Details of VAR-202011-1397

ID

VAR-202011-1397

CVE

CVE-2020-3696

TITLE

plural Qualcomm Product Free Memory Usage Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-012915

DESCRIPTION

u'Use after free while installing new security rule in ipcrtr as old one is deleted and this rule could still be in use for checking security permission for particular process' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ6018, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8996AU, QCA4531, QCA6574AU, QCA9531, QCM2150, QCS605, SDM429W, SDX20, SDX24. plural Qualcomm The product contains a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Qualcomm MDM9206, etc. are all products of Qualcomm (Qualcomm). MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MSM8996AU is a central processing unit (CPU) product. QCA6574AU is a central processing unit (CPU) product. SDX24 is a modem. SDX20 is a modem. APQ8017 is a central processing unit (CPU) product. APQ8053 is a central processing unit (CPU) product. QCS605 is a central processing unit (CPU) product. Qualcomm APQ8009 is a central processing unit (CPU) product. MSM8905 is a central processing unit (CPU) product. MSM8909 is a central processing unit (CPU) product. IPQ6018 is a central processing unit (CPU) product. Wire etc. are the products of individual developers. Wire is a chat software. Many products have security vulnerabilities, which may cause some software to be used for free

Trust: 2.25

sources: NVD: CVE-2020-3696 // JVNDB: JVNDB-2020-012915 // CNNVD: CNNVD-202011-126 // VULMON: CVE-2020-3696

AFFECTED PRODUCTS

vendor:	qualcomm	model:	apq8053	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8096au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8996au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx24	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8009	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq6018	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8098	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcs605	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdm429w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8064	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca4531	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4019	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	apq8017	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8074	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8909w	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9207c	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	msm8905	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9531	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qcm2150	scope:	eq	version:	-	Trust: 1.0
vendor:	クアルコム	model:	ipq8074	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8017	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8009	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8053	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq6018	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq4019	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8096au	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	ipq8064	scope:	-	version:	-	Trust: 0.8
vendor:	クアルコム	model:	apq8098	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-012915 // NVD: CVE-2020-3696

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3696
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3696
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2020-3696
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-3696
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2020-3696
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-012915 // NVD: CVE-2020-3696

PROBLEMTYPE DATA

problemtype:	CWE-416	Trust: 1.0
problemtype:	Use of freed memory (CWE-416) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-012915 // NVD: CVE-2020-3696

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-126

PATCH

title:	October 2020 Security Bulletin	url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin	Trust: 0.8
title:	Multiple Qualcomm Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=132184	Trust: 0.6

sources: JVNDB: JVNDB-2020-012915 // CNNVD: CNNVD-202011-126

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3696	Trust: 2.5
db:	JVNDB	id:	JVNDB-2020-012915	Trust: 0.8
db:	CNNVD	id:	CNNVD-202011-126	Trust: 0.6
db:	VULMON	id:	CVE-2020-3696	Trust: 0.1

sources: VULMON: CVE-2020-3696 // JVNDB: JVNDB-2020-012915 // CNNVD: CNNVD-202011-126 // NVD: CVE-2020-3696

REFERENCES

url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3696	Trust: 1.4
url:	https://www.qualcomm.com/company/product-security/bulletins/october-2020-security-bulletin	Trust: 1.0
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2020-3696 // JVNDB: JVNDB-2020-012915 // CNNVD: CNNVD-202011-126 // NVD: CVE-2020-3696

SOURCES

db:	VULMON	id:	CVE-2020-3696
db:	JVNDB	id:	JVNDB-2020-012915
db:	CNNVD	id:	CNNVD-202011-126
db:	NVD	id:	CVE-2020-3696

LAST UPDATE DATE

2024-11-23T22:51:10.512000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-3696	date:	2020-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2020-012915	date:	2021-06-15T02:50:00
db:	CNNVD	id:	CNNVD-202011-126	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-3696	date:	2024-11-21T05:31:35.650

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-3696	date:	2020-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-012915	date:	2021-06-15T00:00:00
db:	CNNVD	id:	CNNVD-202011-126	date:	2020-11-02T00:00:00
db:	NVD	id:	CVE-2020-3696	date:	2020-11-02T07:15:15.170