CVE-2020-3625
Published Jun 2, 2020
Last updated 4 years ago
Overview
- Description
- When making query to DSP capabilities, Stack out of bounds occurs due to wrong buffer length configured for DSP attributes in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in SM8250, SXR2130
- Source
- product-security@qualcomm.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-120
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sm8250_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DDC730C6-FB32-4566-AAE2-B2B261BA9411"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sm8250:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "5A432773-467F-492C-AA3A-ADF08A21FB3F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:qualcomm:sxr2130_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F9FA3B1-E4E4-4D9B-A99C-7BF958D4B993"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:qualcomm:sxr2130:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "95762B01-2762-45BD-8388-5DB77EA6139C"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]