Buffer overflow in Qualcomm products - CVE-2020-3667
Published: May 17, 2025
Vulnerability identifier: #VU109315
CSH Severity:
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:
CVE-ID: CVE-2020-3667
CWE-ID: CWE-120
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Qualcomm
Affected software:
APQ8098
IPQ8074
Kamorta
MSM8998
Nicobar
QCS405
QCS605
Rennell
Saipan
SC8180X
SDA845
SDM630
SDM636
SDM660
SDM670
SDM710
SDM845
SM6150
SM7150
SM8150
SM8250
SXR1130
IPQ5018
IPQ6018
QCA6390
QCA8081
QCS404
SA415M
SC7180
SDM850
APQ8098
IPQ8074
Kamorta
MSM8998
Nicobar
QCS405
QCS605
Rennell
Saipan
SC8180X
SDA845
SDM630
SDM636
SDM660
SDM670
SDM710
SDM845
SM6150
SM7150
SM8150
SM8250
SXR1130
IPQ5018
IPQ6018
QCA6390
QCA8081
QCS404
SA415M
SC7180
SDM850
Detailed vulnerability description
The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
How to mitigate CVE-2020-3667
Install security update from vendor's website.