CVE-2020-3629
First published: Tue Sep 08 2020(Updated: )
u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for the DSP attributes' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, Kamorta, Rennell, SC7180, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Qualcomm Bitra | ||
| Qualcomm Bitra Firmware | ||
| Qualcomm Kamorta | ||
| qualcomm Kamorta firmware | ||
| Qualcomm Rennell Firmware | ||
| Qualcomm Rennell Firmware | ||
| Qualcomm SC7180P Firmware | ||
| Qualcomm SC7180P Firmware | ||
| Qualcomm SDA/SDM845 Firmware | ||
| Qualcomm Snapdragon 845 | ||
| Qualcomm SM6150P firmware | ||
| Qualcomm SM6150P | ||
| qualcomm SM7150P firmware | ||
| qualcomm SM7150 firmware | ||
| Qualcomm SM8150P Firmware | ||
| Qualcomm SM8150 Fusion | ||
| Qualcomm SM8250 | ||
| qualcomm SM8250 firmware | ||
| Qualcomm SXR2130P Firmware | ||
| Qualcomm SXR2130 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
- https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
- https://source.android.com/docs/security/bulletin/2020-09-01/#asterisk
- https://source.android.com/docs/security/bulletin/2020-09-01 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2020-3629?
The severity of CVE-2020-3629 is high with a severity value of 7.8.
How can I mitigate the vulnerability in CVE-2020-3629?
To mitigate the vulnerability in CVE-2020-3629, apply the recommended patches and updates provided by Qualcomm and Google.
What software is affected by CVE-2020-3629?
The affected software includes Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Qualcomm Rennell Firmware, Qualcomm Sdm845 Firmware, Qualcomm Sm6150 Firmware, Qualcomm Sm8150 Firmware, Qualcomm Sm8250 Firmware, and Qualcomm Sxr2130 Firmware.
Where can I find more information about CVE-2020-3629?
You can find more information about CVE-2020-3629 in the Android Security Bulletin for September 2020 and the Qualcomm August 2020 Bulletin.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-3629?
The Common Weakness Enumeration (CWE) ID for CVE-2020-3629 is 120.
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/tags
- agent/softwarecombine
- vendor/google
- canonical/android
- vendor/qualcomm
- canonical/qualcomm bitra
- canonical/qualcomm bitra firmware
- canonical/qualcomm kamorta
- canonical/qualcomm kamorta firmware
- canonical/qualcomm rennell firmware
- canonical/qualcomm sc7180p firmware
- canonical/qualcomm sda/sdm845 firmware
- canonical/qualcomm snapdragon 845
- canonical/qualcomm sm6150p firmware
- canonical/qualcomm sm6150p
- canonical/qualcomm sm7150p firmware
- canonical/qualcomm sm7150 firmware
- canonical/qualcomm sm8150p firmware
- canonical/qualcomm sm8150 fusion
- canonical/qualcomm sm8250
- canonical/qualcomm sm8250 firmware
- canonical/qualcomm sxr2130p firmware
- canonical/qualcomm sxr2130 firmware