CVE-2020-3679
First published: Wed Sep 09 2020(Updated: )
u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including code segments' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, Kamorta, Nicobar, QCS404, QCS610, Rennell, SA6155P, SA8155P, Saipan, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qualcomm Bitra | ||
| Qualcomm Bitra Firmware | ||
| Qualcomm Kamorta | ||
| qualcomm Kamorta firmware | ||
| Qualcomm Nicobar | ||
| Qualcomm Nicobar | ||
| Qualcomm QCS404 Firmware | ||
| Qualcomm QCS404 Firmware | ||
| Qualcomm QCS610 Firmware | ||
| Qualcomm QCS610 Firmware | ||
| Qualcomm Rennell Firmware | ||
| Qualcomm Rennell Firmware | ||
| Qualcomm SA6155 | ||
| Qualcomm SA6155P | ||
| Qualcomm SA8155 | ||
| Qualcomm SA8155P Firmware | ||
| Qualcomm Saipan Firmware | ||
| Qualcomm Saipan Firmware | ||
| Qualcomm SC7180P Firmware | ||
| Qualcomm SC7180P Firmware | ||
| qualcomm SC8180X firmware | ||
| Qualcomm SC8180X | ||
| Qualcomm SDX55M Firmware | ||
| Qualcomm SDX55 Firmware | ||
| Qualcomm SM6150P firmware | ||
| Qualcomm SM6150P | ||
| qualcomm SM7150P firmware | ||
| qualcomm SM7150 firmware | ||
| Qualcomm SM8150P Firmware | ||
| Qualcomm SM8150 Fusion | ||
| Qualcomm SM8250 | ||
| qualcomm SM8250 firmware | ||
| Qualcomm SXR2130P Firmware | ||
| Qualcomm SXR2130 Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2020-3679.
What is the severity of CVE-2020-3679?
The severity of CVE-2020-3679 is medium with a severity value of 5.5.
Which software is affected by CVE-2020-3679?
The software affected by CVE-2020-3679 includes Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, and more.
How does CVE-2020-3679 impact the affected software?
CVE-2020-3679 allows part of the code to be still mapped at a known address, even after Address Space Layout Randomization (ASLR) is turned on for QTEE.
Is Qualcomm Bitra Firmware vulnerable to CVE-2020-3679?
Yes, Qualcomm Bitra Firmware is vulnerable to CVE-2020-3679.
- agent/type
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- vendor/qualcomm
- canonical/qualcomm bitra
- canonical/qualcomm bitra firmware
- canonical/qualcomm kamorta
- canonical/qualcomm kamorta firmware
- canonical/qualcomm nicobar
- canonical/qualcomm qcs404 firmware
- canonical/qualcomm qcs610 firmware
- canonical/qualcomm rennell firmware
- canonical/qualcomm sa6155
- canonical/qualcomm sa6155p
- canonical/qualcomm sa8155
- canonical/qualcomm sa8155p firmware
- canonical/qualcomm saipan firmware
- canonical/qualcomm sc7180p firmware
- canonical/qualcomm sc8180x firmware
- canonical/qualcomm sc8180x
- canonical/qualcomm sdx55m firmware
- canonical/qualcomm sdx55 firmware
- canonical/qualcomm sm6150p firmware
- canonical/qualcomm sm6150p
- canonical/qualcomm sm7150p firmware
- canonical/qualcomm sm7150 firmware
- canonical/qualcomm sm8150p firmware
- canonical/qualcomm sm8150 fusion
- canonical/qualcomm sm8250
- canonical/qualcomm sm8250 firmware
- canonical/qualcomm sxr2130p firmware
- canonical/qualcomm sxr2130 firmware