cnvd - cnvd-2020-50523

cnvd-2020-50523

Vulnerability from cnvd

Title

Qualcomm MSM8909W路径遍历漏洞

Description

Qualcomm MSM8909W是美国高通（Qualcomm）公司的一款中央处理器（CPU）产品。 Qualcomm MSM8909W中的DSP Services存在路径遍历漏洞，该漏洞源于缺少对用户数据的检查。攻击者可利用该漏洞覆盖或读取任意文件。

Severity

中

Patch Name

Qualcomm MSM8909W路径遍历漏洞的补丁

Patch Description

Qualcomm MSM8909W是美国高通（Qualcomm）公司的一款中央处理器（CPU）产品。 Qualcomm MSM8909W中的DSP Services存在路径遍历漏洞，该漏洞源于缺少对用户数据的检查。攻击者可利用该漏洞覆盖或读取任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

Reference

https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

Impacted products

Name
Qualcomm MSM8909W

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-3648",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-3648"
    }
  },
  "description": "Qualcomm MSM8909W\u662f\u7f8e\u56fd\u9ad8\u901a\uff08Qualcomm\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002\n\nQualcomm MSM8909W\u4e2d\u7684DSP Services\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f3a\u5c11\u5bf9\u7528\u6237\u6570\u636e\u7684\u68c0\u67e5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8986\u76d6\u6216\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-50523",
  "openTime": "2020-09-03",
  "patchDescription": "Qualcomm MSM8909W\u662f\u7f8e\u56fd\u9ad8\u901a\uff08Qualcomm\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002\r\n\r\nQualcomm MSM8909W\u4e2d\u7684DSP Services\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f3a\u5c11\u5bf9\u7528\u6237\u6570\u636e\u7684\u68c0\u67e5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8986\u76d6\u6216\u8bfb\u53d6\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Qualcomm MSM8909W\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Qualcomm MSM8909W"
  },
  "referenceLink": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin",
  "serverity": "\u4e2d",
  "submitTime": "2020-08-05",
  "title": "Qualcomm MSM8909W\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}

CVE-2020-3648 (GCVE-0-2020-3648)

Vulnerability from cvelistv5

Published

2020-09-08 09:31

Modified

2024-08-04 07:37

Severity ?

CWE

Use of Out-of-range Pointer offset in DSP Services

Summary

u'Possible out of bound write in DSP driver code due to lack of check of data received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W

References

URL

Tags

https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

x_refsource_CONFIRM