CVE-2020-3671: Use After Free
First published: Thu Jul 30 2020(Updated: )
Use-after-free issue could occur due to dangling pointer when generating a frame buffer in OpenGL ES in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, Nicobar, QCM2150, QCS405, Saipan, SDM845, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Android | ||
| Qualcomm APQ8009W Firmware | ||
| Qualcomm APQ8009W | ||
| Qualcomm Nicobar | ||
| Qualcomm Nicobar | ||
| Qualcomm QCM2150 | ||
| Qualcomm QCM2150 Firmware | ||
| Qualcomm QCS405 Firmware | ||
| Qualcomm QCS405 Firmware | ||
| Qualcomm Saipan Firmware | ||
| Qualcomm Saipan Firmware | ||
| Qualcomm SDA/SDM845 Firmware | ||
| Qualcomm Snapdragon 845 | ||
| Qualcomm SM8150P Firmware | ||
| Qualcomm SM8150 Fusion | ||
| Qualcomm SM8250 | ||
| Qualcomm qsm8250 | ||
| qualcomm SXR2130P firmware | ||
| Qualcomm SXR2130 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin
- https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin
- https://source.android.com/docs/security/bulletin/2020-09-01/#asterisk
- https://source.android.com/docs/security/bulletin/2020-09-01 (Advisory)
Frequently Asked Questions
What is CVE-2020-3671?
CVE-2020-3671 is a use-after-free vulnerability that could occur due to a dangling pointer when generating a frame buffer in OpenGL ES.
Which software is affected by CVE-2020-3671?
CVE-2020-3671 affects Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, Nicobar, QCM2150, QCS405, Saipan, SDM845, SM8150, SM8250, SXR2130.
What is the severity of CVE-2020-3671?
The severity of CVE-2020-3671 is critical with a severity score of 9.8.
How can CVE-2020-3671 be fixed?
To fix CVE-2020-3671, it is recommended to apply the necessary security patches provided by Qualcomm and Google.
Where can I find more information about CVE-2020-3671?
You can find more information about CVE-2020-3671 on the Qualcomm Product Security Bulletins page and the Android Security Bulletin for September 2020.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/google
- canonical/android
- vendor/qualcomm
- canonical/qualcomm apq8009w firmware
- canonical/qualcomm apq8009w
- canonical/qualcomm nicobar
- canonical/qualcomm qcm2150
- canonical/qualcomm qcm2150 firmware
- canonical/qualcomm qcs405 firmware
- canonical/qualcomm saipan firmware
- canonical/qualcomm sda/sdm845 firmware
- canonical/qualcomm snapdragon 845
- canonical/qualcomm sm8150p firmware
- canonical/qualcomm sm8150 fusion
- canonical/qualcomm sm8250
- canonical/qualcomm qsm8250
- canonical/qualcomm sxr2130p firmware
- canonical/qualcomm sxr2130