#VU29645 Buffer overflow in Qualcomm products - CVE-2020-3699
Published: July 10, 2020 / Updated: March 3, 2021
Vulnerability identifier: #VU29645
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2020-3699
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
APQ8009
SM7150
SM6150
MDM9640
SXR2130
SM8250
SM8150
SDX55
SDX20
SDM845
SDM660
SDM636
SDM632
SDM630
SDM450
SDM439
SDM429W
SDM429
SDA845
SC8180X
Saipan
SA6155P
QM215
QCS605
QCS405
QCN7605
QCM2150
QCA9379
QCA9377
QCA6574AU
QCA6174A
Nicobar
MSM8996AU
MSM8953
MSM8940
MSM8937
MSM8920
MSM8917
MSM8909W
MSM8905
MDM9650
MDM9607
MDM9207C
MDM9206
APQ8096AU
APQ8053
APQ8017
APQ8009
SM7150
SM6150
MDM9640
SXR2130
SM8250
SM8150
SDX55
SDX20
SDM845
SDM660
SDM636
SDM632
SDM630
SDM450
SDM439
SDM429W
SDM429
SDA845
SC8180X
Saipan
SA6155P
QM215
QCS605
QCS405
QCN7605
QCM2150
QCA9379
QCA9377
QCA6574AU
QCA6174A
Nicobar
MSM8996AU
MSM8953
MSM8940
MSM8937
MSM8920
MSM8917
MSM8909W
MSM8905
MDM9650
MDM9607
MDM9207C
MDM9206
APQ8096AU
APQ8053
APQ8017
Software vendor:
Qualcomm
Qualcomm
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WLAN HOST. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.