Main Vulnerability Database Vulnerabilities #VU109313

#VU109313 Time-of-check Time-of-use (TOCTOU) Race Condition in Qualcomm products - CVE-2020-3619

Published: May 17, 2025

Vulnerability identifier: #VU109313

Vulnerability risk:

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

CVE-ID: CVE-2020-3619

CWE-ID: CWE-367

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
APQ8009
APQ8017
APQ8053
APQ8098
IPQ8074
Kamorta
MDM9150
MDM9206
MDM9607
MDM9650
MSM8905
MSM8917
MSM8920
MSM8937
MSM8940
MSM8953
MSM8998
QCS605
QM215
Rennell
SDA660
SDA845
SDM429
SDM439
SDM450
SDM630
SDM632
SDM636
SDM660
SDM670
SDM710
SDM845
SDX24
SM6150
SM7150
SM8150
SXR1130
MSM8909
QCA8081
QCS404
QCS610
SA415M
SC7180
SDM850

Software vendor:
Qualcomm

Description

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in Graphics. #AV# #AU# can #EXT_IMPACT#.

Remediation

Install security update from vendor's website.

External links

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

#VU109313 Time-of-check Time-of-use (TOCTOU) Race Condition in Qualcomm products - CVE-2020-3619

Description

Remediation

External links

Please verify you're human