#VU29651 Out-of-bounds read in Qualcomm products - CVE-2020-3688

Vulnerability identifier: #VU29651

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2020-3688

CWE-ID: CWE-125

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
APQ8009
Hardware solutions / Firmware
APQ8098
Hardware solutions / Firmware
APQ8096AU
Hardware solutions / Firmware
APQ8053
Hardware solutions / Firmware
APQ8017
Hardware solutions / Firmware
Kamorta
Hardware solutions / Firmware
MSM8953
Hardware solutions / Firmware
MSM8940
Hardware solutions / Firmware
MSM8937
Hardware solutions / Firmware
MSM8920
Hardware solutions / Firmware
MSM8917
Hardware solutions / Firmware
MSM8909W
Hardware solutions / Firmware
MSM8905
Hardware solutions / Firmware
MDM9607
Hardware solutions / Firmware
MDM9207C
Hardware solutions / Firmware
MDM9206
Hardware solutions / Firmware
MSM8996
Hardware solutions / Firmware
MSM8996AU
Hardware solutions / Firmware
MSM8998
Hardware solutions / Firmware
QM215
Hardware solutions / Firmware
QCS605
Hardware solutions / Firmware
QCS405
Hardware solutions / Firmware
QCM2150
Hardware solutions / Firmware
QCA6574AU
Hardware solutions / Firmware
Nicobar
Hardware solutions / Firmware
SXR1130
Hardware solutions / Firmware
SDM710
Hardware solutions / Firmware
SDM670
Hardware solutions / Firmware
SDA660
Hardware solutions / Firmware
Rennell
Hardware solutions / Firmware
SM7150
Hardware solutions / Firmware
SM6150
Hardware solutions / Firmware
SXR2130
Hardware solutions / Firmware
SM8250
Hardware solutions / Firmware
SM8150
Hardware solutions / Firmware
SDX20
Hardware solutions / Firmware
SDM845
Hardware solutions / Firmware
SDM660
Hardware solutions / Firmware
SDM636
Hardware solutions / Firmware
SDM632
Hardware solutions / Firmware
SDM630
Hardware solutions / Firmware
SDM450
Hardware solutions / Firmware
SDM439
Hardware solutions / Firmware
SDM429W
Hardware solutions / Firmware
SDM429
Hardware solutions / Firmware
SDA845
Hardware solutions / Firmware
Saipan
Hardware solutions / Firmware
SA6155P
Hardware solutions / Firmware

Vendor: Qualcomm

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in Video while parsing mp4 clip with corrupted sample atoms. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

APQ8009: All versions

APQ8098: All versions

APQ8096AU: All versions

APQ8053: All versions

APQ8017: All versions

Kamorta: All versions

MSM8953: All versions

MSM8940: All versions

MSM8937: All versions

MSM8920: All versions

MSM8917: All versions

MSM8909W: All versions

MSM8905: All versions

MDM9607: All versions

MDM9207C: All versions

MDM9206: All versions

MSM8996: All versions

MSM8996AU: All versions

MSM8998: All versions

QM215: All versions

QCS605: All versions

QCS405: All versions

QCM2150: All versions

QCA6574AU: All versions

Nicobar: All versions

SXR1130: All versions

SDM710: All versions

SDM670: All versions

SDA660: All versions

Rennell: All versions

SM7150: All versions

SM6150: All versions

SXR2130: All versions

SM8250: All versions

SM8150: All versions

SDX20: All versions

SDM845: All versions

SDM660: All versions

SDM636: All versions

SDM632: All versions

SDM630: All versions

SDM450: All versions

SDM439: All versions

SDM429W: All versions

SDM429: All versions

SDA845: All versions

Saipan: All versions

SA6155P: All versions

---

External links
https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.