cvelistv5 - cve-2020-3613

CVE-2020-3613 (GCVE-0-2020-3613)

Vulnerability from cvelistv5

Published

2020-06-22 07:10

Modified

2024-08-04 07:37

Severity ?

CWE

Double Free Issue in DSP Services

Summary

Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150

References

URL

Tags

product-security@qualcomm.com	https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin	Broken Link
nvd@nist.gov	https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin	Broken Link

Impacted products

	Vendor	Product	Version
	Qualcomm, Inc.	Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music	Version: SM8150

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:37:55.541Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "SM8150"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music in SM8150"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Double Free Issue in DSP Services",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-22T07:10:38",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@qualcomm.com",
          "ID": "CVE-2020-3613",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "SM8150"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Qualcomm, Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music in SM8150"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Double Free Issue in DSP Services"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin",
              "refsource": "CONFIRM",
              "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2020-3613",
    "datePublished": "2020-06-22T07:10:38",
    "dateReserved": "2019-12-17T00:00:00",
    "dateUpdated": "2024-08-04T07:37:55.541Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-3613\",\"sourceIdentifier\":\"product-security@qualcomm.com\",\"published\":\"2020-06-22T07:15:11.833\",\"lastModified\":\"2024-11-21T05:31:24.360\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music in SM8150\"},{\"lang\":\"es\",\"value\":\"Un problema de doble liberaci\u00f3n en el mapeo de la memoria del kernel debido a una falta de mecanismo de protecci\u00f3n de la memoria en los productos Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026amp; Music en versi\u00f3n SM8150\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9286B1E8-E39F-4DAA-8969-311CA2A0A8AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19B9AE36-87A9-4EE7-87C8-CCA2DCF51039\"}]}]}],\"references\":[{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin\",\"source\":\"product-security@qualcomm.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin\",\"source\":\"nvd@nist.gov\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]}]}}"
  }
}

fkie_cve-2020-3613

Vulnerability from fkie_nvd

Published

2020-06-22 07:15

Modified

2024-11-21 05:31

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150

References

URL	Tags
product-security@qualcomm.com	https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin	Broken Link
nvd@nist.gov	https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin	Broken Link

Impacted products

	Vendor	Product	Version
	qualcomm	sm8150_firmware	-
	qualcomm	sm8150	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9286B1E8-E39F-4DAA-8969-311CA2A0A8AA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "19B9AE36-87A9-4EE7-87C8-CCA2DCF51039",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music in SM8150"
    },
    {
      "lang": "es",
      "value": "Un problema de doble liberaci\u00f3n en el mapeo de la memoria del kernel debido a una falta de mecanismo de protecci\u00f3n de la memoria en los productos Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026amp; Music en versi\u00f3n SM8150"
    }
  ],
  "id": "CVE-2020-3613",
  "lastModified": "2024-11-21T05:31:24.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-22T07:15:11.833",
  "references": [
    {
      "source": "product-security@qualcomm.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin"
    },
    {
      "source": "nvd@nist.gov",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin"
    }
  ],
  "sourceIdentifier": "product-security@qualcomm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-415"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2020-37946

Vulnerability from cnvd

Title

Qualcomm SM8150资源管理错误漏洞

Description

Qualcomm SM8150是美国高通（Qualcomm）公司的一款中央处理器（CPU）产品。 Qualcomm SM8150中的DSP服务器存在资源管理错误漏洞。远程攻击者可借助特制文件利用该漏洞导致拒绝服务。

Severity

高

Patch Name

Qualcomm SM8150资源管理错误漏洞的补丁

Patch Description

Qualcomm SM8150是美国高通（Qualcomm）公司的一款中央处理器（CPU）产品。 Qualcomm SM8150中的DSP服务器存在资源管理错误漏洞。远程攻击者可借助特制文件利用该漏洞导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-3613

Impacted products

Name
Qualcomm SM8150

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-3613"
    }
  },
  "description": "Qualcomm SM8150\u662f\u7f8e\u56fd\u9ad8\u901a\uff08Qualcomm\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002\n\nQualcomm SM8150\u4e2d\u7684DSP\u670d\u52a1\u5668\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-37946",
  "openTime": "2020-07-10",
  "patchDescription": "Qualcomm SM8150\u662f\u7f8e\u56fd\u9ad8\u901a\uff08Qualcomm\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4e2d\u592e\u5904\u7406\u5668\uff08CPU\uff09\u4ea7\u54c1\u3002\r\n\r\nQualcomm SM8150\u4e2d\u7684DSP\u670d\u52a1\u5668\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u6587\u4ef6\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Qualcomm SM8150\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Qualcomm SM8150"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-3613",
  "serverity": "\u9ad8",
  "submitTime": "2020-06-03",
  "title": "Qualcomm SM8150\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}

ghsa-9j42-xg9h-9p2w

Vulnerability from github

Published

2022-05-24 17:21

Modified

2022-05-24 17:21

Details

Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-3613"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-22T07:15:00Z",
    "severity": "HIGH"
  },
  "details": "Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music in SM8150",
  "id": "GHSA-9j42-xg9h-9p2w",
  "modified": "2022-05-24T17:21:26Z",
  "published": "2022-05-24T17:21:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3613"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2020-3613

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150

Aliases

CVE-2020-3613

Aliases

CVE-2020-3613

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-3613",
    "description": "Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music in SM8150",
    "id": "GSD-2020-3613"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-3613"
      ],
      "details": "Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music in SM8150",
      "id": "GSD-2020-3613",
      "modified": "2023-12-13T01:22:09.605093Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@qualcomm.com",
        "ID": "CVE-2020-3613",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "SM8150"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Qualcomm, Inc."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music in SM8150"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Double Free Issue in DSP Services"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin",
            "refsource": "CONFIRM",
            "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:qualcomm:sm8150_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:qualcomm:sm8150:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security.cna@qualcomm.com",
          "ID": "CVE-2020-3613"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music in SM8150"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-415"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin"
            },
            {
              "name": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-06-24T19:50Z",
      "publishedDate": "2020-06-22T07:15Z"
    }
  }
}

De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Android	Google Android toutes versions sans le correctif de sécurité du 08 septembre 2020

References

Title

Publication Time

Tags

Bulletin de sécurité Android du 08 septembre 2020	None	vendor-advisory
Bulletin de sécurité Pixel du 08 septembre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Android toutes versions sans le correctif de s\u00e9curit\u00e9 du 08 septembre 2020",
      "product": {
        "name": "Android",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-0395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0395"
    },
    {
      "name": "CVE-2020-0385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0385"
    },
    {
      "name": "CVE-2019-13995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13995"
    },
    {
      "name": "CVE-2019-10518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10518"
    },
    {
      "name": "CVE-2020-11609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11609"
    },
    {
      "name": "CVE-2020-12114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12114"
    },
    {
      "name": "CVE-2020-3674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3674"
    },
    {
      "name": "CVE-2020-0435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0435"
    },
    {
      "name": "CVE-2019-2284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2284"
    },
    {
      "name": "CVE-2020-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0434"
    },
    {
      "name": "CVE-2019-10498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10498"
    },
    {
      "name": "CVE-2019-14099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14099"
    },
    {
      "name": "CVE-2020-0391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0391"
    },
    {
      "name": "CVE-2020-0384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0384"
    },
    {
      "name": "CVE-2020-3671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3671"
    },
    {
      "name": "CVE-2020-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0394"
    },
    {
      "name": "CVE-2019-13994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13994"
    },
    {
      "name": "CVE-2020-0342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0342"
    },
    {
      "name": "CVE-2020-0407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0407"
    },
    {
      "name": "CVE-2019-14901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
    },
    {
      "name": "CVE-2020-0074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0074"
    },
    {
      "name": "CVE-2019-10628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10628"
    },
    {
      "name": "CVE-2020-0404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0404"
    },
    {
      "name": "CVE-2019-14896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14896"
    },
    {
      "name": "CVE-2020-3629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3629"
    },
    {
      "name": "CVE-2020-0229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0229"
    },
    {
      "name": "CVE-2020-0245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0245"
    },
    {
      "name": "CVE-2020-0428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0428"
    },
    {
      "name": "CVE-2020-3613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3613"
    },
    {
      "name": "CVE-2020-8649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
    },
    {
      "name": "CVE-2019-13992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13992"
    },
    {
      "name": "CVE-2020-0386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0386"
    },
    {
      "name": "CVE-2019-2290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2290"
    },
    {
      "name": "CVE-2020-0387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0387"
    },
    {
      "name": "CVE-2020-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3620"
    },
    {
      "name": "CVE-2020-0430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0430"
    },
    {
      "name": "CVE-2019-10596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10596"
    },
    {
      "name": "CVE-2020-0123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0123"
    },
    {
      "name": "CVE-2020-0403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0403"
    },
    {
      "name": "CVE-2020-0392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0392"
    },
    {
      "name": "CVE-2020-0390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0390"
    },
    {
      "name": "CVE-2020-0383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0383"
    },
    {
      "name": "CVE-2019-10527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10527"
    },
    {
      "name": "CVE-2019-5489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
    },
    {
      "name": "CVE-2020-3634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3634"
    },
    {
      "name": "CVE-2020-0432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0432"
    },
    {
      "name": "CVE-2020-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0401"
    },
    {
      "name": "CVE-2020-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0433"
    },
    {
      "name": "CVE-2019-10629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10629"
    },
    {
      "name": "CVE-2019-10564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10564"
    },
    {
      "name": "CVE-2020-11133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11133"
    },
    {
      "name": "CVE-2020-11129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11129"
    },
    {
      "name": "CVE-2020-0278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0278"
    },
    {
      "name": "CVE-2020-0389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0389"
    },
    {
      "name": "CVE-2020-0382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0382"
    },
    {
      "name": "CVE-2019-14117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14117"
    },
    {
      "name": "CVE-2020-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0397"
    },
    {
      "name": "CVE-2019-14074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14074"
    },
    {
      "name": "CVE-2020-0388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0388"
    },
    {
      "name": "CVE-2020-3656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3656"
    },
    {
      "name": "CVE-2020-0396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0396"
    },
    {
      "name": "CVE-2020-7053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
    },
    {
      "name": "CVE-2020-11124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11124"
    },
    {
      "name": "CVE-2020-3617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3617"
    },
    {
      "name": "CVE-2020-0381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0381"
    },
    {
      "name": "CVE-2020-0399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0399"
    },
    {
      "name": "CVE-2020-11135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11135"
    },
    {
      "name": "CVE-2020-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0393"
    },
    {
      "name": "CVE-2020-0402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0402"
    },
    {
      "name": "CVE-2020-3679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3679"
    },
    {
      "name": "CVE-2020-0379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0379"
    },
    {
      "name": "CVE-2019-10521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10521"
    },
    {
      "name": "CVE-2020-0429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0429"
    },
    {
      "name": "CVE-2019-14895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
    },
    {
      "name": "CVE-2020-0380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0380"
    },
    {
      "name": "CVE-2020-0427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
    },
    {
      "name": "CVE-2020-0431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0431"
    },
    {
      "name": "CVE-2020-3622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3622"
    },
    {
      "name": "CVE-2020-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3621"
    },
    {
      "name": "CVE-2019-10519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10519"
    },
    {
      "name": "CVE-2020-12826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
    }
  ],
  "initial_release_date": "2020-09-09T00:00:00",
  "last_revision_date": "2020-09-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-554",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-09-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Android du 08 septembre 2020",
      "url": "https://source.android.com/security/bulletin/2020-09-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Pixel du 08 septembre 2020",
      "url": "https://source.android.com/security/bulletin/pixel/2020-09-01"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-3613 (GCVE-0-2020-3613)

Vulnerability from cvelistv5

fkie_cve-2020-3613

Vulnerability from fkie_nvd

cnvd-2020-37946

Vulnerability from cnvd

ghsa-9j42-xg9h-9p2w

Vulnerability from github

gsd-2020-3613

Vulnerability from gsd

CERTFR-2020-AVI-554

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature