CVE-2020-3611
HIGHQualcomm Snapdragon Firmware - Improper Access Control via XBL SEC Segment Loading
Title source: llmDescription
u'XBL SEC clears only ZI region when loading Qualcomm-signed segments can lead to improper access issue' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, Kamorta, MSM8998, QCS404, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130
References (2)
Core 2
Core References
Broken Link x_refsource_confirm
https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
Scores
CVSS v3
7.8
EPSS
0.0010
EPSS Percentile
27.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (15)
qualcomm/apq8098_firmware
qualcomm/kamorta_firmware
qualcomm/msm8998_firmware
qualcomm/qcs404_firmware
qualcomm/qcs605_firmware
qualcomm/sda660_firmware
qualcomm/sda845_firmware
qualcomm/sdm630_firmware
qualcomm/sdm636_firmware
qualcomm/sdm660_firmware
... and 5 more
Published
Sep 08, 2020
Tracked Since
Feb 18, 2026