions / Firmware

MDM9207C
Hardware solutions / Firmware

MDM9206
Hardware solutions / Firmware

MSM8996
Hardware solutions / Firmware

MSM8998
Hardware solutions / Firmware

QM215
Hardware solutions / Firmware

SXR1130
Hardware solutions / Firmware

SDM710
Hardware solutions / Firmware

SDM670
Hardware solutions / Firmware

SDA660
Hardware solutions / Firmware

Rennell
Hardware solutions / Firmware

SM7150
Hardware solutions / Firmware

SM6150
Hardware solutions / Firmware

SDX20
Hardware solutions / Firmware

SDM845
Hardware solutions / Firmware

SDM660
Hardware solutions / Firmware

SDM636
Hardware solutions / Firmware

SDM632
Hardware solutions / Firmware

SDM630
Hardware solutions / Firmware

SDM450
Hardware solutions / Firmware

SDM429
Hardware solutions / Firmware

SDA845
Hardware solutions / Firmware

SA6155P
Hardware solutions / Firmware

QCN7605
Hardware solutions / Firmware

QCA9379
Hardware solutions / Firmware

QCA9377
Hardware solutions / Firmware

QCA6174A
Hardware solutions / Firmware

MDM9650
Hardware solutions / Firmware

MDM9150
Hardware solutions / Firmware

MDM9640
Hardware solutions / Firmware

Vendor Qualcomm

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU29647

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3700

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in WIN WLAN Host. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8053: All versions

QCA9980: All versions

QCA9558: All versions

QCA9531: All versions

IPQ8074: All versions

IPQ8064: All versions

IPQ4019: All versions

SXR2130: All versions

SM8250: All versions

SM8150: All versions

SDX55: All versions

SDM439: All versions

SC8180X: All versions

QCA6574AU: All versions

MSM8996AU: All versions

MSM8909W: All versions

MDM9607: All versions

APQ8096AU: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin
http://source.codeaurora.org/quic/la/platform/external/wpa_supplicant_8/commit?id=c8d215c57c049ed7015ded342ebaaef21b438425


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Use-after-free

EUVDB-ID: #VU29648

Risk: Low

CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-10580

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in HLOS. A local attacker can gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MDM9607: All versions

SXR2130: All versions

SM8250: All versions

SM8150: All versions

SDX55: All versions

SDM429W: All versions

SC8180X: All versions

Saipan: All versions

QCS605: All versions

QCS405: All versions

QCM2150: All versions

Nicobar: All versions

MSM8909W: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin
http://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=a215c96a48843a731efc084d25c680c1cdb3bde2


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use-after-free

EUVDB-ID: #VU29650

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3701

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Camera Driver. A remote attacker can gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Saipan: All versions

SM8250: All versions

SXR2130: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU29651

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3688

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in Video while parsing mp4 clip with corrupted sample atoms. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8098: All versions

APQ8096AU: All versions

APQ8053: All versions

APQ8017: All versions

Kamorta: All versions

MSM8953: All versions

MSM8940: All versions

MSM8937: All versions

MSM8920: All versions

MSM8917: All versions

MSM8909W: All versions

MSM8905: All versions

MDM9607: All versions

MDM9207C: All versions

MDM9206: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

QM215: All versions

QCS605: All versions

QCS405: All versions

QCM2150: All versions

QCA6574AU: All versions

Nicobar: All versions

SXR1130: All versions

SDM710: All versions

SDM670: All versions

SDA660: All versions

Rennell: All versions

SM7150: All versions

SM6150: All versions

SXR2130: All versions

SM8250: All versions

SM8150: All versions

SDX20: All versions

SDM845: All versions

SDM660: All versions

SDM636: All versions

SDM632: All versions

SDM630: All versions

SDM450: All versions

SDM439: All versions

SDM429W: All versions

SDM429: All versions

SDA845: All versions

Saipan: All versions

SA6155P: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU29649

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3671

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in Multimedia when generating a frame buffer in OpenGL ES. A remote attacker can gain elevated privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8009: All versions

SXR2130: All versions

SM8250: All versions

SM8150: All versions

SDM845: All versions

Saipan: All versions

QCS405: All versions

QCM2150: All versions

Nicobar: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds write

EUVDB-ID: #VU29629

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3698

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in WLAN Host. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8009: All versions

SXR2130: All versions

SM8250: All versions

SM8150: All versions

SDX55: All versions

SDX20: All versions

SDM845: All versions

SDM660: All versions

SDM636: All versions

SDM632: All versions

SDM630: All versions

SDM450: All versions

SDM439: All versions

SDM429W: All versions

SDM429: All versions

SDA845: All versions

SC8180X: All versions

Saipan: All versions

SA6155P: All versions

QM215: All versions

QCS605: All versions

QCS405: All versions

QCN7605: All versions

QCM2150: All versions

QCA9379: All versions

QCA9377: All versions

QCA6574AU: All versions

QCA6174A: All versions

Nicobar: All versions

MSM8996AU: All versions

MSM8953: All versions

MSM8940: All versions

MSM8937: All versions

MSM8920: All versions

MSM8917: All versions

MSM8909W: All versions

MSM8905: All versions

MDM9650: All versions

MDM9607: All versions

MDM9207C: All versions

MDM9206: All versions

MDM9150: All versions

APQ8098: All versions

APQ8096AU: All versions

APQ8053: All versions

APQ8017: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin
http://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=df541cea94d83533ff8f34a9b8ae77964788b1c7


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Buffer overflow

EUVDB-ID: #VU29645

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3699

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in WLAN HOST. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

APQ8009: All versions

SM7150: All versions

SM6150: All versions

MDM9640: All versions

SXR2130: All versions

SM8250: All versions

SM8150: All versions

SDX55: All versions

SDX20: All versions

SDM845: All versions

SDM660: All versions

SDM636: All versions

SDM632: All versions

SDM630: All versions

SDM450: All versions

SDM439: All versions

SDM429W: All versions

SDM429: All versions

SDA845: All versions

SC8180X: All versions

Saipan: All versions

SA6155P: All versions

QM215: All versions

QCS605: All versions

QCS405: All versions

QCN7605: All versions

QCM2150: All versions

QCA9379: All versions

QCA9377: All versions

QCA6574AU: All versions

QCA6174A: All versions

Nicobar: All versions

MSM8996AU: All versions

MSM8953: All versions

MSM8940: All versions

MSM8937: All versions

MSM8920: All versions

MSM8917: All versions

MSM8909W: All versions

MSM8905: All versions

MDM9650: All versions

MDM9607: All versions

MDM9207C: All versions

MDM9206: All versions

APQ8096AU: All versions

APQ8053: All versions

APQ8017: All versions

External links

http://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin
http://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=87baef651fcb908b334c0034e98adde90be848b0


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###