CVE-2020-3699
Possible out of bound access while processing assoc response from host due to improper length check before copying into buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
EPSS 0.34% · 56.7th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| qualcomm | sdm660_firmware | |
| qualcomm | mdm9640_firmware | |
| qualcomm | sm8150_firmware | |
| qualcomm | sda845_firmware | |
| qualcomm | qm215_firmware | |
| qualcomm | sdm429w_firmware | |
| qualcomm | msm8953_firmware | |
| qualcomm | msm8909w_firmware | |
| qualcomm | apq8096au_firmware | |
| qualcomm | sm6150_firmware | |
| qualcomm | sdm845_firmware | |
| qualcomm | qca6574au_firmware | |
| Qualcomm, Inc. | Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, SA6155P, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 |
| qualcomm | sdx20_firmware | |
| qualcomm | msm8905_firmware | |
| qualcomm | sdm450_firmware | |
| qualcomm | sdm632_firmware | |
| qualcomm | sm7150_firmware | |
| qualcomm | mdm9206_firmware | |
| qualcomm | sdx55_firmware |
…and 28 more
Timeline
- Jul 7, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://source.android.com/security/bulletin/pixel/2020-07-01 advisory
- https://source.android.com/security/bulletin/2020-07-01 advisory
- https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin url
- https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin patch
- https://nvd.nist.gov/vuln/detail/CVE-2020-3699 advisory