CVE-2020-3653 - OpenCVE

Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qualcomm	Msm8998 Msm8998 Firmware Qca6390 Qca6390 Firmware Sc7180 Sc7180 Firmware Sc8180x Sc8180x Firmware Sdm850 Sdm850 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sc7180:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:qualcomm:sdm850_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sdm850:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin

History

No history.

MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2020-04-16T10:46:21

Updated: 2024-08-04T07:37:55.683Z

Reserved: 2019-12-17T00:00:00

Link: CVE-2020-3653

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-04-16T11:15:15.793

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-3653

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Snapdragon Compute, Snapdragon Connectivity", "vendor": "Qualcomm, Inc.", "versions": [{"status": "affected", "version": "MSM8998, QCA6390, SC7180, SC8180X, SDM850"}]}], "descriptions": [{"lang": "en", "value": "Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850"}], "problemTypes": [{"descriptions": [{"description": "Buffer Over-read Issue in WLAN", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-16T10:46:21", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@qualcomm.com", "ID": "CVE-2020-3653", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Snapdragon Compute, Snapdragon Connectivity", "version": {"version_data": [{"version_value": "MSM8998, QCA6390, SC7180, SC8180X, SDM850"}]}}]}, "vendor_name": "Qualcomm, Inc."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Buffer Over-read Issue in WLAN"}]}]}, "references": {"reference_data": [{"name": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin", "refsource": "CONFIRM", "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:37:55.683Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin"}]}]}, "cveMetadata": {"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2020-3653", "datePublished": "2020-04-16T10:46:21", "dateReserved": "2019-12-17T00:00:00", "dateUpdated": "2024-08-04T07:37:55.683Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:msm8998_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E9154AF-E52E-4E84-9322-2CA7EBD3E6FE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:msm8998:-:*:*:*:*:*:*:*", "matchCriteriaId": "4796F9BD-61B3-45ED-B5E3-B061887285E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "96FBD6DF-F174-4690-AA3D-1E8974E3627F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:qca6390:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3BF86E1-3FAC-4A42-8C01-5944C6C30AE5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sc7180_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "792A18B7-E775-4AF4-A8C4-D434400317B0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sc7180:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5170B38-0976-49BB-A916-5BE44C567218", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sc8180x_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "30A45C1A-C921-42B5-9237-367245023B45", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sc8180x:-:*:*:*:*:*:*:*", "matchCriteriaId": "56C9D979-F214-4CD4-8CF9-43BC804BB179", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sdm850_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3ADE826-C55D-4731-80B9-164FEA290FAC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sdm850:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ED4F8FE-32DB-4696-A3AD-A9D7CB7E513A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850"}, {"lang": "es", "value": "Una posible lectura excesiva del b\u00fafer en la funci\u00f3n del controlador wlan de Windows debido a una falta de comprobaci\u00f3n de la longitud de la variable recibida desde el espacio del usuario en los productos Snapdragon Compute, Snapdragon Connectivity en versiones MSM8998, QCA6390, SC7180, SC8180X, SDM850."}], "id": "CVE-2020-3653", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.4, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 9.2, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-16T11:15:15.793", "references": [{"source": "product-security@qualcomm.com", "tags": ["Vendor Advisory"], "url": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin"}], "sourceIdentifier": "product-security@qualcomm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}