CVE-2020-3675 Information

Description

u’Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute’ in Snapdragon Auto Snapdragon Compute Snapdragon Connectivity Snapdragon Consumer Electronics Connectivity Snapdragon Industrial IOT Snapdragon Mobile Snapdragon Voice & Music Snapdragon Wired Infrastructure and Networking in IPQ5018 IPQ6018 IPQ8074 Kamorta Nicobar QCA6390 QCN7605 QCS404 QCS405 Rennell SA415M Saipan SC7180 SC8180X SDX55 SM6150 SM7150 SM8150 SM8250

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8