Lucene search

QualcommCVE-2020-3690

HistoryNov 02, 2020 - 7:15 a.m.

CVE-2020-3690

2020-11-0207:15:14

qualcomm

web.nvd.nist.gov

cve-2020-3690

smmu

modem

crypto

hypervisor

snapdragon

nvd

security

vulnerability

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

12.6%

JSON

u’Due to an incorrect SMMU configuration, the modem crypto engine can potentially compromise the hypervisor’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Agatti, Bitra, Kamorta, Nicobar, QCA6390, QCS404, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Affected configurations

Nvd

Node

qualcommagattiMatch-

AND

qualcommagatti_firmwareMatch-

Node

qualcommbitraMatch-

AND

qualcommbitra_firmwareMatch-

Node

qualcommkamortaMatch-

AND

qualcommkamorta_firmwareMatch-

Node

qualcommnicobarMatch-

AND

qualcommnicobar_firmwareMatch-

Node

qualcommqca6390Match-

AND

qualcommqca6390_firmwareMatch-

Node

qualcommqcs404Match-

AND

qualcommqcs404_firmwareMatch-

Node

qualcommqcs605Match-

AND

qualcommqcs605_firmwareMatch-

Node

qualcommqcs610Match-

AND

qualcommqcs610_firmwareMatch-

Node

qualcommrennell_firmwareMatch-

AND

qualcommrennellMatch-

Node

qualcommsa415m_firmwareMatch-

AND

qualcommsa415mMatch-

Node

qualcommsa515m_firmwareMatch-

AND

qualcommsa515mMatch-

Node

qualcommsa6155p_firmwareMatch-

AND

qualcommsa6155pMatch-

Node

qualcommsa8155p_firmwareMatch-

AND

qualcommsa8155pMatch-

Node

qualcommsaipan_firmwareMatch-

AND

qualcommsaipanMatch-

Node

qualcommsc7180_firmwareMatch-

AND

qualcommsc7180Match-

Node

qualcommsc8180x_firmwareMatch-

AND

qualcommsc8180xMatch-

Node

qualcommsda845_firmwareMatch-

AND

qualcommsda845Match-

Node

qualcommsdm670_firmwareMatch-

AND

qualcommsdm670Match-

Node

qualcommsdm710_firmwareMatch-

AND

qualcommsdm710Match-

Node

qualcommsdm845_firmwareMatch-

AND

qualcommsdm845Match-

Node

qualcommsdm850_firmwareMatch-

AND

qualcommsdm850Match-

Node

qualcommsdx24_firmwareMatch-

AND

qualcommsdx24Match-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsm6150_firmwareMatch-

AND

qualcommsm6150Match-

Node

qualcommsm7150_firmwareMatch-

AND

qualcommsm7150Match-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsxr1130_firmwareMatch-

AND

qualcommsxr1130Match-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

VendorProductVersionCPE
qualcommagatti-cpe:2.3:h:qualcomm:agatti:-:*:*:*:*:*:*:*
qualcommagatti_firmware-cpe:2.3:o:qualcomm:agatti_firmware:-:*:*:*:*:*:*:*
qualcommbitra-cpe:2.3:h:qualcomm:bitra:-:*:*:*:*:*:*:*
qualcommbitra_firmware-cpe:2.3:o:qualcomm:bitra_firmware:-:*:*:*:*:*:*:*
qualcommkamorta-cpe:2.3:h:qualcomm:kamorta:-:*:*:*:*:*:*:*
qualcommkamorta_firmware-cpe:2.3:o:qualcomm:kamorta_firmware:-:*:*:*:*:*:*:*
qualcommnicobar-cpe:2.3:h:qualcomm:nicobar:-:*:*:*:*:*:*:*
qualcommnicobar_firmware-cpe:2.3:o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*
qualcommqca6390-cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:*
qualcommqca6390_firmware-cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	agatti	-	cpe:2.3:h:qualcomm:agatti:-:::::::*
qualcomm	agatti_firmware	-	cpe:2.3:o:qualcomm:agatti_firmware:-:::::::*
qualcomm	bitra	-	cpe:2.3:h:qualcomm:bitra:-:::::::*
qualcomm	bitra_firmware	-	cpe:2.3:o:qualcomm:bitra_firmware:-:::::::*
qualcomm	kamorta	-	cpe:2.3:h:qualcomm:kamorta:-:::::::*
qualcomm	kamorta_firmware	-	cpe:2.3:o:qualcomm:kamorta_firmware:-:::::::*
qualcomm	nicobar	-	cpe:2.3:h:qualcomm:nicobar:-:::::::*
qualcomm	nicobar_firmware	-	cpe:2.3:o:qualcomm:nicobar_firmware:-:::::::*
qualcomm	qca6390	-	cpe:2.3:h:qualcomm:qca6390:-:::::::*
qualcomm	qca6390_firmware	-	cpe:2.3:o:qualcomm:qca6390_firmware:-:::::::*

Rows per page:

1-10 of 581

CNA Affected

[
  {
    "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Agatti, Bitra, Kamorta, Nicobar, QCA6390, QCS404, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
      }
    ]
  }
]

References

www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin

www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVE-2020-3690