Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2020-AVI-554
Vulnerability from certfr_avis - Published: 2020-09-09 - Updated: 2020-09-09
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions sans le correctif de s\u00e9curit\u00e9 du 08 septembre 2020",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0395"
},
{
"name": "CVE-2020-0385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0385"
},
{
"name": "CVE-2019-13995",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13995"
},
{
"name": "CVE-2019-10518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10518"
},
{
"name": "CVE-2020-11609",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11609"
},
{
"name": "CVE-2020-12114",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12114"
},
{
"name": "CVE-2020-3674",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3674"
},
{
"name": "CVE-2020-0435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0435"
},
{
"name": "CVE-2019-2284",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2284"
},
{
"name": "CVE-2020-0434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0434"
},
{
"name": "CVE-2019-10498",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10498"
},
{
"name": "CVE-2019-14099",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14099"
},
{
"name": "CVE-2020-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0391"
},
{
"name": "CVE-2020-0384",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0384"
},
{
"name": "CVE-2020-3671",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3671"
},
{
"name": "CVE-2020-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0394"
},
{
"name": "CVE-2019-13994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13994"
},
{
"name": "CVE-2020-0342",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0342"
},
{
"name": "CVE-2020-0407",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0407"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2020-0074",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0074"
},
{
"name": "CVE-2019-10628",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10628"
},
{
"name": "CVE-2020-0404",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0404"
},
{
"name": "CVE-2019-14896",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14896"
},
{
"name": "CVE-2020-3629",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3629"
},
{
"name": "CVE-2020-0229",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0229"
},
{
"name": "CVE-2020-0245",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0245"
},
{
"name": "CVE-2020-0428",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0428"
},
{
"name": "CVE-2020-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3613"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2019-13992",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13992"
},
{
"name": "CVE-2020-0386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0386"
},
{
"name": "CVE-2019-2290",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2290"
},
{
"name": "CVE-2020-0387",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0387"
},
{
"name": "CVE-2020-3620",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3620"
},
{
"name": "CVE-2020-0430",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0430"
},
{
"name": "CVE-2019-10596",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10596"
},
{
"name": "CVE-2020-0123",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0123"
},
{
"name": "CVE-2020-0403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0403"
},
{
"name": "CVE-2020-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0392"
},
{
"name": "CVE-2020-0390",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0390"
},
{
"name": "CVE-2020-0383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0383"
},
{
"name": "CVE-2019-10527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10527"
},
{
"name": "CVE-2019-5489",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
},
{
"name": "CVE-2020-3634",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3634"
},
{
"name": "CVE-2020-0432",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0432"
},
{
"name": "CVE-2020-0401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0401"
},
{
"name": "CVE-2020-0433",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0433"
},
{
"name": "CVE-2019-10629",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10629"
},
{
"name": "CVE-2019-10564",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10564"
},
{
"name": "CVE-2020-11133",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11133"
},
{
"name": "CVE-2020-11129",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11129"
},
{
"name": "CVE-2020-0278",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0278"
},
{
"name": "CVE-2020-0389",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0389"
},
{
"name": "CVE-2020-0382",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0382"
},
{
"name": "CVE-2019-14117",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14117"
},
{
"name": "CVE-2020-0397",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0397"
},
{
"name": "CVE-2019-14074",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14074"
},
{
"name": "CVE-2020-0388",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0388"
},
{
"name": "CVE-2020-3656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3656"
},
{
"name": "CVE-2020-0396",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0396"
},
{
"name": "CVE-2020-7053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
},
{
"name": "CVE-2020-11124",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11124"
},
{
"name": "CVE-2020-3617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3617"
},
{
"name": "CVE-2020-0381",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0381"
},
{
"name": "CVE-2020-0399",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0399"
},
{
"name": "CVE-2020-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11135"
},
{
"name": "CVE-2020-0393",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0393"
},
{
"name": "CVE-2020-0402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0402"
},
{
"name": "CVE-2020-3679",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3679"
},
{
"name": "CVE-2020-0379",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0379"
},
{
"name": "CVE-2019-10521",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10521"
},
{
"name": "CVE-2020-0429",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0429"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2020-0380",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0380"
},
{
"name": "CVE-2020-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
},
{
"name": "CVE-2020-0431",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0431"
},
{
"name": "CVE-2020-3622",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3622"
},
{
"name": "CVE-2020-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3621"
},
{
"name": "CVE-2019-10519",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10519"
},
{
"name": "CVE-2020-12826",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
}
],
"initial_release_date": "2020-09-09T00:00:00",
"last_revision_date": "2020-09-09T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-554",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 08 septembre 2020",
"url": "https://source.android.com/security/bulletin/2020-09-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Pixel du 08 septembre 2020",
"url": "https://source.android.com/security/bulletin/pixel/2020-09-01"
}
]
}
CVE-2020-0435 (GCVE-0-2020-0435)
Vulnerability from cvelistv5 – Published: 2020-09-17 18:47 – Updated: 2020-09-24 14:06
VLAI
EPSS
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-14615. Reason: This candidate is a duplicate of CVE-2018-14615. Notes: All CVE users should reference CVE-2018-14615 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2020-09-24T14:06:52.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"rejectedReasons": [
{
"lang": "en",
"value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-14615. Reason: This candidate is a duplicate of CVE-2018-14615. Notes: All CVE users should reference CVE-2018-14615 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2020-0435",
"datePublished": "2020-09-17T18:47:04.000Z",
"dateRejected": "2020-09-24T14:06:52.000Z",
"dateReserved": "2019-10-17T00:00:00.000Z",
"dateUpdated": "2020-09-24T14:06:52.000Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.0"
}
CVE-2020-11124 (GCVE-0-2020-11124)
Vulnerability from cvelistv5 – Published: 2020-09-09 06:25 – Updated: 2024-08-04 11:21
VLAI
EPSS
Summary
u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Severity
No CVSS data available.
CWE
- Use After Free Issues in Diag Services
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music |
Affected:
MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "u\u0027Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music in MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free Issues in Diag Services",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-09T06:25:18.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music",
"version": {
"version_data": [
{
"version_value": "MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u\u0027Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.\u0027 in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice \u0026 Music in MDM9607, Nicobar, QCS404, QCS405, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM660, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free Issues in Diag Services"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11124",
"datePublished": "2020-09-09T06:25:18.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11129 (GCVE-0-2020-11129)
Vulnerability from cvelistv5 – Published: 2020-09-09 06:25 – Updated: 2024-08-04 11:21
VLAI
EPSS
Summary
u'During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free' in Snapdragon Consumer IOT, Snapdragon Mobile in Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR2130
Severity
No CVSS data available.
CWE
- Use After Free Issues in Camera
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Consumer IOT, Snapdragon Mobile |
Affected:
Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR2130
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Consumer IOT, Snapdragon Mobile",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR2130"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "u\u0027During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free\u0027 in Snapdragon Consumer IOT, Snapdragon Mobile in Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR2130"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use After Free Issues in Camera",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-09T06:25:19.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Consumer IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR2130"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u\u0027During the error occurrence in capture request, the buffer is freed and later accessed causing the camera APP to fail due to memory use-after-free\u0027 in Snapdragon Consumer IOT, Snapdragon Mobile in Bitra, Kamorta, QCS605, Saipan, SDM710, SM8250, SXR2130"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free Issues in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11129",
"datePublished": "2020-09-09T06:25:19.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11133 (GCVE-0-2020-11133)
Vulnerability from cvelistv5 – Published: 2020-09-08 09:31 – Updated: 2024-08-04 11:21
VLAI
EPSS
Summary
u'Possible out of bound array write in rxdco cal utility due to lack of array bound check' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8998, QCS605, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130
Severity
No CVSS data available.
CWE
- Stack-based Buffer Overflow in WLAN
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
Affected:
MSM8998, QCS605, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "MSM8998, QCS605, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "u\u0027Possible out of bound array write in rxdco cal utility due to lack of array bound check\u0027 in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8998, QCS605, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stack-based Buffer Overflow in WLAN",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-08T09:31:37.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "MSM8998, QCS605, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u\u0027Possible out of bound array write in rxdco cal utility due to lack of array bound check\u0027 in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MSM8998, QCS605, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SXR1130"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11133",
"datePublished": "2020-09-08T09:31:37.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11135 (GCVE-0-2020-11135)
Vulnerability from cvelistv5 – Published: 2020-09-09 06:25 – Updated: 2024-08-04 11:21
VLAI
EPSS
Summary
u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, Kamorta, MSM8917, MSM8953, Nicobar, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
Severity
No CVSS data available.
CWE
- Reachable Assertion Issues in Audio
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
Affected:
APQ8098, Kamorta, MSM8917, MSM8953, Nicobar, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "APQ8098, Kamorta, MSM8917, MSM8953, Nicobar, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "u\u0027Reachable assertion when wrong data size is returned by parser for ape clips\u0027 in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, Kamorta, MSM8917, MSM8953, Nicobar, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Reachable Assertion Issues in Audio",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-09T06:25:19.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "APQ8098, Kamorta, MSM8917, MSM8953, Nicobar, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u\u0027Reachable assertion when wrong data size is returned by parser for ape clips\u0027 in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, Kamorta, MSM8917, MSM8953, Nicobar, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reachable Assertion Issues in Audio"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-11135",
"datePublished": "2020-09-09T06:25:19.000Z",
"dateReserved": "2020-03-31T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11609 (GCVE-0-2020-11609)
Vulnerability from cvelistv5 – Published: 2020-04-07 16:05 – Updated: 2024-08-04 11:35
VLAI
EPSS
Summary
An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan… | x_refsource_MISC |
| https://github.com/torvalds/linux/commit/485b06aa… | x_refsource_MISC |
| https://git.kernel.org/cgit/linux/kernel/git/torv… | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2020043… | x_refsource_CONFIRM |
| https://usn.ubuntu.com/4345-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/4364-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/4368-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/4369-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://www.debian.org/security/2020/dsa-4698 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:35:13.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/485b06aadb933190f4bc44e006076bc27a23f205"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=485b06aadb933190f4bc44e006076bc27a23f205"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200430-0004/"
},
{
"name": "USN-4345-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4345-1/"
},
{
"name": "USN-4364-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4364-1/"
},
{
"name": "USN-4368-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4368-1/"
},
{
"name": "USN-4369-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4369-1/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-13T08:12:54.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/485b06aadb933190f4bc44e006076bc27a23f205"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=485b06aadb933190f4bc44e006076bc27a23f205"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200430-0004/"
},
{
"name": "USN-4345-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4345-1/"
},
{
"name": "USN-4364-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4364-1/"
},
{
"name": "USN-4368-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4368-1/"
},
{
"name": "USN-4369-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4369-1/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1. drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.1"
},
{
"name": "https://github.com/torvalds/linux/commit/485b06aadb933190f4bc44e006076bc27a23f205",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/485b06aadb933190f4bc44e006076bc27a23f205"
},
{
"name": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=485b06aadb933190f4bc44e006076bc27a23f205",
"refsource": "MISC",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=485b06aadb933190f4bc44e006076bc27a23f205"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200430-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200430-0004/"
},
{
"name": "USN-4345-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4345-1/"
},
{
"name": "USN-4364-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4364-1/"
},
{
"name": "USN-4368-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4368-1/"
},
{
"name": "USN-4369-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4369-1/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "openSUSE-SU-2020:0801",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11609",
"datePublished": "2020-04-07T16:05:56.000Z",
"dateReserved": "2020-04-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:35:13.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12114 (GCVE-0-2020-12114)
Vulnerability from cvelistv5 – Published: 2020-05-04 11:42 – Updated: 2024-08-04 11:48
VLAI
EPSS
Summary
A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:48:58.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "USN-4388-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4388-1/"
},
{
"name": "USN-4392-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4392-1/"
},
{
"name": "USN-4389-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4389-1/"
},
{
"name": "USN-4387-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4387-1/"
},
{
"name": "USN-4390-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4390-1/"
},
{
"name": "USN-4391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4391-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/04/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:15.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "openSUSE-SU-2020:0801",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "USN-4388-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4388-1/"
},
{
"name": "USN-4392-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4392-1/"
},
{
"name": "USN-4389-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4389-1/"
},
{
"name": "USN-4387-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4387-1/"
},
{
"name": "USN-4390-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4390-1/"
},
{
"name": "USN-4391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4391-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2020/05/04/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2242-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00012.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "DSA-4698",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4698"
},
{
"name": "DSA-4699",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4699"
},
{
"name": "openSUSE-SU-2020:0801",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00022.html"
},
{
"name": "USN-4388-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4388-1/"
},
{
"name": "USN-4392-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4392-1/"
},
{
"name": "USN-4389-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4389-1/"
},
{
"name": "USN-4387-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4387-1/"
},
{
"name": "USN-4390-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4390-1/"
},
{
"name": "USN-4391-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4391-1/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2020/05/04/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2020/05/04/2"
},
{
"name": "http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/159565/Kernel-Live-Patch-Security-Notice-LSN-0072-1.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12114",
"datePublished": "2020-05-04T11:42:03.000Z",
"dateReserved": "2020-04-23T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:48:58.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12826 (GCVE-0-2020-12826)
Vulnerability from cvelistv5 – Published: 2020-05-12 18:58 – Updated: 2024-08-04 12:04
VLAI
EPSS
Summary
A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://cdn.kernel.org/pub/linux/kernel/v5.x/Chan… | x_refsource_MISC |
| https://www.openwall.com/lists/kernel-hardening/2… | x_refsource_MISC |
| https://lists.openwall.net/linux-kernel/2020/03/24/1803 | x_refsource_MISC |
| https://github.com/torvalds/linux/commit/7395ea4e… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1822077 | x_refsource_CONFIRM |
| https://usn.ubuntu.com/4367-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://usn.ubuntu.com/4369-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://security.netapp.com/advisory/ntap-2020060… | x_refsource_CONFIRM |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://lists.debian.org/debian-lts-announce/2020… | mailing-listx_refsource_MLIST |
| https://usn.ubuntu.com/4391-1/ | vendor-advisoryx_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"
},
{
"name": "USN-4367-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4367-1/"
},
{
"name": "USN-4369-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4369-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "USN-4391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4391-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-22T21:06:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"
},
{
"name": "USN-4367-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4367-1/"
},
{
"name": "USN-4369-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4369-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "USN-4391-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4391-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.6.5"
},
{
"name": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/kernel-hardening/2020/03/25/1"
},
{
"name": "https://lists.openwall.net/linux-kernel/2020/03/24/1803",
"refsource": "MISC",
"url": "https://lists.openwall.net/linux-kernel/2020/03/24/1803"
},
{
"name": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/7395ea4e65c2a00d23185a3f63ad315756ba9cef"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1822077"
},
{
"name": "USN-4367-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4367-1/"
},
{
"name": "USN-4369-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4369-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200608-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200608-0001/"
},
{
"name": "[debian-lts-announce] 20200609 [SECURITY] [DLA 2241-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00011.html"
},
{
"name": "[debian-lts-announce] 20200610 [SECURITY] [DLA 2241-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00013.html"
},
{
"name": "USN-4391-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4391-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12826",
"datePublished": "2020-05-12T18:58:48.000Z",
"dateReserved": "2020-05-12T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:04:22.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3613 (GCVE-0-2020-3613)
Vulnerability from cvelistv5 – Published: 2020-06-22 07:10 – Updated: 2024-08-04 07:37
VLAI
EPSS
Summary
Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in SM8150
Severity
No CVSS data available.
CWE
- Double Free Issue in DSP Services
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music |
Affected:
SM8150
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:37:55.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "SM8150"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music in SM8150"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Double Free Issue in DSP Services",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-06-22T07:10:38.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-3613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music",
"version": {
"version_data": [
{
"version_value": "SM8150"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free issue in kernel memory mapping due to lack of memory protection mechanism in Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice \u0026 Music in SM8150"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Double Free Issue in DSP Services"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-3613",
"datePublished": "2020-06-22T07:10:38.000Z",
"dateReserved": "2019-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:37:55.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3617 (GCVE-0-2020-3617)
Vulnerability from cvelistv5 – Published: 2020-09-09 06:25 – Updated: 2024-08-04 07:37
VLAI
EPSS
Summary
u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130
Severity
No CVSS data available.
CWE
- Buffer Over-read Issue in Q6 testbus framework
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
Affected:
Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:37:55.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "u\u0027Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.\u0027 in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Over-read Issue in Q6 testbus framework",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-09T06:25:20.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-3617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u\u0027Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.\u0027 in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read Issue in Q6 testbus framework"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2020-3617",
"datePublished": "2020-09-09T06:25:20.000Z",
"dateReserved": "2019-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-04T07:37:55.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…