CVE-2020-3626 Information
Feb 14, 2021
cve
Description
Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto Snapdragon Compute Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon Mobile Snapdragon Wearables in APQ8053 APQ8096AU APQ8098 MSM8905 MSM8909W MSM8917 MSM8920 MSM8937 MSM8940 MSM8953 MSM8996AU MSM8998 Nicobar QCA6574AU QCS605 QM215 Rennell Saipan SDA660 SDM429 SDM429W SDM439 SDM450 SDM630 SDM632 SDM636 SDM660 SDM670 SDM710 SDM845 SM6150 SM7150 SM8150 SM8250 SXR1130 SXR2130
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Reference
https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin https://www.qualcomm.com/company/product-security/bulletins/june-2020-security-bulletin
Attack Complexity
LOW
Privileges Required
LOW
User Interaction Required
LOW
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
7.8
Share on: