CVE-2020-3698

Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon Auto versions APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU Qualcomm Snapdragon Compute versions APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU Qualcomm Snapdragon Consumer Electronics Connectivity versions APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU Qualcomm Snapdragon Consumer IOT versions APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU Qualcomm Snapdragon Industrial IOT versions APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU Qualcomm Snapdragon Mobile versions APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU Qualcomm Snapdragon Voice & Music versions APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU Qualcomm Snapdragon Wearables versions APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU Qualcomm QCA6174A Qualcomm QCA6574AU Qualcomm QCA9377 Qualcomm QCA9379 Qualcomm QCM2150 Qualcomm QCN7605 Qualcomm QCS405 Qualcomm QCS605 Qualcomm QM215 Qualcomm SA6155P Qualcomm Saipan Qualcomm SC8180X Qualcomm SDA845 Qualcomm SDM429 Qualcomm SDM429W Qualcomm SDM439 Qualcomm SDM450 Qualcomm SDM630 Qualcomm SDM632 Qualcomm SDM636 Qualcomm SDM660 Qualcomm SDM845 Qualcomm SDX20 Qualcomm SDX55 Qualcomm SM8150 Qualcomm SM8250 Qualcomm SXR2130

Description The issue is caused by an out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame. This affects various Qualcomm Snapdragon products, including Auto, Compute, Consumer Electronics Connectivity, Consumer IOT, Industrial IOT, Mobile, Voice & Music, and Wearables, as well as other Qualcomm products.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.