PT-2020-5937 · Qualcomm · Ipq8074+26

Published

2020-03-02

·

Updated

2020-09-11

·

CVE-2020-3675

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto versions (affected versions not specified) Qualcomm Snapdragon Compute versions (affected versions not specified) Qualcomm Snapdragon Connectivity versions (affected versions not specified) Qualcomm Snapdragon Consumer Electronics Connectivity versions (affected versions not specified) Qualcomm Snapdragon Industrial IOT versions (affected versions not specified) Qualcomm Snapdragon Mobile versions (affected versions not specified) Qualcomm Snapdragon Voice & Music versions (affected versions not specified) Qualcomm Snapdragon Wired Infrastructure and Networking versions (affected versions not specified) IPQ5018 (affected versions not specified) IPQ6018 (affected versions not specified) IPQ8074 (affected versions not specified) Kamorta (affected versions not specified) Nicobar (affected versions not specified) QCA6390 (affected versions not specified) QCN7605 (affected versions not specified) QCS404 (affected versions not specified) QCS405 (affected versions not specified) Rennell (affected versions not specified) SA415M (affected versions not specified) Saipan (affected versions not specified) SC7180 (affected versions not specified) SC8180X (affected versions not specified) SDX55 (affected versions not specified) SM6150 (affected versions not specified) SM7150 (affected versions not specified) SM8150 (affected versions not specified) SM8250 (affected versions not specified)
Description: The issue is related to a potential integer underflow while parsing Service Info and IPv6 link-local TLVs that come as part of the NDPE attribute. This could be exploited by a remote attacker to execute arbitrary code or cause a denial of service. The vulnerability is associated with a buffer overflow when using the TLV (Tag-length-value) data writing method with the NDPE parameter in the Service info microprogram of Qualcomm's embedded platform software.
Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Buffer Over-read

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-126CWE-191

Related Identifiers

BDU:2021-02067
CVE-2020-3675

Affected Products

Ipq5018
Ipq6018
Ipq8074
Kamorta
Nicobar
Qca6390
Qcn7605
Qcs404
Qcs405
Qualcomm Snapdragon Auto
Qualcomm Snapdragon Compute
Qualcomm Snapdragon Connectivity
Qualcomm Snapdragon Consumer Electronics Connectivity
Qualcomm Snapdragon Industrial Iot
Qualcomm Snapdragon Mobile
Qualcomm Snapdragon Voice & Music
Qualcomm Snapdragon Wired Infrastructure/Networking
Rennell
Sa415M
Sc7180
Sc8180X
Sdx55
Sm6150
Sm7150
Sm8150
Sm8250
Saipan