CVE-2020-3642

HIGH

Snapdragon Consumer IOT - Use After Free

Title source: llm

Description

Use after free issue in camera applications when used randomly over multiple operations due to pointer not set to NULL after free/destroy of the object in Snapdragon Consumer IOT, Snapdragon Mobile in Kamorta, QCS605, Rennell, Saipan, SDM670, SDM710, SDM845, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

References (2)

Core 2

Core References

Broken Link x_refsource_confirm

https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin

Vendor Advisory

https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin

Scores

CVSS v3 7.8

EPSS 0.0009

EPSS Percentile 25.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-416

Status published

Products (13)

qualcomm/kamorta_firmware

qualcomm/qcs605_firmware

qualcomm/rennell_firmware

qualcomm/saipan_firmware

qualcomm/sdm670_firmware

qualcomm/sdm710_firmware

qualcomm/sdm845_firmware

qualcomm/sm6150_firmware

qualcomm/sm7150_firmware

qualcomm/sm8150_firmware

... and 3 more

Published Jun 22, 2020

Tracked Since Feb 18, 2026