CVE-2020-3610: Use After Free
First published: Mon May 04 2020(Updated: )
Possibility of double free of the drawobj that is added to the drawqueue array of the context during IOCTL commands as there is no refcount taken for this object in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MSM8909W, MSM8917, MSM8953, MSM8996AU, Nicobar, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Qualcomm APQ8009W Firmware | ||
| Qualcomm APQ8009W | ||
| qualcomm apq8053-ac firmware | ||
| Qualcomm APQ8053 Firmware | ||
| Qualcomm APQ8096AU Firmware | ||
| Qualcomm APQ8096AU Firmware | ||
| qualcomm APQ8098 | ||
| Qualcomm 8098 | ||
| Qualcomm MSM8909W | ||
| Qualcomm Snapdragon 8909 | ||
| Qualcomm MSM8917 | ||
| Qualcomm MSM8917 Firmware | ||
| Qualcomm 8953 Firmware | ||
| Qualcomm MSM8953 Firmware | ||
| qualcomm MSM8996AU firmware | ||
| Qualcomm MSM8996AU Firmware | ||
| Qualcomm Nicobar | ||
| Qualcomm Nicobar | ||
| Qualcomm QCS405 Firmware | ||
| Qualcomm QCS405 Firmware | ||
| Qualcomm ZZ QCS605 firmware | ||
| Qualcomm QCS605 Firmware | ||
| Qualcomm 215 Firmware | ||
| Qualcomm 215 | ||
| Qualcomm Rennell | ||
| qualcomm Rennell firmware | ||
| Qualcomm SA415M | ||
| Qualcomm sa415m firmware | ||
| Qualcomm Saipan Firmware | ||
| Qualcomm Saipan Firmware | ||
| qualcomm SC8180X firmware | ||
| Qualcomm SC8180X | ||
| Qualcomm SDA660 | ||
| Qualcomm SDA660 | ||
| Qualcomm SD845 Firmware | ||
| Qualcomm Snapdragon 845 | ||
| Qualcomm SDM429W | ||
| Qualcomm SD429 | ||
| Qualcomm SDM429W | ||
| qualcomm SDM429W firmware | ||
| qualcomm SDM439 firmware | ||
| Qualcomm SDM439 Firmware | ||
| Qualcomm SD 450 Firmware | ||
| Qualcomm Snapdragon 450 | ||
| qualcomm SDM630 firmware | ||
| qualcomm SDM630 | ||
| Qualcomm SDM632 | ||
| Qualcomm SDM632 | ||
| Qualcomm SD 636 Firmware | ||
| Qualcomm SDM636 Firmware | ||
| Qualcomm SD660 Firmware | ||
| Qualcomm Snapdragon 660 | ||
| Qualcomm SD 670 Firmware | ||
| Qualcomm SDM670 Firmware | ||
| Qualcomm SD710 Firmware | ||
| Qualcomm Snapdragon 710 | ||
| Qualcomm SDA/SDM845 Firmware | ||
| Qualcomm Snapdragon 845 | ||
| Qualcomm SDX20 Firmware | ||
| Qualcomm SDX20 Firmware | ||
| Qualcomm SDX24 | ||
| Qualcomm SDX24 | ||
| Qualcomm SDX55M Firmware | ||
| Qualcomm SDX55 Firmware | ||
| qualcomm SM6150P firmware | ||
| Qualcomm SM6150P | ||
| qualcomm SM7150 firmware | ||
| qualcomm SM7150 firmware | ||
| Qualcomm SM8150P Firmware | ||
| Qualcomm SM8150 Fusion | ||
| Qualcomm SM8250 | ||
| Qualcomm qsm8250 | ||
| qualcomm SXR2130P firmware | ||
| Qualcomm SXR2130 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=ae24933f4e3fd58ecbdd1463004f6112e7482793
- https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f7302f8f1faa9707e2910240e81b2f13a242b518
- https://source.android.com/docs/security/bulletin/2020-05-01 (Advisory)
- https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin
Frequently Asked Questions
What is the severity of CVE-2020-3610?
CVE-2020-3610 is classified as a high severity vulnerability due to the potential for exploitation via double free of the drawobj.
How do I fix CVE-2020-3610?
To mitigate CVE-2020-3610, ensure that your Qualcomm firmware is updated to the latest version that addresses this vulnerability.
What systems are affected by CVE-2020-3610?
CVE-2020-3610 affects a range of Qualcomm chips including Snapdragon series used in various devices, particularly those with firmware versions that have not implemented the necessary fixes.
What is the impact of exploiting CVE-2020-3610?
Exploitation of CVE-2020-3610 could potentially allow an attacker to gain control over the affected system through memory corruption.
Is there a known exploit for CVE-2020-3610?
As of now, there are no publicly available exploits specifically targeting CVE-2020-3610.
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/author
- agent/references
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/event
- agent/last-modified-date
- agent/source
- agent/weakness
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/google
- canonical/android
- vendor/qualcomm
- canonical/qualcomm apq8009w firmware
- canonical/qualcomm apq8009w
- canonical/qualcomm apq8053-ac firmware
- canonical/qualcomm apq8053 firmware
- canonical/qualcomm apq8096au firmware
- canonical/qualcomm apq8098
- canonical/qualcomm 8098
- canonical/qualcomm msm8909w
- canonical/qualcomm snapdragon 8909
- canonical/qualcomm msm8917
- canonical/qualcomm msm8917 firmware
- canonical/qualcomm 8953 firmware
- canonical/qualcomm msm8953 firmware
- canonical/qualcomm msm8996au firmware
- canonical/qualcomm nicobar
- canonical/qualcomm qcs405 firmware
- canonical/qualcomm zz qcs605 firmware
- canonical/qualcomm qcs605 firmware
- canonical/qualcomm 215 firmware
- canonical/qualcomm 215
- canonical/qualcomm rennell
- canonical/qualcomm rennell firmware
- canonical/qualcomm sa415m
- canonical/qualcomm sa415m firmware
- canonical/qualcomm saipan firmware
- canonical/qualcomm sc8180x firmware
- canonical/qualcomm sc8180x
- canonical/qualcomm sda660
- canonical/qualcomm sd845 firmware
- canonical/qualcomm snapdragon 845
- canonical/qualcomm sdm429w
- canonical/qualcomm sd429
- canonical/qualcomm sdm429w firmware
- canonical/qualcomm sdm439 firmware
- canonical/qualcomm sd 450 firmware
- canonical/qualcomm snapdragon 450
- canonical/qualcomm sdm630 firmware
- canonical/qualcomm sdm630
- canonical/qualcomm sdm632
- canonical/qualcomm sd 636 firmware
- canonical/qualcomm sdm636 firmware
- canonical/qualcomm sd660 firmware
- canonical/qualcomm snapdragon 660
- canonical/qualcomm sd 670 firmware
- canonical/qualcomm sdm670 firmware
- canonical/qualcomm sd710 firmware
- canonical/qualcomm snapdragon 710
- canonical/qualcomm sda/sdm845 firmware
- canonical/qualcomm sdx20 firmware
- canonical/qualcomm sdx24
- canonical/qualcomm sdx55m firmware
- canonical/qualcomm sdx55 firmware
- canonical/qualcomm sm6150p firmware
- canonical/qualcomm sm6150p
- canonical/qualcomm sm7150 firmware
- canonical/qualcomm sm8150p firmware
- canonical/qualcomm sm8150 fusion
- canonical/qualcomm sm8250
- canonical/qualcomm qsm8250
- canonical/qualcomm sxr2130p firmware
- canonical/qualcomm sxr2130