CVE-2020-3629
First published: Tue Sep 08 2020(Updated: )
u'Stack out of bound issue occurs when making query to DSP capabilities due to wrong assumption was made on determining the buffer size for the DSP attributes' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Bitra, Kamorta, Rennell, SC7180, SDM845, SM6150, SM7150, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qualcomm Bitra Firmware | ||
| Qualcomm Bitra | ||
| Qualcomm Kamorta Firmware | ||
| Qualcomm Kamorta | ||
| Qualcomm Rennell Firmware | ||
| Qualcomm Rennell | ||
| Qualcomm Sc7180 Firmware | ||
| Qualcomm Sc7180 | ||
| Qualcomm Sdm845 Firmware | ||
| Qualcomm Sdm845 | ||
| Qualcomm Sm6150 Firmware | ||
| Qualcomm Sm6150 | ||
| Qualcomm Sm7150 Firmware | ||
| Qualcomm Sm7150 | ||
| Qualcomm Sm8150 Firmware | ||
| Qualcomm Sm8150 | ||
| Qualcomm Sm8250 Firmware | ||
| Qualcomm SM8250 | ||
| Qualcomm Sxr2130 Firmware | ||
| Qualcomm Sxr2130 | ||
| Google Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin
- https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
- https://source.android.com/docs/security/bulletin/2020-09-01/#asterisk
- https://source.android.com/docs/security/bulletin/2020-09-01 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2020-3629?
The severity of CVE-2020-3629 is high with a severity value of 7.8.
How can I mitigate the vulnerability in CVE-2020-3629?
To mitigate the vulnerability in CVE-2020-3629, apply the recommended patches and updates provided by Qualcomm and Google.
What software is affected by CVE-2020-3629?
The affected software includes Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Qualcomm Rennell Firmware, Qualcomm Sdm845 Firmware, Qualcomm Sm6150 Firmware, Qualcomm Sm8150 Firmware, Qualcomm Sm8250 Firmware, and Qualcomm Sxr2130 Firmware.
Where can I find more information about CVE-2020-3629?
You can find more information about CVE-2020-3629 in the Android Security Bulletin for September 2020 and the Qualcomm August 2020 Bulletin.
What is the Common Weakness Enumeration (CWE) ID for CVE-2020-3629?
The Common Weakness Enumeration (CWE) ID for CVE-2020-3629 is 120.
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/qualcomm
- canonical/qualcomm bitra firmware
- canonical/qualcomm bitra
- canonical/qualcomm kamorta firmware
- canonical/qualcomm kamorta
- canonical/qualcomm rennell firmware
- canonical/qualcomm rennell
- canonical/qualcomm sc7180 firmware
- canonical/qualcomm sc7180
- canonical/qualcomm sdm845 firmware
- canonical/qualcomm sdm845
- canonical/qualcomm sm6150 firmware
- canonical/qualcomm sm6150
- canonical/qualcomm sm7150 firmware
- canonical/qualcomm sm7150
- canonical/qualcomm sm8150 firmware
- canonical/qualcomm sm8150
- canonical/qualcomm sm8250 firmware
- canonical/qualcomm sm8250
- canonical/qualcomm sxr2130 firmware
- canonical/qualcomm sxr2130
- vendor/google
- canonical/google android