1. CVE-Search
  2. CVE-2020-3632
ID CVE-2020-3632
Summary u'Incorrect validation of ring context fetched from host memory can lead to memory overflow' in Snapdragon Compute, Snapdragon Mobile in QSM8350, SC7180, SDX55, SDX55M, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P
References
Vulnerable Configurations
  • cpe:2.3:o:qualcomm:qsm8350_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:qsm8350_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:qsm8350:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:qsm8350:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sc7180:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sc7180:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sdx55m:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sdx55m:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sm6150_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sm6150:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sm6250:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sm6250:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sm6250p:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sm6250p:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sm7125_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sm7125_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sm7125:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sm7125:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sm7150_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sm7150:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sm7150p_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sm7150p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sm7150p:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sm7150p:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sm7250_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sm7250_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sm7250:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sm7250:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sm7250p:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sm7250p:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sm8150p_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sm8150p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sm8150p:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sm8150p:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sm8350_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sm8350_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sm8350:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sm8350:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sm8350p_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sm8350p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sm8350p:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sm8350p:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*
  • cpe:2.3:o:qualcomm:sxr2130p_firmware:-:*:*:*:*:*:*:*
    cpe:2.3:o:qualcomm:sxr2130p_firmware:-:*:*:*:*:*:*:*
  • cpe:2.3:h:qualcomm:sxr2130p:-:*:*:*:*:*:*:*
    cpe:2.3:h:qualcomm:sxr2130p:-:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 19-11-2020 - 15:22)
Impact:
Exploitability:
CWE CWE-129
CAPEC
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an adversary. As a consequence, an adversary is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the adversaries' choice.
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
refmap via4
confirm https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin
Last major update 19-11-2020 - 15:22
Published 12-11-2020 - 10:15
Last modified 19-11-2020 - 15:22
Back to Top