#VU109346 Use of Out-of-range Pointer Offset in Qualcomm products - CVE-2020-3669

Vulnerability identifier: #VU109346

Vulnerability risk:

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:

CVE-ID: CVE-2020-3669

CWE-ID: CWE-823

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
APQ8098
IPQ8074
Kamorta
MSM8998
Nicobar
QCN7605
QCS405
QCS605
Rennell
SC8180X
SDA845
SDM630
SDM636
SDM660
SDM670
SDM710
SDM845
SM6150
SM7150
SM8150
SM8250
SXR1130
IPQ5018
IPQ6018
QCA6390
QCA8081
QCS404
SA415M
SC7180
SDM850

Software vendor:
Qualcomm

The vulnerability allows #AV# #AU# to #BASIC_IMPACT#.

The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.

Install security update from vendor's website.

• https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin