ID

VAR-202009-1326


CVE

CVE-2020-3644


TITLE

plural  Snapdragon  Information leakage vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2020-010704

DESCRIPTION

u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon The product contains a vulnerability related to information leakage.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-3644 // JVNDB: JVNDB-2020-010704

AFFECTED PRODUCTS

vendor:qualcommmodel:sda660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8250scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa415mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs405scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8096auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm6150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa515mscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx24scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm660scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr2130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9607scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996auscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8996scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs404scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm670scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:nicobarscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:kamortascope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sc8180xscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9650scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs605scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sc7180scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8998scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm710scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm8150scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8098scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:qcs610scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm850scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sa6155pscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8905scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:apq8009scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm630scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:mdm9206scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm636scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdx55scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sdm845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:rennellscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sxr1130scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sda845scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sm7150scope:eqversion: -

Trust: 1.0

vendor:クアルコムmodel:apq8009scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8096auscope: - version: -

Trust: 0.8

vendor:クアルコムmodel:apq8098scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:kamortascope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9150scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9205scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9206scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9607scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:mdm9650scope: - version: -

Trust: 0.8

vendor:クアルコムmodel:msm8905scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-010704 // NVD: CVE-2020-3644

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3644
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-3644
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-018
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-3644
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-3644
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-3644
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-010704 // CNNVD: CNNVD-202008-018 // NVD: CVE-2020-3644

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

problemtype:CWE-404

Trust: 1.0

problemtype:information leak (CWE-200) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-010704 // NVD: CVE-2020-3644

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202008-018

PATCH

title:August 2020 Security Bulletinurl:https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

Trust: 0.8

title:Multiple Qualcomm Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=125355

Trust: 0.6

sources: JVNDB: JVNDB-2020-010704 // CNNVD: CNNVD-202008-018

EXTERNAL IDS

db:NVDid:CVE-2020-3644

Trust: 2.4

db:JVNDBid:JVNDB-2020-010704

Trust: 0.8

db:AUSCERTid:ESB-2020.2661

Trust: 0.6

db:CNNVDid:CNNVD-202008-018

Trust: 0.6

sources: JVNDB: JVNDB-2020-010704 // CNNVD: CNNVD-202008-018 // NVD: CVE-2020-3644

REFERENCES

url:https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin

Trust: 1.6

url:https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2020-3644

Trust: 0.8

url:https://source.android.com/security/bulletin/2020-08-01

Trust: 0.6

url:https://vigilance.fr/vulnerability/google-android-pixel-multiple-vulnerabilities-of-august-2020-32996

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2661/

Trust: 0.6

sources: JVNDB: JVNDB-2020-010704 // CNNVD: CNNVD-202008-018 // NVD: CVE-2020-3644

SOURCES

db:JVNDBid:JVNDB-2020-010704
db:CNNVDid:CNNVD-202008-018
db:NVDid:CVE-2020-3644

LAST UPDATE DATE

2024-08-14T13:16:20.925000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-010704date:2021-02-01T08:35:00
db:CNNVDid:CNNVD-202008-018date:2020-08-05T00:00:00
db:NVDid:CVE-2020-3644date:2021-07-21T11:39:23.747

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-010704date:2021-02-01T00:00:00
db:CNNVDid:CNNVD-202008-018date:2020-08-03T00:00:00
db:NVDid:CVE-2020-3644date:2020-09-08T10:15:15.653