CVE-2020-3675

high-risk

Published 2020-09-08

u'Potential integer underflow while parsing Service Info and IPv6 link-local TLVs that comes as part of NDPE attribute' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ5018, IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCN7605, QCS404, QCS405, Rennell, SA415M, Saipan, SC7180, SC8180X, SDX55, SM6150, SM7150, SM8150, SM8250

Do I need to act?

0.37% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (19)

Ipq5018 Firmware

Ipq6018 Firmware

Ipq8074 Firmware

Kamorta Firmware

Nicobar Firmware

Qca6390 Firmware

Qcn7605 Firmware

Qcs404 Firmware

Qcs405 Firmware

Rennell Firmware

Sa415M Firmware

Saipan Firmware

Sc7180 Firmware

Sc8180X Firmware

Sdx55 Firmware

Sm6150 Firmware

Sm7150 Firmware

Sm8150 Firmware

Sm8250 Firmware

Affected Vendors

Qualcomm

References (2)

Broken Link https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 19/34 · Moderate