What is CVE-2020-3653?

CVE-2020-3653 is a critical-severity vulnerability in Qualcomm Msm8998, classified under Improper Input Validation. CVSS score: 9.1/10. Published 2020-04-16.

How severe is CVE-2020-3653?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Out-of-bounds Read in Qualcomm Msm8998

CVE-2020-3653

Possible buffer over-read in windows wlan driver function due to lack of check of length of variable received from userspace in Snapdragon Compute, Snapdragon Connectivity in MSM8998, QCA6390, SC7180, SC8180X, SDM850

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.009 (55.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H.

Affected products

Qualcomm Msm8998
Qualcomm Msm8998_firmware
Qualcomm Qca6390
Qualcomm Qca6390_firmware
Qualcomm Sc7180
Qualcomm Sc7180_firmware
Qualcomm Sc8180x
Qualcomm Sc8180x_firmware
Qualcomm Sdm850
Qualcomm Sdm850_firmware

Weakness classification (CWE)

CWE-20 — Improper Input Validation
CWE-125 — Out-of-bounds Read

References

product-security@qualcomm.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2020-3653?: CVE-2020-3653 is a critical-severity vulnerability in Qualcomm Msm8998, classified under Improper Input Validation. CVSS score: 9.1/10. Published 2020-04-16.
How severe is CVE-2020-3653?: Critical severity. CVSS v3 base score is 9.1 out of 10.