Vulnerabilities > CVE-2020-3701 - Use After Free vulnerability in Qualcomm Saipan Firmware, Sm8250 Firmware and Sxr2130 Firmware

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

qualcomm

CWE-416

NVD

Published: 2020-07-30

Updated: 2020-07-31

Summary

Use after free issue while processing error notification from camx driver due to not properly releasing the sequence data in Snapdragon Mobile in Saipan, SM8250, SXR2130

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Saipan Firmware - Qualcomm Sm8250 Firmware - Qualcomm Sxr2130 Firmware -	3
Hardware	Qualcomm Qualcomm Saipan - Qualcomm Sm8250 - Qualcomm Sxr2130 -	3

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

References

https://www.qualcomm.com/company/product-security/bulletins/july-2020-security-bulletin
https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin