PT-2020-17654 · Qualcomm · Snapdragon Wearables+7

Published

2020-09-08

Updated

2021-07-21

CVE-2020-3648

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon versions (affected versions not specified)

Description The issue is related to a possible out of bound write in the DSP driver code. This is due to a lack of check of data received from the user. The affected products include Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, and Snapdragon Wearables, specifically in the MSM8909W.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-20

Related Identifiers

CVE-2020-3648

Affected Products

Msm8909W

Snapdragon Auto

Snapdragon Compute

Snapdragon Consumer Iot

Snapdragon Industrial Iot

Snapdragon Mobile

Snapdragon Voice & Music

Snapdragon Wearables

PT-2020-17654 · Qualcomm · Snapdragon Wearables+7

CVE-2020-3648

Weakness Enumeration

Related Identifiers

Affected Products

References · 3