What is CVE-2020-3634 about?

CVE-2020-3634 involves multiple read overflow issues due to improper length checks while decoding Generic NAS transport/EMM info in Qualcomm Snapdragon devices.

How severe is CVE-2020-3634?

CVE-2020-3634 has a severity rating of 9.1, which is considered critical.

Vulnerability/
CVE-2020-3634

critical

9.4

CWE

191

8/9/2020

9/9/2020

4/8/2024

CVE-2020-3634: Integer Underflow

First published: Tue Sep 08 2020(Updated: )

u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QCS610, QM215, Rennell, SA415M, Saipan, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
Qualcomm Apq8053 Firmware
Qualcomm Apq8053
Google Android
Google Android
Google Android
Qualcomm Apq8098
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Qualcomm Mdm9206 Firmware
Qualcomm Mdm9206
Google Android
Qualcomm Mdm9607
Qualcomm Mdm9625 Firmware
Google Android
Google Android
Qualcomm Mdm9635m
Qualcomm Mdm9640 Firmware
Qualcomm Mdm9640
Qualcomm Mdm9645 Firmware
Qualcomm Mdm9645
Qualcomm Mdm9650 Firmware
Qualcomm Mdm9650
Qualcomm Mdm9655 Firmware
Qualcomm Mdm9655
Qualcomm Msm8905 Firmware
Qualcomm Msm8905
Qualcomm Msm8909w Firmware
Qualcomm Msm8909w
Qualcomm Msm8917 Firmware
Qualcomm Msm8917
Google Android
Google Android
Qualcomm Msm8996au Firmware
Qualcomm Msm8996au
Google Android
Qualcomm MSM8998
Google Android
Qualcomm Nicobar
Qualcomm Qcm2150 Firmware
Google Android
Qualcomm Qcs605 Firmware
Google Android
Google Android
Google Android
Qualcomm Qm215 Firmware
Qualcomm Qm215
Qualcomm Rennell Firmware
Google Android
Qualcomm Sa415m Firmware
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Google Android
Qualcomm Sda845 Firmware
Qualcomm Sda845
Google Android
Google Android
Qualcomm Sdm429w Firmware
Qualcomm Sdm429w
Qualcomm Sdm439 Firmware
Qualcomm Sdm439
Google Android
Qualcomm SDM450
Qualcomm Sdm630 Firmware
Qualcomm Sdm630
Qualcomm Sdm632 Firmware
Qualcomm Sdm632
Google Android
Qualcomm Sdm636
Qualcomm Sdm660 Firmware
Qualcomm Sdm660
Qualcomm Sdm670 Firmware
Qualcomm Sdm670
Qualcomm Sdm710 Firmware
Qualcomm Sdm710
Qualcomm Sdm845 Firmware
Qualcomm Sdm845
Qualcomm Sdm850 Firmware
Qualcomm Sdm850
Qualcomm Sdx20 Firmware
Qualcomm Sdx20
Qualcomm Sdx24 Firmware
Google Android
Qualcomm Sdx55 Firmware
Qualcomm Sdx55
Qualcomm Sm6150 Firmware
Qualcomm Sm6150
Qualcomm Sm7150 Firmware
Qualcomm Sm7150
Qualcomm Sm8150 Firmware
Qualcomm Sm8150
Qualcomm Sxr1130 Firmware
Qualcomm Sxr1130
Google Android

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-3634 about?
CVE-2020-3634 involves multiple read overflow issues due to improper length checks while decoding Generic NAS transport/EMM info in Qualcomm Snapdragon devices.
How severe is CVE-2020-3634?
CVE-2020-3634 has a severity rating of 9.1, which is considered critical.
Which Qualcomm devices are affected by CVE-2020-3634?
Qualcomm devices such as Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, and Snapdragon Wearables in various firmware versions are affected by CVE-2020-3634.

CVE-2020-3634: Integer Underflow

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2020-3634 about?

How severe is CVE-2020-3634?

Which Qualcomm devices are affected by CVE-2020-3634?

Company

Resources

Contact