Details of VAR-202009-1279

ID

VAR-202009-1279

CVE

CVE-2020-3619

TITLE

plural Snapdragon In the product Time-of-check Time-of-use (TOCTOU) Race condition vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-010698

DESCRIPTION

u'Non-secure memory is touched multiple times during TrustZone\u2019s execution and can lead to privilege escalation or memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8098, IPQ8074, Kamorta, MDM9150, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, QCA8081, QCS404, QCS605, QCS610, QM215, Rennell, SA415M, SC7180, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product has Time-of-check Time-of-use (TOCTOU) There is a race condition vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-3619 // JVNDB: JVNDB-2020-010698

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sda660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm632	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sa415m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8953	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8937	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm6150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm660	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca8081	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs404	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm439	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm670	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	kamorta	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sc7180	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8998	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm710	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm8150	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8098	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs610	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8917	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8920	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8940	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qm215	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm850	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8905	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm450	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm630	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm636	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	rennell	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sxr1130	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sda845	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sm7150	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8098	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq8074	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	kamorta	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9150	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9650	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-010698 // NVD: CVE-2020-3619

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3619
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3619
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202008-040
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2020-3619
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-3619
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.0
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-3619
baseSeverity:	HIGH
baseScore:	7.0
vectorString:	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-010698 // CNNVD: CNNVD-202008-040 // NVD: CVE-2020-3619

PROBLEMTYPE DATA

problemtype:	CWE-367	Trust: 1.0
problemtype:	CWE-787	Trust: 1.0
problemtype:	Time-of-check Time-of-use (TOCTOU) Race condition (CWE-367) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-010698 // NVD: CVE-2020-3619

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202008-040

PATCH

title:	August 2020 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin	Trust: 0.8
title:	Multiple Qualcomm Product Buffer Error Vulnerability Fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125377	Trust: 0.6

sources: JVNDB: JVNDB-2020-010698 // CNNVD: CNNVD-202008-040

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3619	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-010698	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.2661	Trust: 0.6
db:	CNNVD	id:	CNNVD-202008-040	Trust: 0.6

sources: JVNDB: JVNDB-2020-010698 // CNNVD: CNNVD-202008-040 // NVD: CVE-2020-3619

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin	Trust: 1.6
url:	https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3619	Trust: 0.8
url:	https://source.android.com/security/bulletin/2020-08-01	Trust: 0.6
url:	https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-august-2020-32996	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2661/	Trust: 0.6

sources: JVNDB: JVNDB-2020-010698 // CNNVD: CNNVD-202008-040 // NVD: CVE-2020-3619

SOURCES

db:	JVNDB	id:	JVNDB-2020-010698
db:	CNNVD	id:	CNNVD-202008-040
db:	NVD	id:	CVE-2020-3619

LAST UPDATE DATE

2024-08-14T12:07:16.722000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-010698	date:	2021-02-01T08:35:00
db:	CNNVD	id:	CNNVD-202008-040	date:	2020-08-05T00:00:00
db:	NVD	id:	CVE-2020-3619	date:	2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-010698	date:	2021-02-01T00:00:00
db:	CNNVD	id:	CNNVD-202008-040	date:	2020-08-03T00:00:00
db:	NVD	id:	CVE-2020-3619	date:	2020-09-08T10:15:14.983