Vulnerabilities > CVE-2020-3618 - Use After Free vulnerability in Qualcomm products

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

qualcomm

CWE-416

NVD

Published: 2020-06-02

Updated: 2020-06-02

Summary

NULL exception due to accessing bad pointer while posting events on RT FIFO in Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, QCA8081, SC8180X, SXR2130

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Qca8081 Firmware - Qualcomm Sc8180X Firmware - Qualcomm Ipq6018 Firmware - Qualcomm Ipq8074 Firmware - Qualcomm Sxr2130 Firmware -	5
Hardware	Qualcomm Qualcomm Qca8081 - Qualcomm Sc8180X - Qualcomm Ipq6018 - Qualcomm Ipq8074 - Qualcomm Sxr2130 -	5

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.qualcomm.com/company/product-security/bulletins/may-2020-bulletin