Lucene search

[email protected]NVD:CVE-2020-3674

HistorySep 09, 2020 - 7:15 a.m.

CVE-2020-3674

2020-09-0907:15:10

CWE-125

[email protected]

web.nvd.nist.gov

improper data transfer

kernel

snapdragon

information leakage

cve-2020-3674

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Nicobar, QCS405, Saipan, SC8180X, SDX55, SM8150, SM8250, SXR2130

Affected configurations

Nvd

Node

qualcommnicobar_firmwareMatch-

AND

qualcommnicobarMatch-

Node

qualcommqcs405_firmwareMatch-

AND

qualcommqcs405Match-

Node

qualcommsaipan_firmwareMatch-

AND

qualcommsaipanMatch-

Node

qualcommsc8180x_firmwareMatch-

AND

qualcommsc8180xMatch-

Node

qualcommsdx55_firmwareMatch-

AND

qualcommsdx55Match-

Node

qualcommsm8150_firmwareMatch-

AND

qualcommsm8150Match-

Node

qualcommsm8250_firmwareMatch-

AND

qualcommsm8250Match-

Node

qualcommsxr2130_firmwareMatch-

AND

qualcommsxr2130Match-

VendorProductVersionCPE
qualcommnicobar_firmware-cpe:2.3:o:qualcomm:nicobar_firmware:-:*:*:*:*:*:*:*
qualcommnicobar-cpe:2.3:h:qualcomm:nicobar:-:*:*:*:*:*:*:*
qualcommqcs405_firmware-cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*
qualcommqcs405-cpe:2.3:h:qualcomm:qcs405:-:*:*:*:*:*:*:*
qualcommsaipan_firmware-cpe:2.3:o:qualcomm:saipan_firmware:-:*:*:*:*:*:*:*
qualcommsaipan-cpe:2.3:h:qualcomm:saipan:-:*:*:*:*:*:*:*
qualcommsc8180x_firmware-cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*
qualcommsc8180x-cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*
qualcommsdx55_firmware-cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*
qualcommsdx55-cpe:2.3:h:qualcomm:sdx55:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	nicobar_firmware	-	cpe:2.3:o:qualcomm:nicobar_firmware:-:::::::*
qualcomm	nicobar	-	cpe:2.3:h:qualcomm:nicobar:-:::::::*
qualcomm	qcs405_firmware	-	cpe:2.3:o:qualcomm:qcs405_firmware:-:::::::*
qualcomm	qcs405	-	cpe:2.3:h:qualcomm:qcs405:-:::::::*
qualcomm	saipan_firmware	-	cpe:2.3:o:qualcomm:saipan_firmware:-:::::::*
qualcomm	saipan	-	cpe:2.3:h:qualcomm:saipan:-:::::::*
qualcomm	sc8180x_firmware	-	cpe:2.3:o:qualcomm:sc8180x_firmware:-:::::::*
qualcomm	sc8180x	-	cpe:2.3:h:qualcomm:sc8180x:-:::::::*
qualcomm	sdx55_firmware	-	cpe:2.3:o:qualcomm:sdx55_firmware:-:::::::*
qualcomm	sdx55	-	cpe:2.3:h:qualcomm:sdx55:-:::::::*

Rows per page:

1-10 of 161

References

www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2020-3674

cve1 prion1 cvelist1 androidsecurity1