Lucene search

QualcommCVE-2020-3611

HistorySep 08, 2020 - 10:15 a.m.

CVE-2020-3611

2020-09-0810:15:14

qualcomm

web.nvd.nist.gov

cve-2020-3611

xbl sec

qualcomm

snapdragon

improper access

nvd

apq8098

kamorta

msm8998

qcs404

qcs605

sda660

sda845

sdm630

sdm636

sdm660

sdm670

sdm710

sdm845

sdm850

sxr1130

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

12.6%

JSON

u’XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue’ in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130

Affected configurations

Nvd

Node

qualcommapq8098_firmwareMatch-

AND

qualcommapq8098Match-

Node

qualcommkamorta_firmwareMatch-

AND

qualcommkamortaMatch-

Node

qualcommmsm8998_firmwareMatch-

AND

qualcommmsm8998Match-

Node

qualcommqcs404_firmwareMatch-

AND

qualcommqcs404Match-

Node

qualcommqcs605_firmwareMatch-

AND

qualcommqcs605Match-

Node

qualcommsda660_firmwareMatch-

AND

qualcommsda660Match-

Node

qualcommsda845_firmwareMatch-

AND

qualcommsda845Match-

Node

qualcommsdm630_firmwareMatch-

AND

qualcommsdm630Match-

Node

qualcommsdm636_firmwareMatch-

AND

qualcommsdm636Match-

Node

qualcommsdm660_firmwareMatch-

AND

qualcommsdm660Match-

Node

qualcommsdm670_firmwareMatch-

AND

qualcommsdm670Match-

Node

qualcommsdm710_firmwareMatch-

AND

qualcommsdm710Match-

Node

qualcommsdm845_firmwareMatch-

AND

qualcommsdm845Match-

Node

qualcommsdm850_firmwareMatch-

AND

qualcommsdm850Match-

Node

qualcommsxr1130_firmwareMatch-

AND

qualcommsxr1130Match-

VendorProductVersionCPE
qualcommapq8098_firmware-cpe:2.3:o:qualcomm:apq8098_firmware:-:*:*:*:*:*:*:*
qualcommapq8098-cpe:2.3:h:qualcomm:apq8098:-:*:*:*:*:*:*:*
qualcommkamorta_firmware-cpe:2.3:o:qualcomm:kamorta_firmware:-:*:*:*:*:*:*:*
qualcommkamorta-cpe:2.3:h:qualcomm:kamorta:-:*:*:*:*:*:*:*
qualcommmsm8998_firmware-cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:*
qualcommmsm8998-cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*
qualcommqcs404_firmware-cpe:2.3:o:qualcomm:qcs404_firmware:-:*:*:*:*:*:*:*
qualcommqcs404-cpe:2.3:h:qualcomm:qcs404:-:*:*:*:*:*:*:*
qualcommqcs605_firmware-cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*
qualcommqcs605-cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	apq8098_firmware	-	cpe:2.3:o:qualcomm:apq8098_firmware:-:::::::*
qualcomm	apq8098	-	cpe:2.3:h:qualcomm:apq8098:-:::::::*
qualcomm	kamorta_firmware	-	cpe:2.3:o:qualcomm:kamorta_firmware:-:::::::*
qualcomm	kamorta	-	cpe:2.3:h:qualcomm:kamorta:-:::::::*
qualcomm	msm8998_firmware	-	cpe:2.3:o:qualcomm:msm8998_firmware:-:::::::*
qualcomm	msm8998	-	cpe:2.3:h:qualcomm:msm8998:-:::::::*
qualcomm	qcs404_firmware	-	cpe:2.3:o:qualcomm:qcs404_firmware:-:::::::*
qualcomm	qcs404	-	cpe:2.3:h:qualcomm:qcs404:-:::::::*
qualcomm	qcs605_firmware	-	cpe:2.3:o:qualcomm:qcs605_firmware:-:::::::*
qualcomm	qcs605	-	cpe:2.3:h:qualcomm:qcs605:-:::::::*

Rows per page:

1-10 of 301

CNA Affected

[
  {
    "product": "Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "APQ8098, Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2020-3611