First published: Tue Sep 08 2020(Updated: )
Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, Kamorta, MDM9607, MSM8917, MSM8953, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
Google Android | ||
Qualcomm Apq8009 | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Mdm9607 | ||
Qualcomm Msm8917 Firmware | ||
Qualcomm Msm8917 | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Nicobar | ||
Qualcomm Qcm2150 Firmware | ||
Google Android | ||
Qualcomm Qcs405 Firmware | ||
Qualcomm Qcs405 | ||
Qualcomm Qcs605 Firmware | ||
Google Android | ||
Qualcomm Qm215 Firmware | ||
Qualcomm Qm215 | ||
Qualcomm Rennell Firmware | ||
Google Android | ||
Google Android | ||
Qualcomm Sa6155p | ||
Google Android | ||
Google Android | ||
Google Android | ||
Google Android | ||
Qualcomm Sc8180x Firmware | ||
Qualcomm Sc8180x | ||
Google Android | ||
Google Android | ||
Qualcomm Sdm429w Firmware | ||
Qualcomm Sdm429w | ||
Qualcomm Sdm439 Firmware | ||
Qualcomm Sdm439 | ||
Google Android | ||
Qualcomm SDM450 | ||
Qualcomm Sdm632 Firmware | ||
Qualcomm Sdm632 | ||
Qualcomm Sdm710 Firmware | ||
Qualcomm Sdm710 | ||
Qualcomm Sdm845 Firmware | ||
Qualcomm Sdm845 | ||
Qualcomm Sdx55 Firmware | ||
Qualcomm Sdx55 | ||
Qualcomm Sm6150 Firmware | ||
Qualcomm Sm6150 | ||
Qualcomm Sm7150 Firmware | ||
Qualcomm Sm7150 | ||
Qualcomm Sm8150 Firmware | ||
Qualcomm Sm8150 | ||
Qualcomm Sm8250 Firmware | ||
Qualcomm SM8250 | ||
Qualcomm Sxr2130 Firmware | ||
Qualcomm Sxr2130 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-3656 is high with a CVSS score of 7.8.
CVE-2020-3656 affects Google Android, Qualcomm APQ8009 Firmware, Qualcomm Kamorta Firmware, Qualcomm MDM9607 Firmware, Qualcomm MSM8917 Firmware, Qualcomm MSM8953 Firmware, Qualcomm Nicobar Firmware, Qualcomm Qcm2150 Firmware, Qualcomm Qcs405 Firmware, Qualcomm Qcs605 Firmware, Qualcomm Qm215 Firmware, Qualcomm Rennell Firmware, Qualcomm Sa6155p Firmware, Qualcomm Sa8155p Firmware, Qualcomm Saipan Firmware, Qualcomm Sc8180x Firmware, Qualcomm SDM429 Firmware, Qualcomm SDM429w Firmware, Qualcomm SDM439 Firmware, Qualcomm SDM450 Firmware, Qualcomm SDM632 Firmware, Qualcomm SDM710 Firmware, Qualcomm SDM845 Firmware, Qualcomm SDX55 Firmware, Qualcomm SM6150 Firmware, Qualcomm SM7150 Firmware, Qualcomm SM8150 Firmware, Qualcomm SM8250 Firmware, Qualcomm SXR2130 Firmware.
Out of bound access can happen in MHI command process for CVE-2020-3656 due to lack of check of command channel id value received from MHI devices.
The Common Weakness Enumeration (CWE) ID for CVE-2020-3656 is 120.
You can find more information about CVE-2020-3656 in the following references: [Reference 1](https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin), [Reference 2](https://source.codeaurora.org/quic/la/kernel/msm-4.14/commit/?id=e98a048a50f022181e008c60fea0c9cdee83e05a), [Reference 3](https://source.android.com/docs/security/bulletin/2020-09-01).