Out-of-bounds write in Qualcomm products - CVE-2020-3698
Published: July 9, 2020 / Updated: March 3, 2021
Vulnerability identifier: #VU29629
CSH Severity: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-3698
CWE-ID: CWE-787
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8009
SXR2130
SM8250
SM8150
SDX55
SDX20
SDM845
SDM660
SDM636
SDM632
SDM630
SDM450
SDM439
SDM429W
SDM429
SDA845
SC8180X
Saipan
SA6155P
QM215
QCS605
QCS405
QCN7605
QCM2150
QCA9379
QCA9377
QCA6574AU
QCA6174A
Nicobar
MSM8996AU
MSM8953
MSM8940
MSM8937
MSM8920
MSM8917
MSM8909W
MSM8905
MDM9650
MDM9607
MDM9207C
MDM9206
MDM9150
APQ8098
APQ8096AU
APQ8053
APQ8017
APQ8009
SXR2130
SM8250
SM8150
SDX55
SDX20
SDM845
SDM660
SDM636
SDM632
SDM630
SDM450
SDM439
SDM429W
SDM429
SDA845
SC8180X
Saipan
SA6155P
QM215
QCS605
QCS405
QCN7605
QCM2150
QCA9379
QCA9377
QCA6574AU
QCA6174A
Nicobar
MSM8996AU
MSM8953
MSM8940
MSM8937
MSM8920
MSM8917
MSM8909W
MSM8905
MDM9650
MDM9607
MDM9207C
MDM9206
MDM9150
APQ8098
APQ8096AU
APQ8053
APQ8017
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in WLAN Host. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install updates from vendor's website.