What is CVE-2020-3617?

CVE-2020-3617 is a buffer over-read vulnerability in the Q6 testbus framework that can lead to information disclosure.

Which products are affected by CVE-2020-3617?

Google Android, Qualcomm Kamorta Firmware, Qualcomm Nicobar Firmware, Qualcomm Qcs605 Firmware, Qualcomm Qcs610 Firmware, Qualcomm Rennell Firmware, Qualcomm Sc7180 Firmware, Qualcomm Sda660 Firmware, Qualcomm Sdm630 Firmware, Qualcomm Sdm636 Firmware, Qualcomm Sdm660 Firmware, Qualcomm Sdm670 Firmware, Qualcomm Sdm710 Firmware, Qualcomm Sm6150 Firmware, Qualcomm Sm7150 Firmware, Qualcomm Sm8150 Firmware, Qualcomm Sxr1130 Firmware.

What is the severity of CVE-2020-3617?

The severity of CVE-2020-3617 is high with a CVSS score of 7.1.

How can CVE-2020-3617 be fixed?

Update to the latest version of the affected software, as provided by the vendor.

Where can I find more information about CVE-2020-3617?

More information about CVE-2020-3617 can be found on the Qualcomm Product Security Bulletins and Android Security Bulletins for September 2020.

Vulnerability/
CVE-2020-3617

high

7.1

CWE

125 20

8/9/2020

9/9/2020

4/8/2024

CVE-2020-3617: Input Validation

First published: Tue Sep 08 2020(Updated: )

u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610, Rennell, SC7180, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SXR1130

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
Android
Qualcomm Kamorta
qualcomm Kamorta firmware
Qualcomm Nicobar
Qualcomm Nicobar
Qualcomm ZZ QCS605 firmware
Qualcomm QCS605 Firmware
Qualcomm QCS610 Firmware
Qualcomm QCS610 Firmware
Qualcomm Rennell
qualcomm Rennell firmware
Qualcomm SC7180P Firmware
Qualcomm SC7180
Qualcomm SDA660
Qualcomm SDA660
qualcomm SDM630 firmware
qualcomm SDM630
Qualcomm SD 636 Firmware
Qualcomm SDM636 Firmware
Qualcomm SD660 Firmware
Qualcomm Snapdragon 660
Qualcomm SD 670 Firmware
Qualcomm SDM670 Firmware
Qualcomm SD710 Firmware
Qualcomm Snapdragon 710
qualcomm SM6150P firmware
Qualcomm SM6150P
qualcomm SM7150 firmware
qualcomm SM7150 firmware
Qualcomm SM8150P Firmware
Qualcomm SM8150 Fusion
Qualcomm SXR1130
Qualcomm SXR1130 Firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-3617?
CVE-2020-3617 is a buffer over-read vulnerability in the Q6 testbus framework that can lead to information disclosure.
Which products are affected by CVE-2020-3617?
Google Android, Qualcomm Kamorta Firmware, Qualcomm Nicobar Firmware, Qualcomm Qcs605 Firmware, Qualcomm Qcs610 Firmware, Qualcomm Rennell Firmware, Qualcomm Sc7180 Firmware, Qualcomm Sda660 Firmware, Qualcomm Sdm630 Firmware, Qualcomm Sdm636 Firmware, Qualcomm Sdm660 Firmware, Qualcomm Sdm670 Firmware, Qualcomm Sdm710 Firmware, Qualcomm Sm6150 Firmware, Qualcomm Sm7150 Firmware, Qualcomm Sm8150 Firmware, Qualcomm Sxr1130 Firmware.
What is the severity of CVE-2020-3617?
The severity of CVE-2020-3617 is high with a CVSS score of 7.1.
How can CVE-2020-3617 be fixed?
Update to the latest version of the affected software, as provided by the vendor.
Where can I find more information about CVE-2020-3617?
More information about CVE-2020-3617 can be found on the Qualcomm Product Security Bulletins and Android Security Bulletins for September 2020.