{ "id": "CVE-2020-3696", "sourceIdentifier": "product-security@qualcomm.com", "published": "2020-11-02T07:15:15.170", "lastModified": "2024-11-21T05:31:35.650", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8996AU, QCA4531, QCA6574AU, QCA9531, QCM2150, QCS605, SDM429W, SDX20, SDX24" }, { "lang": "es", "value": "Un uso de la memoria previamente liberada mientras se instala la nueva regla de seguridad en ipcrtr, ya que la anterior se elimino y esta regla a\u00fan podr\u00eda estar en uso para comprobar el permiso de seguridad para un proceso en particular en los productos Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking en versiones APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8996AU, QCA4531, QCA6574AU, QCA9531, QCM2150, QCS605, SDM429W, SDX20, SDX24" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "baseScore": 4.6, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL" }, "baseSeverity": "MEDIUM", "exploitabilityScore": 3.9, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-416" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C61BF93F-53DF-4399-AF41-45CEC1E0A2B8" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:apq8009:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CC498E0-B82B-4A53-8F55-6C1DA58AFA88" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6FEDA6CA-A0FD-4A72-B856-C8E65AC86902" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:apq8017:-:*:*:*:*:*:*:*", "matchCriteriaId": "8D29295A-7183-46BE-B4EE-F891D1C17ED9" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:apq8053_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B052615D-857A-46D4-9098-1CBFA14687C6" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:apq8053:-:*:*:*:*:*:*:*", "matchCriteriaId": "19B59B60-A298-4A56-A45A-E34B7AAB43D7" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DD17C0A3-A200-4659-968B-B2DA03CB683F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*", "matchCriteriaId": "B1F31FFB-982A-4308-82F8-C2480DABDED8" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:apq8098_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "13A7328A-89FB-4E9C-B4E3-D8097443FB7A" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:apq8098:-:*:*:*:*:*:*:*", "matchCriteriaId": "678A68E0-81D8-4562-826E-03872184256C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "94CB547F-0078-47CD-B511-06DE96882D5A" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA679375-BB14-4B24-8AD9-B2BFBACE2FDB" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:ipq6018_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B04589FF-F299-4EF6-A57B-1AD145372DBB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:ipq6018:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDC1ADAD-DA77-47EF-8DB9-C36961C560C2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:ipq8064_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A1CC1C1-F2CA-4C43-B9E9-1288C3496C7B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:ipq8064:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC82552A-9E7C-4A13-B7A5-43CEA218675C" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2914BF98-E69C-4C8D-8B10-759642ADD7B4" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*", "matchCriteriaId": "2118C404-402F-463C-8160-3CC3B703DF30" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A960B86A-C397-4ACB-AEE6-55F316D32949" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "matchCriteriaId": "D79B8959-3D1E-4B48-9181-D75FE90AAF98" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:mdm9207c_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3CFA66A-CD2E-4670-A137-65E2C94C1A11" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:mdm9207c:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE52FE99-DF0D-4C57-BB9C-0B853D1AF58B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A35FECFB-60AE-42A8-BCBB-FEA7D5826D49" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9765187-8653-4D66-B230-B2CE862AC5C0" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:msm8905_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C9E095A-71DB-4386-827A-53846236AD00" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:msm8905:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E981922-BB71-46E0-96C4-4CF75DF221F6" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE28A59C-7AA6-4B85-84E8-07852B96108E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "matchCriteriaId": "5DEE828B-09A7-4AC1-8134-491A7C87C118" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CA1E7B0-782B-4757-B118-802943798984" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*", "matchCriteriaId": "95CB08EC-AE12-4A54-AA3C-998F01FC8763" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:qca4531_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7A13DB5D-38AC-4E50-A279-130AF24256E0" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:qca4531:-:*:*:*:*:*:*:*", "matchCriteriaId": "90A67611-CA55-4039-B4B5-AB87CD6CEA17" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D527E2B1-2A46-4FBA-9F7A-F5543677C8FB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*", "matchCriteriaId": "8374DDB3-D484-4141-AE0C-42333D2721F6" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:qca9531_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E71452E6-551F-4E93-9951-2582C60BDFCE" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:qca9531:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D69FB0E-FDFF-42B8-ADAD-797B7C91E979" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:qcm2150_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "723EAD03-6C32-4B1C-95C1-6FDA94F08151" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:qcm2150:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBB4BB6E-8AF2-433A-A36C-0711598602BC" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B05FD66D-13A6-40E9-A64B-E428378F237E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:qcs605:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0D665C1-3EBA-42F2-BF56-55E6C365F7DF" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C7E52771-4FB7-45DB-A349-4DD911F53752" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:sdm429w:-:*:*:*:*:*:*:*", "matchCriteriaId": "72F6CE39-9299-4FC3-BC48-11F79034F2E4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A0CE1B23-6FE3-41C4-B264-C7A9E8BDBEC1" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*", "matchCriteriaId": "794BA13C-3C63-4695-AA45-676F85D904BE" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9BE864E-7B1E-44D5-A10A-60078095DE33" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*", "matchCriteriaId": "96DD6B48-2554-464D-A061-DBB4B8E00758" } ] } ] } ], "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin", "source": "product-security@qualcomm.com", "tags": [ "Broken Link" ] }, { "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin", "source": "nvd@nist.gov", "tags": [ "Patch", "Vendor Advisory" ] }, { "url": "https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link" ] } ] }