CVE-2020-3671: Use After Free
First published: Thu Jul 30 2020(Updated: )
Use-after-free issue could occur due to dangling pointer when generating a frame buffer in OpenGL ES in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, Nicobar, QCM2150, QCS405, Saipan, SDM845, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Qualcomm apq8009 firmware | ||
| Qualcomm apq8009 | ||
| qualcomm Nicobar firmware | ||
| qualcomm Nicobar | ||
| qualcomm QCM2150 firmware | ||
| qualcomm QCM2150 | ||
| Qualcomm QCS405 Firmware | ||
| Qualcomm QCS405 Firmware | ||
| qualcomm Saipan firmware | ||
| qualcomm Saipan | ||
| qualcomm SDM845 firmware | ||
| qualcomm SDM845 | ||
| qualcomm SM8150 firmware | ||
| qualcomm SM8150 | ||
| qualcomm SM8250 firmware | ||
| Qualcomm SM8250 | ||
| qualcomm SXR2130 firmware | ||
| qualcomm SXR2130 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin
- https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin
- https://source.android.com/docs/security/bulletin/2020-09-01/#asterisk
- https://source.android.com/docs/security/bulletin/2020-09-01 (Advisory)
Frequently Asked Questions
What is CVE-2020-3671?
CVE-2020-3671 is a use-after-free vulnerability that could occur due to a dangling pointer when generating a frame buffer in OpenGL ES.
Which software is affected by CVE-2020-3671?
CVE-2020-3671 affects Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, Nicobar, QCM2150, QCS405, Saipan, SDM845, SM8150, SM8250, SXR2130.
What is the severity of CVE-2020-3671?
The severity of CVE-2020-3671 is critical with a severity score of 9.8.
How can CVE-2020-3671 be fixed?
To fix CVE-2020-3671, it is recommended to apply the necessary security patches provided by Qualcomm and Google.
Where can I find more information about CVE-2020-3671?
You can find more information about CVE-2020-3671 on the Qualcomm Product Security Bulletins page and the Android Security Bulletin for September 2020.
- agent/references
- agent/type
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/google
- canonical/google android
- vendor/qualcomm
- canonical/qualcomm apq8009 firmware
- canonical/qualcomm apq8009
- canonical/qualcomm nicobar firmware
- canonical/qualcomm nicobar
- canonical/qualcomm qcm2150 firmware
- canonical/qualcomm qcm2150
- canonical/qualcomm qcs405 firmware
- canonical/qualcomm saipan firmware
- canonical/qualcomm saipan
- canonical/qualcomm sdm845 firmware
- canonical/qualcomm sdm845
- canonical/qualcomm sm8150 firmware
- canonical/qualcomm sm8150
- canonical/qualcomm sm8250 firmware
- canonical/qualcomm sm8250
- canonical/qualcomm sxr2130 firmware
- canonical/qualcomm sxr2130