CVE-2020-3676

HIGH

Snapdragon Auto/Mobile/Industrial IOT - Memory Corruption

Title source: llm
STIX 2.1

Description

Possible memory corruption in perfservice due to improper validation array length taken from user application. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8096AU, APQ8098, Kamorta, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0013
EPSS Percentile 31.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20 CWE-787
Status published
Products (30)
qualcomm/apq8096au_firmware
qualcomm/apq8098_firmware
qualcomm/kamorta_firmware
qualcomm/msm8917_firmware
qualcomm/msm8920_firmware
qualcomm/msm8937_firmware
qualcomm/msm8940_firmware
qualcomm/msm8953_firmware
qualcomm/msm8998_firmware
qualcomm/nicobar_firmware
... and 20 more
Published Jun 22, 2020
Tracked Since Feb 18, 2026